The document discusses the need for an integrated security architecture approach rather than relying on individual security products. It outlines how integration across the Cisco security portfolio provides functional integration through shared threat intelligence, event information, automated policy changes, and contextual awareness. Examples are given of how integration allows for rapid threat containment, sharing of events and policy, leveraging threat intelligence across the environment, and profiling of users and devices on the network. The document advocates for an approach that is simple, open, and automated through integration.
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...Cisco DevNet
With over a dozen APIs and integrations points, Cisco’s security product portfolio offers many ways to share and collect from other complementary technologies including MDM, EDM, SIEM, IR and Vulnerability Management. Cisco’s CSTA program focuses on helping customers achieve a higher level of security through automation and more intelligent event attribution.
This presentation is on the basics of cyber security and cloud computing, where it also addresses the aspects ethical hacking in detail.
The url of the live presentation: http://syscolabs.lk/blog/cyber-security-and-cloud-computing/
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...Cisco DevNet
With over a dozen APIs and integrations points, Cisco’s security product portfolio offers many ways to share and collect from other complementary technologies including MDM, EDM, SIEM, IR and Vulnerability Management. Cisco’s CSTA program focuses on helping customers achieve a higher level of security through automation and more intelligent event attribution.
This presentation is on the basics of cyber security and cloud computing, where it also addresses the aspects ethical hacking in detail.
The url of the live presentation: http://syscolabs.lk/blog/cyber-security-and-cloud-computing/
Managing Cloud Security Risks in Your OrganizationCharles Lim
Any Organization in the World need to prepare themselves before they move to the cloud, i.e. cloud security risk assessment. It is all about managing your risks if you accept to move to the cloud and understanding the risks and benefits should be essential part of any organization thinking to move to cloud infrastructure.
Cloud Security or Cloud Computing Security refers to a set of policies, procedures, and controls to safeguard cloud-based systems, infrastructure, and data.
Cloud Security involves the policies and procedures that safeguard cloud computing environments against cyberattacks.
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
“How secure are we?” “What's our strategy for advanced threats?” “How do we manage changes?” “What should we focus on?” “How is risk changing over time?” These are the difficult questions that IT security and network operations professionals face daily. The answer is in your data. Risk analytics is critical to answering the questions you face every day, opening new paths to find and prioritise vulnerabilities, quickly find firewall rule errors, and determine potential threats before they can be exploited.
This presentation is targeted at enterprise IT professionals looking to add security metrics and analytics into their security program.
- Understand why the existing approaches, processes and technologies for IT security get less effective over time
- Know what metrics and analytics are missing from your current strategy
- Recognise how risk analytics can be used to automate and secure your network devices
- Understand how vulnerability management process can be optimized with risk analytics - See how a risk analytics platform can impact an organisation
Запись вебинара "Решения компании Cisco для операторов связи по защите от взлома и вредоносного программного обеспечения": https://ciscoclub.ru/resheniya-kompanii-cisco-dlya-operatorov-svyazi-po-zashchite-ot-vzloma-i-vredonosnogo-programmnogo-o
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Cisco Security
Cognitive Threat Analytics is a technology that analyzes web requests to identify Command & Control traffic, identifying threats that are currently present in a network. It is currently available across the entire Cisco Web Security portfolio, including Cloud Web Security (CWS) and the Web Security Appliance (WSA). To learn more, watch this webinar: http://cs.co/9000BuggO
Cloud security From Infrastructure to People-wareTzar Umang
Understand Cloud Security in every level from infrastructure to people ware via understanding threats, hardening your servers and creating policies that will users be guided on securing themselves.
Cloud Security Engineering - Tools and TechniquesGokul Alex
Cloud Security Engineering Education Materials prepared by Gokul Alex. It covers the essential tools and techniques to protect cloud enterprise architectures and cloud information systems.
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
Safeguarding the cloud with IBM Security solutions - Maintain visibility and control with proven security solutions for public, private and hybrid clouds.
Azure Sentinel is Microsoft cloud-native SIEM and SOAR. Say goodbye to 6 months SIEM solution setup and architecture - get started with visibility on you environement just now, and use the rich ecosystem of connectors to extend intelligence to your complete security suite.
CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...Cisco DevNet
A session in the DevNet Zone at Cisco Live, Berlin. Cisco Security is committed to an extensible product porfolio that enables integration with many best of breed technology partners. Through the Cisco Security Technical Alliance program (CSTA) customers can leverage more than a dozen APIs and integration points to share data with SIEM, MDM, EDM, IR, Vulnerability Management and many other critical security technologies found in the enterprise. Integration with nearly 100 partner solutions powers automation, provides additional context that speeds the resolution of critical events and increases overall security effectiveness.
Managing Cloud Security Risks in Your OrganizationCharles Lim
Any Organization in the World need to prepare themselves before they move to the cloud, i.e. cloud security risk assessment. It is all about managing your risks if you accept to move to the cloud and understanding the risks and benefits should be essential part of any organization thinking to move to cloud infrastructure.
Cloud Security or Cloud Computing Security refers to a set of policies, procedures, and controls to safeguard cloud-based systems, infrastructure, and data.
Cloud Security involves the policies and procedures that safeguard cloud computing environments against cyberattacks.
Infosec 2014: Risk Analytics: Using Your Data to Solve Security ChallengesSkybox Security
“How secure are we?” “What's our strategy for advanced threats?” “How do we manage changes?” “What should we focus on?” “How is risk changing over time?” These are the difficult questions that IT security and network operations professionals face daily. The answer is in your data. Risk analytics is critical to answering the questions you face every day, opening new paths to find and prioritise vulnerabilities, quickly find firewall rule errors, and determine potential threats before they can be exploited.
This presentation is targeted at enterprise IT professionals looking to add security metrics and analytics into their security program.
- Understand why the existing approaches, processes and technologies for IT security get less effective over time
- Know what metrics and analytics are missing from your current strategy
- Recognise how risk analytics can be used to automate and secure your network devices
- Understand how vulnerability management process can be optimized with risk analytics - See how a risk analytics platform can impact an organisation
Запись вебинара "Решения компании Cisco для операторов связи по защите от взлома и вредоносного программного обеспечения": https://ciscoclub.ru/resheniya-kompanii-cisco-dlya-operatorov-svyazi-po-zashchite-ot-vzloma-i-vredonosnogo-programmnogo-o
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Cisco Security
Cognitive Threat Analytics is a technology that analyzes web requests to identify Command & Control traffic, identifying threats that are currently present in a network. It is currently available across the entire Cisco Web Security portfolio, including Cloud Web Security (CWS) and the Web Security Appliance (WSA). To learn more, watch this webinar: http://cs.co/9000BuggO
Cloud security From Infrastructure to People-wareTzar Umang
Understand Cloud Security in every level from infrastructure to people ware via understanding threats, hardening your servers and creating policies that will users be guided on securing themselves.
Cloud Security Engineering - Tools and TechniquesGokul Alex
Cloud Security Engineering Education Materials prepared by Gokul Alex. It covers the essential tools and techniques to protect cloud enterprise architectures and cloud information systems.
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
Safeguarding the cloud with IBM Security solutions - Maintain visibility and control with proven security solutions for public, private and hybrid clouds.
Azure Sentinel is Microsoft cloud-native SIEM and SOAR. Say goodbye to 6 months SIEM solution setup and architecture - get started with visibility on you environement just now, and use the rich ecosystem of connectors to extend intelligence to your complete security suite.
CSTA - Cisco Security Technical Alliances, New Ecosystem Program Built on the...Cisco DevNet
A session in the DevNet Zone at Cisco Live, Berlin. Cisco Security is committed to an extensible product porfolio that enables integration with many best of breed technology partners. Through the Cisco Security Technical Alliance program (CSTA) customers can leverage more than a dozen APIs and integration points to share data with SIEM, MDM, EDM, IR, Vulnerability Management and many other critical security technologies found in the enterprise. Integration with nearly 100 partner solutions powers automation, provides additional context that speeds the resolution of critical events and increases overall security effectiveness.
McAfee - McAfee Active Response (MAR) - Endpoint Detection & Response (EDR)Iftikhar Ali Iqbal
The presentation provides the following:
- McAfee Company Overview
- McAfee Strategy
- McAfee Portfolio Overview
- Endpoint Security Challenges
- McAfee Endpoint Protection Platform
- McAfee Active Response Overview
- McAfee Active Response Features
- McAfee Active Response Architecture
- McAfee Active Response Workflow
- McAfee Active Response Licenses & Packaging
Please note all the information is based prior to Aug 2019.
