The entire case for Multi-Vendor Safety Integrations

Similar to the myriad expanding galaxies observed in the latest pictures from the James Webb room telescope, the cybersecurity scenery includes a growing amount of security technologies vendors, nowadays each with the purpose of addressing the continually evolving threats faced by clients. To become effective, cybersecurity tools need to be collaborative-end up being it posting relevant threat intelligence, gadget & user insights, functioning on remediation and detection workflows, and more.

We from Cisco Secure possess embraced this concept for some time now with this continually developing ecosystem of multi-vendor technologies integrations. This season at the RSA Conference 2022 earlier, Jeetu Patel, Cisco’s Executive Vice Common and President Manager of Safety and Collaboration, spoke of the way the ‘cybersecurity poverty range’ is usually widening and how malicious actors are usually benefiting from this gaping hole to unleash persistent attacks. It really is imperative that cybersecurity vendors connect to and collaborate with one another to lessen this gap. To get this done, protection vendors must adopt open up ecosystems of APIs to simply integrate with one another to provide effective methods for mutual clients to defend and respond to cybersecurity attacks.

Like in prior yrs, year 2022 saw us all growing to add new ecosystem companions and integrations this fiscal. With 22 new companions and 51 brand-new integrations inside our ecosystem, Cisco Secure Complex Alliance (CSTA) now boasts over 450 integrations, including specialized integrations with Cisco Duo and Cisco Kenna . This enables our mutual clients the freedom to carry out the cybersecurity equipment of these choice with the data that these equipment can integrate with one another should they have to, thus realizing an improved return on investment within their cybersecurity spending and enhancing cybersecurity posture.

In this annual round-up of our ecosystem, we congratulate our new companions in CSTA and present partners as well, who’ve created new integrations throughout our portfolio or augmented existing ones either. For additional information on each companion integration in this announcement, please go through the average person partner highlights below.

Happy integrating!

 <hr />     

 <h2>     New Cisco Protected Endpoint Integrations     </h2>     

 <h3>          <strong>     AT&amp;T Cybersecurity     </strong>          </h3>     

 <h3>          <img class="size-full wp-image-413596 alignright" src="https://storage.googleapis.com/blogs-images/ciscoblogs/1/2022/08/Picture1-2.png" alt="Logo for AT&amp;T Cybersecurity" width="186" height="40" />          </h3>     

The AlienApp for Cisco Secure Endpoint allows you to automate threat detection and response activities between USM Anywhere and Cisco Secure Endpoint. In addition, it enhances the threat reaction capabilities of USM Anyplace by giving orchestration and response activities to isolate or un-isolate hosts predicated on risks determined in USM Anywhere. Furthermore, you are allowed because of it to get hourly events from Cisco Secure Endpoint through the USM Anyplace Job Scheduler. Read even more right here .

 <h3>          <strong>     AttackIQ     </strong>          </h3>     

 <img loading="lazy" class=" wp-image-413601 alignright" src="https://storage.googleapis.com/blogs-images/ciscoblogs/1/2022/08/attackiq_logo.png" alt="AttackIQ Logo" width="202" height="20" />     AttackIQ automates the evaluation of Cisco Safe Endpoint contrary to the tactic categories as reported by MITRE ATT&amp;CK™. The AttackIQ and Cisco partnership and specialized integration allows organizations to validate that the Cisco Protected Endpoint is deployed properly and configured optimally, making sure protection for the endpoints contrary to the latest threats. Read even more      <a href="https://attackiq.com/">     right here     </a>     .

 <h3>          <strong>     Certego     </strong>          </h3>     

 <img loading="lazy" class="size-full wp-image-413602 alignright" src="https://storage.googleapis.com/blogs-images/ciscoblogs/1/2022/08/certego_logo.png" alt="Certego logo" width="176" height="50" />     With Certego Tactical Reaction for Cisco Safe Endpoint, monitored endpoints are usually monitored by the Certego PanOptikon SOAR system. When Certego IRT detects malicious routines on a specific web host in the customer’s system, it could isolate compromised hosts to block the strike, even without requiring an individual to gain access to the Cisco Protected Endpoint Console. Read even more concerning the Certego      <a href="https://certego.net/en/">     right here     </a>     .

