Vendor “openness” drives better outcomes for the state of information security.  That’s why Cisco has invested and committed so heavily to our Cisco Security Technical Alliances (CSTA) program in recent years.  CSTA now has over 130 technology partners…a six-fold increase from where we started nearly four years ago.  It is a use-case driven technology partner program with certified platform-to-platform collaborations that better safeguard networks and data.  Today we are announcing several extensions and expansions to the CSTA partner program with McAfee, Algosec, cPacket, CSPi, Tufin and Verodin.

The Email Threat Vector and Cisco Email Security Interoperability with McAfee

Zero-day email threats are real, and so is the risk to today’s businesses. Spear phishing and ransomware threats via email are out of control, and as cyber criminals become more sophisticated in creating threats that evade typical defenses, it becomes an imperative for McAfee customers to enhance their threat detection with strong Email protections.

To see how bad guys use email for ransomware attacks, check out this video Ransomware, Anatomy of an Attack (it’s shocking to say the least).

With this in mind, we are proud to announce interoperability of Cisco Email Security with the McAfee® Advanced Threat Defense (ATD) solution.  This presents a great opportunity for McAfee customers to review their current email defense strategy, and investigate how deploying Cisco’s Email Security Appliance (ESA) with McAfee’s ATD can deliver better protections for this dangerous threat vector.  This gives our joint customers a closed-loop email security solution that quickly picks-off unsafe attachments before they get to the end-user.

Here’s how it works…Cisco ESA receives an email attachment that’s actually a zero-day threat. It notifies McAfee ATD that it’s sending the file over for inspection.  Then, McAfee ATD executes the file in its sandbox while also conducting a static code analysis to determine a severity level that it sends to Cisco ESA for appropriate action, such as sanitizing the file.  To see a video demo go here.  To see a ‘How to” installation guide go here.

This complements Cisco’s integration of Cisco Advanced Malware Protection (AMP) with the Cisco ESA, which provides network-wide advanced email-based malware detection and sandboxing, enabling a defense-in-depth solution for existing McAfee ATD customers.

According to a study published by Radicati Group, Inc, the number of worldwide email users will grow from over 3.7 billion in 2017 to over 4.1 billion by 2021.  With a significant amount of data exchanged through organizations’ email infrastructure—including critical financial reports, strategic customer and partner information and even employee performance and personal details.  No wonder that email is today’s #1 threat vector and will likely continue to be so in the future. Cisco Email Security provides McAfee customers the most advanced protection against ransomware, business email compromise, spoofing, and phishing. It uses Cisco Talos advanced threat intelligence and a multilayered approach to protect inbound messages and sensitive outbound data.  With a choice of physical appliance, virtual, cloud-based or hybrid deployment, Cisco Email Security helps customers to stay one step ahead of threats, keep inbox highly secure and protect vital business assets. This couples nicely with McAfee® ATD which enables organizations to detect advanced targeted attacks and convert threat information into immediate action and protection.

Posture Modeling, Forensics and Firewall Configuration Consistency – Keys to Prevention and Mitigation

Cisco is also pleased to announce some new and some newly enhanced integrations with Algosec, cPacket, CSPi, Tufin and Verodin.  Each of these partners provides a key piece in the threat prevention and mitigation puzzle; we are pleased to work with them in creating a complete threat defense picture.

Firewall Policy Management Integration with Algosec and Tufin
Algosec and Tufin are long-time firewall platform management partners. Later this summer, these partners will be updating their integration with Cisco Firepower Management Center by supporting the latest Firepower REST API with policy “read” and “write” capabilities. This enables management of Firepower firewall configuration from these 3rd party management tools, which simplifies management of diverse firewall deployment environments and achieve audit and compliance goals.

Packet Capture Integration with cPacket and CSPi for Detailed Security Forensics
It’s one thing to have security event data.  Most networks have plenty of that. Making it actionable is the key.  cPacket and CSPi leverage Firepower intrusion event data to automatically export and store PCAPs from their full packet capture and storage solution.  Full packet capture technology helps intrusion event analysts by extending visibility into the offending traffic beyond the PCAP collected by Firepower’s Snort based IDS/IPS engine.  Pivoting from specific intrusion events, users can view a vast time window of captured traffic in the partner’s console or download large PCAPs for analysis in a decoding tool of their choice. This helps incident response analysts move from “suspicion” about a security event to “conviction” about the appropriate response.

Get Ahead of Threats: Verodin Integration Across the Cisco Security Portfolio
Verodin’s goal is to measure, manage and improve cybersecurity effectiveness with quantifiable, evidence-based data. Verodin enables security teams to observe and adjust real responses to real attacks without ever putting production systems in danger.  With broad integration across the Cisco Security portfolio—including Firepower, Stealthwatch, Umbrella, and Advanced Malware Prevention for Endpoints—Verodin is helping our joint customers get ahead of threats.  By enabling security teams to see the impact of their modeled threats, as well as security analysts response (or lack thereof) to those threats, they ultimately drive better prevention via stronger network security posture.

Cisco welcomes all these new and expanding technology partners to our CSTA ecosystem.  Deploying these solutions together enables “openness” that solves customer security issues.  Cisco Security…“Simple, Open, Automated.”

For more detail visit:









Andrew Peters

Senior Manager for Product Marketing