Security Delivery Platform: Best practicesMihajlo Prerad
Security Delivery Platform: Best practices
The traditional Security model was one that operated under simple assumptions. Those assumptions led to deployment models which in todays’ world of cyber security have been proven to be quite vulnerable and inadequate to growing amount and diversity of threats.
A Security Delivery Platform addresses the above considerations and provides a powerful solution for deploying a diverse set of security solutions, as well as scaling each security solution beyond traditional deployments. Such platform delivers visibility into the lateral movement of malware, accelerate the detection of ex-filtration activity, and could significantly reduce the overhead, complexity and costs associated with such security deployments.
In today’s world of industrialized and well-organized cyber threats, it is no longer sufficient to focus on the security applications exclusively. Focusing on how those solutions get deployed together and how they get consistent access to relevant data is a critical piece of the solution. A Security Delivery Platform in this sense is a foundational building block of any cyber security strategy.
Trend Micro: This talk examines an overarching security strategy for your deployment, pulled from the real-world experiences of top companies around the world. Paired with services like AWS Lambda, this strategy can result in a unified view of your deployment and automatically respond to incidents – regardless of scale.
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Karim Vaes
https://www.xylos.com/en/corporate/events/explore-new-digital-ways
Public cloud and security go hand in hand, if you approach it properly
The cloud is already being well used, but lots of organisations still have questions about its security. Is data protection in the cloud really optimal, or is this uncertainty justified? In this breakout session we look at the main concerns we hear from our customers. Can we build a perimeter around cloud applications? Which sectors or scenarios are not suitable for the cloud, and where in particular is it recommended? How do I get to grips with ‘shadow IT’? Do I have to manage things myself in the cloud? Does the public cloud satisfy the strictest security requirements? And what's the most secure authentication? Data protection isn't just limited to firewalls or intrusion systems, after all. The key lies in having a comprehensive security policy, and in this session we zoom in on the major components and challenges.
Speaker: Karim Vaes, Solution Architect, Xylos
A Different Approach to Securing Your Cloud JourneyCloudflare
Whether you are just exploring moving workloads to the cloud, or are fully cloud-enabled, one thing is certain: security has changed from a purely on-premise environment.
As cybersecurity risks continue to grow with more advanced attackers and more digital surface area, how you think about staying secure without compromising user experience must adapt.
During this talk, you will:
- Hear how global consistency, agile controls, and predictable costs are goals and principles that matter in this new environment
- Be able to evaluate your current plans against a "customer security model"
Steve Porter : cloud Computing SecurityGurbir Singh
A recording of the Northwest Regional meeting of the Institute of Information Security Professionals in Manchester on 5th July 2012. Stephen Porter from Trend Mirco Limited was on the theme of cloud computing security. Copyright of this presentation is held by the author, Stephen Porter.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
Simon Wong and Chris Cram, Scalar security experts, discuss how Palo Alto Networks technology disrupts the entire malware kill chain. Attendees will also gain insight on flexible deployment options to better serve their mobile users, and how to get the most out of their Palo Alto Networks deployment.
CloudPassage Best Practices for Automatic Security ScalingAmazon Web Services
Organizations that are transitioning from a traditional data center to an on-demand IT environment, such as AWS, are quickly finding that automating and scaling legacy security services for comprehensive workload security can be challenging. In light of these challenges, it is necessary to deploy a security solution that employs the same versatility and elasticity as the cloud workloads it is meant to protect. CloudPassage® Halo® provides virtually instant visibility and continuous protection for servers in any combination of data centers, private clouds and public clouds like AWS. Join Xero and CloudPassage to learn about best practices for migrating your security workloads to the cloud.
