New Cisco Rapid Threat Containment Solution Detects and Automatically Contains Threats
Integration of Cisco FireSIGHT Management Center and Identity Services Engine (ISE) Now Available
As explained in our 2015 Cisco Midyear Security Report, attackers are using innovative tactics like exploit kits, ransomware, and advanced malware to evade detection. Organizations are using as many as 40 to 60+ disparate security solutions that typically don’t – and can’t – work together. These point solutions have limited impact against well-funded cybercriminals and typically generate vast numbers of alerts, many of which may not be relevant. On average, large organizations have to sift through nearly 17,000 alerts each week to find the 19 percent that are considered reliable, and security professionals only have time to investigate 4 percent of warnings.
It’s no wonder that, based on various reports, the current industry average for time to detection is 200 days. That’s far too long. The longer the threat goes undetected, the greater potential for damage. By the time a breach is discovered the damage has been done.
The new Cisco Rapid Threat Containment solution with Cisco FireSIGHT Management Center and Cisco ISE lets you get to the heart of what matters – providing deep network detection and automatic containment of critical threats so you can mitigate your security risk quickly and efficiently without overburdening your security team.
Rapid Threat Containment
The Cisco Rapid Threat Containment solution is an integration of Cisco ISE and its security ecosystem partners from a broad variety of technology areas to take network mitigation and investigation actions in response to security events. All of these systems use Cisco pxGrid, which acts as an IT clearinghouse for multiple security tools to communicate with each other in real time, automatically. So when the FireSIGHT Management Center detects a malicious file downloaded by a host inside the network, ISE knows about it immediately through pxGrid and will update the endpoint’s network access policy.
Improves Threat Visibility and Detection Effectiveness
IT security can detect new and stealthy threats throughout the network and receive the information required to make rapid and automated decisions. Cisco Firepower Management Center provides actionable intelligence through automated contextual analysis and threat qualification. Information is gathered from any combination of Cisco threat sensors including: Cisco ASA with FirePOWER Services, Cisco Next-Generation Intrusion Prevention System (NGIPS), and Cisco Advanced Malware Protection (AMP). These sensors are continuously updated with real-time threat intelligence to detect threats that may have previously eluded defenses.
Infected endpoints are quickly and automatically removed as threats. Based on the severity of the threat or Indicator of Compromise, FireSIGHT Management Center instructs Cisco ISE to contain the compromised endpoints. Cisco ISE contains infected endpoints by automatically pushing an enforcement instruction to a router, switch, firewall, or wireless controller. Enforcement options include: Cisco TrustSec software-defined segmentation, a Downloadable Access Control List (dACL), or a quarantine VLAN. These endpoints can then be remediated or completely blocked from accessing the network.
Operational overhead, malware-related costs, and capital expenses are minimized. Automated responses based on policies you set accelerate response so you can limit the need for IT security staff involvement while mitigating the damage and financial impact of an attack. Capital expenses are reduced by enabling you to use Cisco network devices you’ve already deployed for enforcement.