Expanding the Cisco Security Technology Ecosystem

Today we are delighted to announce that the Cisco Security Technology Alliance (CSTA) is adding 26 technology integrations to expand its partner ecosystem to over 140 partners representing 225+ product platform integrations. Some of these integrations are with net-new partners while others are with existing partners that have integrated with yet more Cisco Security products. The rationale for this continued growth in the CSTA ecosystem is simple – there is a need for collaborative security.

Customers have a choice of various point products in the evolving security market. These disparate systems, however, can result in reduced security effectiveness – reduced time to respond to security threats, increased risk and exposure. By integrating siloed security technologies into the broader Cisco Security architecture, security practitioners can achieve faster and more accurate threat identification as well as rapid response to security threats. CSTA provides an environment for security vendors to integrate with various Cisco APIs & SDKs like Firepower eStreamer, pxGrid, REST etc. across the Cisco Security portfolio to the benefit of our mutual customer security deployments.

Enterprise security is comprised of interdependent systems; no one product can achieve absolute security.  By that same token no security solution exists in isolation. The more point security products interconnect with each other, share threat context, participate in an incident response framework, the less the risk of data breaches and security incidents. CSTA is an ecosystem where vendors integrate across a gamut of technologies – perimeter defense, intrusion prevention, advanced threat, sandboxing, cloud security and network policy, making it one of the largest security ecosystems out there. But the end goal isn’t size…it is increased security and decreased risk for our mutual customers.  This is what makes CSTA a truly collaborative ecosystem.

What’s New:

Bringing 3rd Party Threat Intelligence into Cisco Next-Gen Firewall

By ingesting threat intelligence from 3rd party threat feeds, Cisco Threat Intelligence Director (CTID) capabilities in the Cisco Firepower Next-Gen Firewall correlate threat intelligence with events in the Firepower Management Console, thereby simplifying threat investigation. CTID has 6 new integrations with AlienVault, EclecticIQ, Infoblox, NC4, ThreatConnect and ThreatQuotient.

Multi-Vendor Threat Event and Platform Management for Cisco Next-Gen Firewall

Cisco Firepower has new partner integrations to its highly-enriched threat event API, eStreamer. Exabeam, LogZilla, Qmulos and Verodin now utilize Firepower next-gen firewall and threat context to complement their native threat analysis capabilities. Furthermore, Cisco firewall customers can now use Firewall Platform Management solutions from Tufin, Algosec and Firemon for policy and configuration management with integrations built using the new Firepower REST API.

New Cisco pxGrid and Cisco ISE Technology Partners

Five new partners—CloudPost Networks, DB Networks, Securonix, TriagingX and WireX Systems are adopting pxGrid to gain network contextual awareness and network threat response capabilities with Rapid Threat Containment. Other partners joining the ISE Ecosystem include EMM/MDM vendor Moysle and ISE Guest integration partner Envoy. Also ALEF NULA has integrated their set of 802.1X productivity tools with ISE to simplify secure network access deployments.

Sharing Cisco Threat Grid Threat Intelligence

New partners BluVector and WireX Systems that have adopted the Cisco Threat Grid API to obtain powerful intelligence on malware and have joined the Threat Grid ecosystem.  This integration ecosystem simplifies threat investigation for our joint customers by incorporating Threat Grid threat intelligence directly into our partners’ platforms.

More Technology Partners Under the (Cisco) Umbrella

The Cisco Umbrella & Investigate ecosystem also expands with the inclusion of partners like Digital Shadows, Exabeam, and LogRhythm. These integrations not only help organizations manage, prioritize, and mitigate IOCs, but they also provide mechanisms to automate several threat lifecycle workflows, effectively improving both mean time to detect and response to threats, as well overall SOC efficacy.

New Splunk Apps and McAfee pxGrid/DXL Integrations Now Shipping

Previously announced Cisco Firepower eNcore App for Splunk and Cisco AMP for Endpoints Apps for Splunk are both now shipping. Also, our joint announcement with McAfee to create the security industry’s most impactful integration ecosystem is now shipping as well.

