At Cisco, we believe that effective security depends on top-of-the-line visibility. The rise of XDR has sparked more investment into the areas that comprise this emerging market category – Endpoint Detection & Response (EDR), and Network Detection & Response (NDR). Secure Cloud Analytics is an NDR market leader and continues to grow as customers demand better threat detection, more comprehensive public cloud visibility, and more integrated response tactics to address their critical alerts.
At our 2020 Partner Summit event, we announced a multitude of new offerings at Cisco, including some new features in Secure Cloud Analytics that support Cloud Security Posture Management (CSPM). CSPM supports the cloud-based or hybrid network as it works its way towards maturity in the cloud. It helps ensure that you can swiftly detect and respond to threats, keep your DevOps and SecOps teams aligned when it comes to your resource configuration, and remain compliant to internal policies and industry best practices.
We are excited to announce that today…the rich get richer, and I’m not talking about Tesla investors. I’m talking about richer visibility with the Secure Cloud Analytics event viewer.
What is the event viewer?
The event viewer is essentially the first phase of our CSPM release that was recently announced. It provides a look at all of your network traffic with the ability to filter through these connections with ease. This simplifies forensic analysis and grants customers the ability to analyze traffic for threat detection and compliance purposes in near real time. It includes connections both in the private network and public cloud. The new event viewer is now generally available to all Secure Cloud Analytics customers.
The event viewer, as a part of the CSPM launch, supports a broader effort to help our customers achieve a few critical outcomes:
- To seamlessly monitor and protect all of their public cloud resources
- To encourage better collaboration between SecOps and DevOps
- To maintain compliance and meet industry standards, internal policy and more.
To learn more about this launch and the above outcomes, please see our Cloud Security Posture Management At-a-Glance
How do I use the event viewer?
In this instance, you’ll notice that IP 10.2… communicated with IP 199.9… You can also gather context about the geographic location of the connected IP through the event viewer.
There is also an alert associated with this IP. At this point, you could take your investigation in a few different directions:
- You can learn more about this IP right here in the event viewer. A simple search for this IP would show who else the initiator is talking to, but you could also look for the connected IP to track any other devices that may have been exposed to this other source.
- You can also click on the alert associated with this connection. This actually brings us into a ‘Role Violation” alert. Alerts from Secure Cloud Analytics provide a list of supporting observations, a description of the alert and recommended next steps as you look to remediate. This alert tells you that a device’s behavior is acting out of its expected behavior. This indicates that the device could be compromised.
- You can take further action with SecureX. SecureX never leaves your Secure Cloud Analytics console, allowing you to copy the IP and add it to your casebook, look up in Umbrella or Talos, or carry into another solution like Cisco Defense Orchestrator to make your policy adjustments.
- Any findings or noteworthy traffic can be exported into a CSV to be shared across teams and your alerts can automatically be assigned through webhooks and other integrations.
This launch lays the foundation for the CSPM features that we announced at Partner Summit and will continue to grow over the coming months. Gain comprehensive visibility with a tool like Secure Cloud Analytics to help your business detect threats, ensure compliance, and respond to security incidents efficiently.
To learn more, check out our Demo Video or visit our webpage at