Avatar

IBM and Cisco Security continue to work together to deliver advanced integrations, resulting in improved network visibility and faster threat detection and response.

We recently released two new integrations with Cisco AMP for Endpoints (AMP4EP) for IBM QRadar Security Intelligence Platform and for IBM BigFix Endpoint Management Platform. In addition, integration with IBM Resilient Incident Response Platform is in quality assurance testing for general availability soon.

Collaborative Threat Defense

 

AMP for Endpoints and QRadar

The AMP for Endpoints integration with QRadar provides a consolidated view of security events across endpoints in a single dashboard eliminating the need to toggle between tools and monitoring of real-time endpoint threat detection.

AMP For Endpoints and QRadar

 

Security analysts can search, correlate and analyze AMP for Endpoints threat events within QRadar.

AMP For Endpoints Logs

Then quickly drill down into threats detected by AMP; including identifying the user who initiated the attack, which machine the threat originated and what file triggered the attack.

AMP For Endpoints Event Information

You can download the QRadar Device Support Module (DSM) here. In addition, a DSM configuration guide is available.

AMP for Endpoints and BigFix

The AMP for Endpoints integration with BigFix enables customers to deploy, manage, and upgrade AMP connectors quickly in one unified solution; for deeper visibility and control of endpoints.

BigFix Console

Security and infrastructure teams can track and upgrade AMP for Endpoints across the environment and multiple operating systems (OS) and perform service related tasks such as reboot computers, start and stop services, enable debug logging, cache clearing and creating support packages.

The app includes graphic-rich reporting displaying overviews of the environment; where the AMP for Endpoints connectors are installed and different connector versions, across OS types.

BigFix Web Reports

This app is now available on the IBM Security App Exchange. Also, we hosted a Cisco Security Demo Friday webinar, showing the integration in action. You can view the recording here.

In addition, Michael Auger released several basic AMP for Endpoints scripts, created during the development of the app. They are now part of the Cisco Security open source community on GitHub.

AMP for Endpoints and Resilient

The AMP for Endpoints integration with IBM Resilient combines enrichment and containment in one consolidated tool; providing the actionable insights needed to accelerate threat detection and incident response.

Resilient and AMP For Endpoints

Analysts within Resilient can investigate AMP for Endpoints events for possible malicious activities. Security teams can then automatically pull findings into an incident, rapidly drill down on a threat detected for further analysis and quickly quarantine any malware detected.

Resilient and AMP For Endpoints DDoS

 

The app is expected soon on the IBM Security App Exchange.

The combined power of IBM and Cisco Security boosts network visibility, delivers actionable insight and speeds incident response. Check out this blog by IBM on how we will continue to work better together, though Collaborative Threat Defense with Cisco Security and IBM Security.

 

For additional questions or for opportunities and connections, email us:

  • cisco-ibm-security@cisco.com
  • cisco-ibm-security@us.ibm.com

 


Any statements regarding product plans are subject to change or withdrawal without notice.

 



Authors

Jessica Bair

Director, Cisco Secure Strategic Alliances

Advanced Threat Solutions