Time is critical when facing an incoming attack. Security analysts and incident responders must quickly detect, investigate, understand, and react quickly to limit any potential damage. They sift through threat intelligence information from multiple sources and event logs from multiple devices to determine what’s happening and what to do about it, and then from that information derive an effective response strategy and implement that strategy across several security products. Much of this process today is manual, error-prone, and time-consuming.
That’s why we developed Cisco Visibility, an innovative platform that improves the efficiency and accuracy of your incident response operations. It brings together critical information from Cisco and third-party sources into a single, intuitive investigation and response console. Cisco Visibility offers combined threat intelligence, event log information, and relationship graphs to confirm an attack and to quickly and intuitively see what’s happening. It enables teams to work together on efficient and effective response actions.
How? Here’s one example: When I discuss Cisco Visibility, I often describe one of its many benefits as the resulting reduction in “copy-paste lag”. While this is somewhat tongue in cheek, it’s also entirely true. Bringing data together in one console reduces the significant amount of time analysts currently spend transporting information from one UI to another and gathering all the responses from all of them into a note taking application. What if something could gather all that info for them, and collect it into one spot? That’s exactly the use case for Visibility, and for the most recent Visibility feature, “Casebooks”.
Casebooks is an API and data structure hosted in Visibility that allows other applications to provide UI components for submitting observables directly to Visibility for immediate reputation lookups without ever leaving the host application’s interface. It allows you to gather observables in groups (aka cases). Additionally, it allows you to assign the case a name, take notes, and add other observables directly into the casebooks portion of that UI. And because it’s all hosted at Visibility, your case notes can follow you from product to product, eventually across the Cisco security portfolio.
This capability has been previously leveraged already by Threat Grid, and was recently released for AMP for Endpoints. Get ready to make use of the Casebooks feature in either, by having a deeper look at how it streamlines investigations and response in this video.
If you are a customer of AMP for Endpoints or Threat Grid, using the public North American or European clouds for either, you already have access to Visibility! Go to your product interface and follow the instructions there to sign up, configure your account, and start using this powerful, free tool today.
To see more of Cisco Visibility in action, check out this Cisco ThreatWise TV episode and ask your Cisco account team about it.
Another option to see Casebooks in action: on July 20th I am leading a Demo Friday session on Cisco Visibility. In this episode of our weekly demo series, I will be including casebooks in my demonstration of Visibility’s integration across several Cisco and third-party products and information sources. Attendees will see firsthand how this innovative integration platform can save you precious time before, during, and after an incident. We will walk through simple but common examples in threat hunting, response, and remediation.
Speaking of which, have you ever wanted a chance to see a live online demo of a Cisco Security Solution presented by a product expert? If so, our Demo Fridays is the program for you! In this weekly series, product managers and engineers from across the Cisco Security team lead you through real world use case scenarios that illustrate the ease and effectiveness of our portfolio.
Register for this and other Demo Friday sessions here: https://security-mktg.cisco.com/Demo-Friday.