Join us to learn:
- Best practices for maintaining workload security
- How you can align cloud security deployment methods with on-premises deployment methods
- Key considerations for architecting your infrastructure to scale quickly and securely
Who should attend: CTOs, CIOs, CISOs, Directors and Managers of Security, IT Administers, IT Architects and IT Security Engineers
Similar to Cisco Connect 2018 Thailand - Cybersecurity strategy an integrated approach khun pichaiwood prabudhanitisarn_cisco (20)
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
5. Why a Security Architecture?
Ability to Defend Getting More Complex
• Attack Surface Diversity: Growing exponentially
due to IoT, SaaS / IaaS, and personal device
trends
• Threats: Continuous rise in sophistication
of attackers combined with rapid evolution
of attacker techniques and tools
• Detection: Efficacy of classical detection
methods eroding
• User Behavior: No longer constrained to
IT controlled places, apps or devices
The Security
Effectiveness Gap
6. Process of Attacks
Research, and
select targets
Pair remote access
malware with exploits
Deliver
cyberweapons by
email, website and
attachments
Install payloads to
gain persistent
access
7. Source: Verizon 2014 Data Breach Investigations Report
Time to compromise
Time to discovery25%
50%
75%
100%
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
Percent of breaches where time to compromise (orange)/
time to discovery (blue) was days or less
Time to Detection
100Industry Days
Industry Result
10. Multiple features
within the
same product
Solution
Management
Multiple
products that
work together
Unified
configuration
and reporting
Functional
Integration has to have Layers
11. Event information
improves visibility
Threat Intelligence
speeds time to detection
Automated Policy
changes allow faster
response
Contextual Awareness
builds granular controls
across the network
Sharing Data Through Integration
12. Threat Grid
Sourcefire
2013 2016
Portcullis
OpenDNS
Lancope
Neohapsis
Cloudlock
2014 2015
AMP
Everywhere;
OpenAppID
Talos
established
Cisco ASA
with
Firepower
Services
Integrated
Threat Defense
Vision; AMP
Threat Grid
Firepower
NGFW
unveiled
Network as a
Sensor and
Enforcer
Cisco
Umbrella
SIG
Identity
Services
Engine 2.0
Integration has Driven Cisco’s Portfolio Growth
15. Functional Integration: Talos Threat Intelligence
221BTotal Threats
1.4M
AV Blocks Per
Day
2.6M
Blocks Per
Second
9.9B
Total Blocks Per
Month
1.5M
Malware Samples
Per Day
1.8B
Spyware Blocks
Per Month
8.2B
Web Filtering
Blocks Per Month
991MWeb + Malware
Threats
19.7BThreats Per Day
1B
Sender Base
Reputation Queries
Per Day
16. Shared intelligence
Shared contextual
awareness
Consistent policy
enforcement
Cisco Firepower™ Management Center
Functional Integration: Firepower Threat Defense
Talos
Firepower 4100 Series Firepower 9300 Platform
Visibility
Radware
DDoS
Network
analysis Email Threats
Identity
and NAC DNS FirewallURL
17. Application Control
WAN Optimization, Traffic
Shaping, Content Filtering
Security
NG Firewall, Client VPN,
Site to Site VPN, IDS/IPS
Networking
NAT/DHCP, 3G/4G Cellular,
Static Routing, Link Balancing
Functional Integration: Meraki
19. AMP Threat
Intelligence Cloud
Windows OS Android Mobile Virtual MAC OS
CentOS, Red Hat
Linux for servers
and datacenters
AMP on Web and Email
Security Appliances
AMP on ASA with Firepower™
Services
AMP Private Cloud
Virtual Appliance
AMP on Firepower
NGIPS Appliance
AMP on Cloud Web Security
and Hosted Email
CWS/
CTA
Threat Grid
Malware Analysis +
Threat Intelligence
AMP on ISR with
Firepower Services
AMP for Endpoints
AMP for Endpoints
Remote Endpoints
AMP for Endpoints can
be launched from Cisco
AnyConnect®
AMP on Meraki® MX
Solution Integration: Advanced Malware Protection
20. Cisco WSA (Web Security Appliance)
External Telemetry (BlueCoat Sec. GW)
Cisco CWS (Cloud Web Security)
Cisco
Cognitive Threat
Analytics (CTA)
Confirmed Threats
Detected Threats
Incident
Response
Threat Alerts
HQ
STIX / TAXII API
CTACTACTA
HQ
Web Security
Gateways
Cloud
Web Security
Gateways
Web Access Logs
Breach Detection &
Advanced Threat Visibility
Solution Integration: Web and Endpoint
25. Solution Integration: Rapid Threat Containment
Automatically Defend Against Threats with Firepower and ISE