Perhaps we should do these announcements more often, because there is a lot to absorb here.  But we like to shine the light on our new partners because multi-vendor integration and openness is key to successful and effective security deployment.

For even more details, read through the individual partner highlights below.

Happy integrating!

More details about our new partners and their integrations:

[1] New Cisco Threat Intelligence Director (CTID) Integrations

AlienVault’s Open Threat Exchange (OTX) is a free and open exchange of cyber threat information with a large community of security professionals and malware researchers from all across the world, sharing millions of threat artifacts. CTID customers can now receive monitoring and actionable insights that leverage the full scope of OTX threat intelligence to help make sense of what attacks are impacting their systems. With OTX and CTID, security teams can respond quickly and with confidence.

EclecticIQ Platform is a Threat Intelligence Platform (TIP) that empowers threat analysts to perform faster, better, and deeper investigations while disseminating intelligence at machine-speed. The EclecticIQ Platform can be connected to CTID so Cisco customers can operationalize the intelligence and improving security effectiveness.

Infoblox Threat Intelligence Data Exchange (TIDE), part of ActivetTrust, is a threat intelligence aggregation platform that can distribute curated Infoblox and 3rd party threat for consumption on Cisco security platforms via the CTID. This integration enables Firepower customers to maximize the value of Infoblox’s high quality, actionable threat intelligence.

NC4’s Cyber Defense Network™ for Financial Service (CDN/FS) solution takes a series of steps to improve the effectiveness, efficiency and timeliness of cyber defense for both the financial services industry and its members. The CDN/FS solution is tightly integrated with FMC and CTID and enables defensive actions to block access to malicious sites and content.

ThreatConnect arms organizations with a powerful defense against cyber threats and the confidence to make strategic business decisions. Built on an intelligence-driven, extensible security platform, ThreatConnect provides threat intelligence aggregation, and analysis and automation for security teams at any maturity level and can share threat intelligence with CTID.

ThreatQuotient delivers an open and extensible threat intelligence platform (TIP) ThreatQ to provide defenders the context, customization and collaboration needed for increased security effectiveness and efficient threat operations and management. The ThreatQ platform integrates with CTID allowing for the operationalization of a wide range actionable information.

[2] New Cisco Firepower Integrations

AlgoSec automates and orchestrates network security policy management on premise and in the cloud.  Cisco customers can deliver business applications quickly and easily while ensuring security and compliance. Algosec Firewall Analyzer (AFA) collects and audits policy and configuration information from Cisco ASA and Firepower firewalls, switches and routers.

Exabeam is a UEBA platform that helps detect and respond to insider threats by quickly analyzing the behavior of every user on the network for unusual activity that increases business risk. With built-in collectors from systems including badge readers, USB drives, print servers, email, etc., Exabeam can collect and apply machine learning to insider threat activity. Exabeam now integrates with Cisco Firepower.

FireMon solutions deliver continuous visibility into and control over network security infrastructure, policies, and risk.  FireMon Security Manager is a policy and risk management solution that can collect policy and configuration information from Cisco Firepower and ASA.

LogZilla provides real-time network insight with its network operations platform. LogZilla collects data through its custom plug-in leveraging the new Firepower eNcore estreamer client supporting the entire API’s schema. The plug-in streams fully qualified event data with all available context directly to LogZilla

Qmulos leverages Splunk to capture security-relevant data on a continuous basis in IT GRC ConMon environments.  Qmulos now offers Splunk technical add-ons (TAs) that enrich Cisco Firepower event data, providing compliance IA controls. Customers benefit from improved security, risk, and compliance visibility, and a significant reduction is compliance resources when compared to legacy methods of doing IT Compliance with IT GRC tools that lack scale.

Tufin provides Security Policy Orchestration solutions to streamline the management of security policies across complex, heterogeneous environments that include Cisco ASA and Firepower. Tufin automatically designs, provisions, analyzes and audits network security configuration changes – from the application layer down to the network layer – accurately and securely.