 <h3>          <strong>     ServiceNow     </strong>          </h3>     

 <img loading="lazy" class=" wp-image-413605 alignright" src="https://storage.googleapis.com/blogs-images/ciscoblogs/1/2022/08/servicenow_logo.png" alt="ServiceNow logo" width="199" height="33" />     Cisco Safe Endpoint is now qualified for the ServiceNow ITSM NORTH PARK release. The Cisco Protected Endpoint App on ServiceNow offers users having the ability to integrate event information from the Cisco Safe Endpoint into ServiceNow by generating ITSM incidents. The app automates the assortment of events from Cisco Secure groups and Endpoint them into single incidents. Read even more      <a href="https://store.servicenow.com/sn_appstore_store.do#!/store/application/8fcbea88dbbf3b00fb7aabc5ca96190e/1.0.2">     right here     </a>     .

 <h2>     New Cisco Protection Connector for iOS Integrations     </h2>     

 <h3>          <strong>     FAMOC     </strong>          </h3>     

FAMOC manage from Techstep, a Gartner-recognized MMS service provider, is an MDM made to give IT a whole view and absolute handle over mobile devices utilized by the workforce, in order that people may securely work better and. With the Cisco Safety Connector for iOS integration, FAMOC MDM extends its business mobility management having an extra layer of system traffic and security evaluation tool, giving IT admins instruments to create actionable design and choices access control policies. Read even more right here .

 <h2>     New Cisco Cloud Protection Integrations     </h2>     

 <h3>          <strong>     Elastic Safety     </strong>          </h3>     

Elastic Protection supports event ingestion from Cisco Umbrella now, providing visibility into consumer activity and attempts to gain access to malicious domains potentially. This new integration facilitates Umbrella proxy, cloud firewall, IP, and DNS logs. This integration enables safety analysts to identify threats and visualize Cisco Umbrella information, and correlate Umbrella events with other data resources including endpoint also, cloud, and system. This integration expands on Elastic’s on-heading expansion of Cisco integrations which includes ASA, Nexus, Meraki, Safe and duo Firewall Threat Protection. Read even more right here .

 <h3>          <strong>     Fortinet     </strong>          </h3>     

FortiSIEM brings visibility together, correlation, automated reaction, and remediation in one, scalable solution. It decreases the complexity of handling security and network functions to effectively free assets, enhance breach detection, and prevent breaches even. Read even more right here .

 <h3>          <strong>     Hunters     </strong>          </h3>     

Hunters ingests Cisco Umbrella log and alert details into our SOC System; the Platform after that correlates that information challenging other (vendor agnostic) consumer protection telemetry, including EDR, Cloud/Network and identification log data, in the customer’s infrastructure to synthesize and identify incidents with an increased fidelity than any one tool only can produce. Read even more right here .

 <h3>          <strong>     LearnSafe     </strong>          </h3>     

LearnSafe equips college leaders (K-12) with evidence-based information to raised understand which students are exhibiting behavioral problems and looking for help predicated on what they’re using, saying, and doing in the school-owned computer. With Cisco Umbrella, LearnSafe administrators have the ability to block usage of domains their students ought never to be accessing. Read even more right here .

 <h3>          <strong>     Microsoft     </strong>          </h3>     

The Cisco Umbrella solution for Microsoft Azure Sentinel is live now!  This integration allows your visitors to ingest Cisco Umbrella events kept in Amazon S3 into Microsoft Sentinel utilizing the Amazon S3 REST API.  Read even more right here .