FMC aggregates and
correlates sensor data
FMC alerts ISE. ISE
then changes the
user’s/device’s access
policy to suspicious
Corporate user
downloads file, not
knowing it’s actually
malicious
Based on the new
policy, network
enforcers
automatically restrict
access
Device is quarantined
for remediation or
mitigation
26. Endpoint User
Opened an email
Downloading malware
Which stole data
Integration in Action: The Attack
That visited a website
Through the firewall
27. AMP for Endpoints
And shares the event information
Firepower Management Console
Analyzes the file
with Threat Grid
Blocking the malware
retrospectively
Protecting the data center
Email Security
Web Security
Integration in Action: Sharing Events
Alerts are Snared Between Products Providing Visibility
28. Integration in Action: Sharing Events
Alerts are Snared Between Products Providing Visibility
29. Threat Grid
Firepower
Management
Console
Data Center
Email Security
Web Security
Shares a policy
update with the
Identity Services
Engine
Quarantining the
user automatically
Integration in Action: Sharing Policy
Automatic Response to Threats
32. Firepower
Management
Console
Threat Grid
Data Center
Email Security
Web Security
Identity Services
Engine
AMP for Endpoints
Cloud Security
Integration in Action: Threat Intelligence
Profiling what users and devices are really on the network
33. Integration in Action: Sharing Context
Profiling What Users and Devices are Really on the Network
36. 100 percent focused Cisco Security initiatives
Real integration benefit across portfolio
Coordinate support with key partners
Host community supported code
Identify candidates for deeper integration
Cisco Solution Partner Program (SPP) DevNet
Cisco Security
Technical Alliance
Program
Firepower
ISE
Threat Grid
FP9300
Content
ASA
AnyConnect
OpenDNS
pxGrid
Stealthwatch
Fore more information go to http://www.cisco.com/go/csta
3rd Party Integration: CSTA
Cisco Security Technical Alliance
37. • eStreamer API
• Send Firepower event data to SIEMs
• Host Input API
• Collect vulnerability and other other host info
• Remediation API
• Programmatic response to third parties from FireSIGHT
• JDBC Database Access API
• Supports queries from other applications
• Read/Write API for Firepower
• Supports FW and Risk Management technologies
• Threat Intelligence Director
• Collect, correlate, take action on third party Threat Intelligence
• Management API for ASA
• Third party management of ASA, policy auditing
• pxGrid
• Bi-directional context sharing framework for ISE, ecosystem partners
• MDM API
• Enables 3rd party MDM partners to make mobile device posture part
of ISE access policy
• External Restful Services (ERS)
• Adds 3rd party asset data to ISE inventory database
• AMP Cloud-based API
• Externalize event data for all 3rd party apps
• Ingest threat data from third parties
• Threat Grid API
• Hand off suspicious files for analysis
• Queries entire dataset for correlation or historical/geographic significance
• Automate submission of files for analysis
• Create custom or batch threat feeds
• FirePOWER 9300 (SSP) REST API
• Cisco and third party applications in service chain configuration
• AnyConnect Network Visibility Module Collection
• AnyConnect provides IPFIX data
• AnyConnect EDM/MDM
• VPN Services
• OpenDNS Investigate
• Query OpenDNS for threat intelligence
• OpenDNS Umbrella
• Add addresses to customer specific enforcement
• CloudLock Enterprise API
• Reporting/Management
• CloudLock Development APIs
• Access micro-services
• Other Integration Points
• ESA, WSA
3rd Party Integration: Open Standard API’s
38. EDM/MDM Endpoint and
Custom Detection
Forensics and IR Other SIEM & Analytics
NPM/APM and
Visualization
IAM/SSO
Threat
IntelligenceCASB
UEBA
Firewall and
Policy
Management
Deception
Orchestration
Vulnerability
Management
3rd Party Integration: Ecosystem Partners
41. Effective Security Needs to be
Simple
Security built into the
network and designed to
work together
1 2 3
Open
Integrate across the Cisco
portfolio and 3rd party products
Automated
Instantaneous remediation
reduce time to detection
save time and money
42. VS.
*Source Cisco Midyear Security Report, 2016
Industry Days
100 Cisco Hours
~13
Integrate Automate: Reduce Time to Detection