Verodin is a Security Instrumentation Platform (SIP) that allows Cisco customers to continuously challenge and improve Cisco security products by safely executing multi-staged attack behaviors without the risk of impacting production systems.  Customers learn how people, processes, and technology will perform under fire. Verodin tests Cisco Firepower to optimize policy and prove effectiveness.  Verodin additionally tests AMP with real malware and Umbrella’s DNS blocking.

[3] New Cisco pxGrid & ISE Integrations

CloudPost protects business-critical IoT devices and systems. The CloudPost platform ties device identity with behavioral analytics so organizations using pxGrid and ISE can accelerate segmentation projects by automating device grouping, trusted peer and flow identification, and device-specific policy generation.

The DB Networks platform provides detailed continuous assessment of database infrastructure non-intrusively and in real-time. By analyzing database accesses that deviate from the model of normal application behavior, database attacks and insider threats are immediately identified and Cisco ISE is alerted to take Rapid threat containment action via pxGrid.

Securonix SNYPR is a next-generation security analytics platform that transforms big data into actionable security intelligence. Built on a Hadoop big data security lake, SNYPR combines an open data model, log management, SIEM, UEBA and fraud detection. SYNPR integrates with Cisco ISE via pxGrid to obtain network context and take Rapid Threat Containment action.

TriagingX’s TXEcosystem protects endpoint systems and datacenter servers against zero-day attacks without requiring patches. TXHunter automatically launches an investigation on endpoint system and datacenter server for security breach incidence and can take a Rapid Threat Containment action via Cisco pxGrid.

WireX provides context into security alerts, delivering months of in-depth visibility. The integration of WireX Systems Incident Response Platform with Cisco pxGrid and Cisco Threat Grid, stream lines incident response processes and enables security teams to reduce response and remediation times.

Mosyle Manager is an MDM designed exclusively for the K-12 segment customers. Mosyle Manager is integrated to Cisco Identity Services Engine (ISE) to show all device details to schools’ technology leaders so they can better manage and control all the network policies based on device information.

Envoy Visitor platform modernizes guest sign-in, letting one collect guest information, capture their photos and have them sign legal documents. Envoy Visitors works with Cisco ISE to easily provide Wi-Fi network access to visitors and employees. It securely provisions network access with context-aware policies.

ALEF NULA develops 802.1X productivity utilities which are now integrated with Cisco ISE.  AleFIT MAB Keeper allows the management of certain authentication settings without needing access to the configuration GUI of ISE. AleFIT Office Locator provides 802.1X authentication status details which helps in troubleshooting.

[4] New Cisco AMP Threat Grid Integrations

BluVector has integrated its machine learning based network intrusion detection with Cisco Threat Grid to provide detailed threat intelligence about sophisticated cyber attacks and enable analysts to defend and respond to those detections.

WireX provides context into security alerts, delivering months of in-depth visibility. The integration of WireX Systems Incident Response Platform with Cisco pxGrid and Cisco Threat Grid, stream lines incident response processes and enables security teams to reduce response and remediation times.

[5] New Cisco Umbrella & Investigate Integrations

Digital Shadows Searchlight has integrated with Cisco Umbrella its ability to provide outside the perimeter context related to phishing attacks in order for organizations to take action and prevent employee damage and exfiltration of sensitive data.

Exabeam Incident Responder automates security investigations through the Umbrella Investigate API. Customers can automate phishing attack response and suspected phishing email review, therefore reducing the manual effort of Security Responders. To further automate the sharing of intelligence, Incident Responder can push additional unwanted domain information into Cisco Umbrella via the Enforcement API and block access to specific domains.

LogRhythm’s Threat Lifecycle Management Platform integrates with Umbrella. Umbrella Investigate sends threat intelligence about domains, IPs, and file hashes to LogRhythm’s AI Engine, providing additional context to prioritize alarms. Closing the loop, malicious domains and IP addresses found by LogRhythm can be added to Umbrella to be automatically enforced globally.


Scott Pope

Director, Product Management & Business Development

Security Technical Alliances Ecosystem