 <h3>          <strong>     Sumo Logic     </strong>          </h3>     

Sumo Logic’s cloud-native collector works with automatic ingestion of logs from Cisco Umbrella’s hosted AWS S3 buckets. Information collected from Umbrella could be routed to Sumo’s Cloud SIEM after that, where it is instantly normalized and put on our rule’s motor then. Several built-in guidelines for Umbrella have already been developed that, when triggered, will create security indicators in the system. These along with other security indicators are then clustered jointly based on associated entities (IP, e-mail, domain title, URL, etc.) to generate insights for evaluation by the SOC. Study more right here .

 <h2>     New Cisco Firepower Next-Gen Firewall Integrations     </h2>     

 <h3>          <strong>     Alkira     </strong>          </h3>     

The Secure Firewall team and Alkira have validated Secure Firewall (Virtual) Edition 7.1 to perform on Alkira’s cloud system as-a-service (CNaaS) system. The answer offers on-requirement hybrid and multi-cloud connectivity, integrated network and safety services, end-to-end visibility, governance and controls. Read even more right here .

 <h3>          <strong>     Cyware     </strong>          </h3>     

The Secure Firewall team has validated Cyware’s STIX 1.2 threat intelligence feed for interoperability with Secure Firewall’s Threat Intelligence Director. Customers can easily operationalize the inbound information to protect the system from the most recent threats. Read even more right here .

 <h3>          <strong>     Dragos     </strong>          </h3>     

Dragos protects critical infrastructure and contains joined the CSTA system. Dragos inventories resources, determines risk and vulnerabilities and generates firewall plan objects that administrators can connect with their Cisco Protected Firewall deployment through its Relaxation API. Read even more right here .

 <h3>          <strong>     Equinix     </strong>          </h3>     

The Secure Firewall team and Equinix have validated Secure Firewall (Virtual) to perform on Equinix’s Network Advantage as something platform. Equinix Fabric enables you to connect digital providers and infrastructure on need via secure, software-defined interconnection (Ecosystem). Go through more right here .

 <h3>          <strong>     Fastvue     </strong>          </h3>     

Fastvue has joined the CSTA plan. The Fastvue Site Clear motor intelligently interprets Cisco Safe Firewall log data in order that non-technical employees is able to see what people are in fact doing online. The info use to help keep companies compliant with college and workplace policies. Read even more right here .

 <h2>     New Cisco ISE Ecosystem Integrations     </h2>     

 <h3>          <strong>     Alef Nula     </strong>          </h3>     

Alef Nula is rolling out a fresh integration with ISE. The Alef Nula Identification Bridge consumes identity up-dates released by pxGrid and acts them to ASA firewalls utilizing the CDA/Radius process. Using pxGrid v2.0, it replaces unsupported Cisco CDA and allows ASA firewalls to turn out to be an identity customer of ISE context. It could browse the full identity data source and can update authorized ASA firewalls completely Download mode. Read even more right here .

 <h3>          <strong>     Forescout     </strong>          </h3>     

Forescout’s pxGrid Plugin integrates with present Cisco ISE deployments to enable you to reap the benefits of Forescout visibility and evaluation for policy choices, while continuing to utilize ISE being an enforcement stage. The pxGrid Plugin allows Forescout platform plans to detect ISE-related attributes on endpoints, also to apply Cisco ISE ANC guidelines, including plans that assign Security Groupings to devices. Read even more right here .

 <h3>          <strong>     Fortinet     </strong>          </h3>     

FortiManager provides automation-driven centralized administration of Fortinet gadgets from the single console, enabling complete visibility and administration of one’s network devices via streamlined provisioning and revolutionary automation tools. FortiManager dynamically collects improvements from Cisco ISE with pxGrid and forwards them to FortiGate utilizing the Fortinet Single TO REMAIN (FSSO) protocol. This permits the usage of session information gathered by Cisco ISE to become leveraged in FortiOS protection policies. Read even more right here .

 <h3>          <strong>     Radiflow     </strong>          </h3>     

Radiflow provides OT ICS plan development and enforcement with the Radiflow iSID IDS. They completed a fresh integration with ISE leveraging pxGrid recently. With this particular integration Cisco ISE receives enriched information of OT products from Radiflow iSID and can process it based on the profiles and guidelines which were configured. Enriching ISE with OT particular insights obtainable with iSID’s DPI motor enables better decision producing within ISE by giving extra context to categorize gadgets by their type/functionality within the OT atmosphere. Read even more right here .

