Introducing Cisco Cognitive Threat Analytics
“There is no silver bullet.” That’s one of our favorite sayings at Cisco Security. We use it to convey the point that malware prevention is not 100%. As new attack vectors emerge and the threat landscape evolves, some malware will get through – regardless of which security vendor you choose.
In fact, our recently released 2014 Annual Security Report found that “100 percent of business networks analyzed by Cisco have traffic going to websites that host malware.” Basically, everyone will be compromised to one degree or another.
There are two factors at play. First, as modern networks have expanded and extend beyond the traditional perimeter to include endpoints, mobile devices, virtual desktops, data centers, and the cloud, new attack vectors have emerged. Attackers don’t discriminate and will take advantage of any gap in protection to accomplish their mission.
Second, attackers are focused on understanding security technologies, how they work, where they are deployed, and how to exploit their weaknesses. For example, they outsmart point-in-time defenses – like sandbox technologies that only scan files once – by creating targeted, context-aware malware that can modify its behavior to evade detection and infiltrate the extended network where it is difficult to locate, let alone eradicate.
So what can you do about it? Well, at Cisco we advocate for continuous protection across the entire attack continuum – before, during, and after an attack. We believe security strategies that focus solely on perimeter-based defenses and preventive techniques will only leave attackers free to act as they please, once inside your network.
Introducing Cisco Cognitive Threat Analytics
With that in mind, we are pleased to announce Cisco Cognitive Threat Analytics, a cloud-based solution that reduces the time to discovery of threats operating inside the network. It addresses gaps in perimeter-based defenses by identifying the symptoms of a malware infection or data breach using behavioral analysis and anomaly detection.
Unlike traditional monitoring and incident response systems, Cisco Cognitive Threat Analytics is not dependent on manual rule sets, but instead relies on advanced statistical modeling and machine learning to independently identify new threats, learn from what it sees, and adapt over time.
You can take advantage of Cisco Cognitive Threat Analytics with a simple add-on license to any Cisco Cloud Web Security (CWS) solution.
Here are some of the key features of Cisco Cognitive Threat Analytics that will be available to Cisco CWS customers:
- Discovers threats on its own: Cisco Cognitive Threat Analytics is not dependent on rule sets. Once you turn it on, the system will immediately begin looking for threats and will independently identify suspicious behavior that requires attention. No human intervention is required to set it up.
- Focuses on symptoms of infection, not method of attack: Instead of focusing on the method of attack, it looks for anomalous behavior that resembles the symptoms of an infection, regardless of how it got in. Specifically, Cisco Cognitive Threat Analytics analyzes traffic coming in and out of the secure web gateway. It evaluates individual user behavior and broader group context to create a baseline of normal activity. When it spots behavior that is outside the norm or is otherwise suspicious, it will investigate and make a determination as to whether the behavior constitutes a threat. This feature can also be combined with File Retrospection from AMP, for retrospective alerting of malicious files inside your network.
- Fights threats with advanced algorithms and machine learning: Cisco Cognitive Threat Analytics uses advanced decision-making algorithms developed by a select group of scientists and engineers led by Martin Rehak and Michal Pechoucek (formerly Cognitive Security, which was acquired by Cisco in 2013). The algorithms analyze multiple parameters and live traffic data to identify threats. Machine learning capabilities based on ensemble classification, which enable the system to learn and adapt from what it sees for future protection.
The benefits for customers are clear:
- Reduced time to discovery – limits the damage of an infection or breach by actively and continuously monitoring for threats that have penetrated your defenses.
- Security that evolves with the changing threat landscape –
- Focuses on the symptoms of an infection, rather than the method of attack, to improve the ability to consistently and reliably spot new exploits.
- Not dependent on manual rule sets, it relies on advanced statistical modeling and machine learning to make more accurate determinations and to improve decision making over time.
- Adaptive capabilities allow it to respond to new threats as they emerge, in a way that manual rule sets can’t.
- Easy setup and maintenance – Removes the burden of setup and maintenance so that you can focus on investigating and preventing new incidents, increasing security while reducing costs.
- Visibility through the cloud –Provides greater visibility to web traffic outside of the traditional network perimeter, and a centralized enforcement point across roaming users, branch offices, and corporate headquarters.
So, while there is no silver bullet, Cisco keeps you protected by addressing the entire attack continuum – before, during, and after an attack. Cognitive Threat Analytics is a key part of that strategy, helping you to reduce the time to discovery of threats from weeks or months, to minutes or hours after an attack.
If you’re interested in learning more about Cognitive Threat Analytics, visit Cisco.com at www.cisco.com/go/cognitive
I also encourage you to set up an evaluation of Cisco CWS with Cognitive by talking with your local Cisco sales representative, channel partner, or systems engineer.