 <h3>          <strong>     XTENDISE     </strong>          </h3>     

XTENDISE is really a simple web app linked to Cisco ISE. It really is created for administrators, helpdesk, operators or anyone who must use ISE and assists them with everyday activities tasks linked to 802.1X with no need to train them inside Cisco ISE. XTENDISE saves administrators’ time, prevents increases and errors network safety. Read even more right here .

 <h2>     New Protected Malware Analytics (Threat Grid) Integrations     </h2>     

 <h3>          <strong>     Splunk     </strong>          </h3>     

The Cisco Secure Malware Analytics Add-On for Splunk leverages the Threat Grid API to enrich events within Splunk. The add-on is updated for Splunk 8 and can be acquired on Splunkbase now. Read even more right here .

 <h2>     New SecureX Threat Reaction Integrations     </h2>     

 <h3>          <strong>     Censys     </strong>          </h3>     

Censys comes with an integration with SecureX threat reaction now, which returns Sightings of IP and IPv6 Observables (IOCs) within an investigation. Read even more concerning the Censys relay module right here .

 <h3>          <strong>     Exabeam     </strong>          </h3>     

The brand new Exabeam integration empowers users to research an observable and figure out if it is within a log message stored in Exabeam Fusion SIEM Data Lake. It offers users with enough time and day the observable was observed in the log, the forwarder that delivered the log, and the raw log messages. Once you pivot into lookup and Exabeam for an observable in every the log messages, the total outcomes of the search are shown in the Exabeam UI. You’re allowed by this integration to query IPv4, IPv6, SHA-1, SHA-256, MD5, domain, URL, document path, email and consumer data types also it returns sightings of a good observable from each log information. Read even more right here .

 <h3>          <strong>     LogRythm     </strong>          </h3>     

The LogRhythm integration empowers users to research an observable and figure out if it’s contained in a meeting stored in LogRhythm. It offers users with the time and period the observable was observed in the function and the raw occasion data. This integration enables you to query IPv4 and IPv6 data types also it returns sightings of an observable from each occasion. Read even more right here .

 <h3>          <strong>     NetWitness     </strong>          </h3>     

A proof-of-concept integration with RSA NetWitness SIEM was built for the RSAC Black and SOC Hat NOCs. The SecureX Concrete Relay execution making use of NetWitness as a third-celebration Cyber Threat Intelligence company. The Relay itself is a simple application written in Python which can be very easily deployed and packaged. Read even more right here .

 <h3>          <strong>     ServiceNow     </strong>          </h3>     

Cisco SecureX threat reaction integration with SecOps is certified for the ServiceNow NORTH PARK release now. The module enables ServiceNow SecOps to leverage the Verdicts, Refer and Reaction capabilities supplied by SecureX threat reaction to assist the protection analyst within their investigation workflow. Read even more right here .

 <h3>          <strong>     Sumo Logic     </strong>          </h3>     

The Sumo Logic Cloud SIEM integration provides security analysts with enhanced visibility over the enterprise to thoroughly understand the impact and context of an attack. Streamlined workflows triage alerts to increase safety analyst efficiency and focus automatically. This integration signifies to customers that the observable within an investigation is within an insight and/or transmission within Sumo Logic Cloud SIEM. You’re allowed because of it to query IPv4, IPv6, SHA-1, SHA-256, MD5, domain, and URL data types. In addition, it returns indicators and sightings of an observable from each insight and transmission retrieved from Sumo Logic Cloud SIEM. Read even more right here.

 <h2>     New SecureX Orchestration Integrations     </h2>     

 <h3>          <strong>     APIVoid     </strong>          </h3>     

APIVoid provides JSON APIs ideal for cyber threat evaluation, threat recognition and threat prevention. The next APIVoid atomic activities for SecureX Orchestration Workflows are actually available: Obtain Domain Reputation, Obtain IP Status, Get URL Popularity, Get URL Position . Accessibility the workflows here .

 <h3>          <strong>     Censys     </strong>          </h3>     

Censys is really a ongoing company which allows users to find the devices, systems, and infrastructure on the net and keep track of how it changes as time passes. SecureX orchestration atomic activities for Censys is currently available and contains: Basic Research . Gain access to the workflows here .

 <h3>          <strong>     Cohesity     </strong>          </h3>     

This integration reduces enough time and resources enterprises spend to detect radically, investigate, and remediate ransomware threats to data. It empowers SecOps, ITOps and NetOps with visibility and automation to collaborate in countering ransomware – whether or not data resides on-premises or in the cloud – providing enterprise-broad confidence in deterring, detecting, and dealing with cyberattacks fast. Cohesity’s next-gen data administration enhances Cisco SecureX with the addition of context and visibility to information, complementing Cisco’s existing features for systems, endpoints, clouds, and apps. Read even more right here .

 <h3>          <strong>     Farsight Safety     </strong>          </h3>     

SecureX orchestration atomic actions for workflows are for sale to Farsight Protection DNSDB now. They include various stuff like DKIM crucial inspections, DNS Resource Information and more . Entry the workflows here .

 <h3>          <strong>     Fortinet     </strong>          </h3>     

SecureX orchestration workflows for Fortinet FortiGate are actually accessible: Block URL, Domain and ip Threat Containment . Accessibility the workflows here .

 <h3>          <strong>     Jamf Professional     </strong>          </h3>     

SecureX orchestration workflows for Jamf Professional include: Lock Computer, Lock Mobile Gadget . Gain access to the workflows here .

 <h3>          <strong>     Palo Alto Systems     </strong>          </h3>     

SecureX orchestration workflows for Palo Alto Systems Panorama are now offered: Block URL, IP, Domain Threat Containment . Entry the workflows here .

 <h3>          <strong>     ServiceNow     </strong>          </h3>     

A fresh Orchestration action provides top MacOS IR Indicators to ServiceNow This workflow runs several Orbital queries on the endpoint provided to consider top incident response indicators of compromise. The outcomes are then published to a ServiceNow incident. Backed observables: ip, mac_tackle, amp_pc_guid, hostname . Entry the workflow here .

 <h3>          <strong>     Shodan     </strong>          </h3>     

Shodan is really a database of vast amounts of publicly available IP addresses, and it’s utilized by security experts to investigate network protection. SecureX orchestration atomic activities for Shodan consist of: Basic Research. Accessibility the workflows here .

 <h2>     New SecureX Gadget Insights Integrations     </h2>     

Earlier this season we announced SecureX Gadget Insights which gives comprehensive endpoint stock in one unified view. Endpoint looking and reporting enables you to assess device safety configuration on employee-owned, contractor-owned, company possessed, and IoT/OT devices-without risking company disruption. With Gadget Insights you can

 <li>     Get a holistic see of one's device data to assist you simplify and automate protection investigations.     </li>     
 <li>     Identify gaps in charge coverage, build custom guidelines, and create playbook powered automation options     </li>     

Device insights helps the next third-party sources inside its initial launch: Jamf Professional , Microsoft Intune , Ivanti MobileIron and VMware Workspace ONE (formerly AirWatch).

 <h2>     New Cisco Secure Gain access to by Duo Integrations     </h2>     

 <h3>          <strong>     Bitglass     </strong>          </h3>     

Bitglass’ Next-Gen CASB provides information protection, threat protection, entry management, and visibility, whilst Duo offers identification verification options such as SSO and MFA. The Duo and Bitglass integration give a synergistic answer that funnels visitors through Duo’s SSO and verifies customers via its MFA therefore Bitglass can deliver real-time data loss avoidance and granular adaptive accessibility control. Due to Bitglass’ agentless architecture, the joint solution can safe any app, any gadget, anywhere. Read more concerning the integration right here . A joint solution brief can be available right here .

 <h3>          <strong>     Cmd     </strong>          </h3>     

Cmd helps businesses authenticate and manage consumer security in Linux manufacturing environments without slowing teams – you don’t have to individually configure identities and products. Cmd integrates with Duo to place 2FA checkpoints into Linux-based information centers and cloud infrastructure. The mix of Cmd and Duo allows development teams to perform at the modern, agile pace they’re accustomed to without the security-induced slowdowns. Read even more right here .

 <h3>          <strong>     Darktrace     </strong>          </h3>     

Darktrace can be an AI-native system that delivers self-studying cyber protection and AI investigations and seamlessly integrates with other equipment via an open up and extensible architecture. Darktrace’s Protection Module for Duo offers coverage over access, user classes and platform management within the Duo system. Read even more right here .

 <h3>          <strong>     Dashlane     </strong>          </h3>     

Dashlane is really a password supervisor that now works with Duo making use of Duo SSO. The integration allows IT Administrators very easily deploy Duo + Dashlane and setup access policies. End users can simply gain access to Dashlane and their passwords with SSO from Duo. Read even more right here .

 <h3>          <strong>     HashiCorp     </strong>          </h3>     

HashiCorp Vault can be an identity-dependent secrets and encryption management system. A secret is whatever you would like to tightly control usage of, such as for example API encryption keys, passwords, and certificates. Include another layer of safety and protect usage of secrets within HashiCorp Vault with Duo Safety MFA. Read even more right here . A documenting of the Cisco Duo + HashiCorp webinar can be acquired to see right here .

 <h3>          <strong>     Oort     </strong>          </h3>     

Oort discovers vulnerabilities across a whole user population (or perhaps a segment of it). Trigger notifications linked to behavioral anomalies or guidelines, or policies not really being adopted. Oort integrates with Duo for identification analytics and threat recognition to provide a whole picture of an individual conduct and highlight any anomalous exercise or identify risks. Go through more right here .

 <h3>          <strong>     Perimeter 81     </strong>          </h3>     

Perimeter 81 simplifies cyber and network protection for the hybrid workforce, ensuring secure usage of local networks, programs, and cloud infrastructure. Their integration with Duo offers safety for administrators and end-users who have to get on Perimeter 81. Read even more right here .

 <h3>          <strong>     Specops Software program     </strong>          </h3>     

Specops Software, a respected provider of password administration and authentication solutions, protects companies by securing consumer authentication across high-risk jobs including accounts unlocks and password recuperation via self-service or even the IT support desk. Organizations can lengthen Duo authentication to safe consumer verification across these make use of cases. Find out about the integration right here .  A blog site on the integration can be available right here.

 <h3>          <strong>     Sectona     </strong>          </h3>     

Sectona is really a Privileged Access Administration organization that delivers integrated privilege administration parts for securing dynamic remote control workforce entry across on-premises or even cloud workloads, endpoints, and machine-to-machine communication. Duo’s protected access multi-factor authentication may be used to ensure that each consumer authenticates using multiple strategies (aspects) while accessing Sectona Privileged Entry Management. Read even more right here .

 <hr />     

 <em>     We’d want to hear everything you think. Ask a relevant question, Comment Below, and Remain Linked to Cisco Secure on interpersonal!     </em>     

 <strong>     Cisco Safe Social Channels     </strong>     

 <strong>          <a href="https://www.instagram.com/CiscoSecure/" target="_blank" rel="noopener noreferrer">     Instagram     </a>          </strong>          <br />          <strong>          <a href="https://www.facebook.com/ciscosecure/" target="_blank" rel="noopener noreferrer">     Facebook     </a>          </strong>          <br />          <strong>          <a href="https://twitter.com/CiscoSecure" target="_blank" rel="noopener noreferrer">     Twitter     </a>          </strong>          <br />          <strong>          <a href="https://www.linkedin.com/showcase/cisco-secure" target="_blank" rel="noopener noreferrer">     LinkedIn     </a>          </strong>     

 <pre>          <code>        &lt;br&gt;