When we started the Cisco Security Technology Alliance (CSTA) a few years ago,we didn't envisage it growing into such a large ecosystem of technology spanning the breadth of our Cisco Security portfolio in such a short span of time. But security is most effective when it works as an integrated systemandthat has driven our furious integration pace.
Eric Parizo, Senior Enterprise Security Analyst with GlobalData, called it right: "Cisco's commitment to fostering integration between its own best-of-breed security productsandthird-party point solutions is almost unparalleled in the enterprise security industry." As an industry, if we're going to beat the bad guys, we need to work together and in partnership with security practitioners at every turn.
Today Cisco is proud to announce 57 new technology integrations and 23 net-new vendor partners joining CSTA across all facets of security. It is our largest and broadest CSTA announcement to date. This brings our alliance to over 160 partners representing 280+ product platform integrations. This is quite a leap from the 22 partners & integrations we had in late 2013 when we founded CSTA.
These integrations span over 15 technology areas from Security Orchestration, Analytics & Reporting (SOAR) systems, to deception technologies to IoT Visibility platforms that together bolster a customer's cyber defenses.
This is an era of unprecedented change for cybersecurity. New technologies, new threats, new customer expectations, new regulations...they are all rapidly disrupting existing approaches. Organizations have no choice but to adapt rapidly to protect assets from cyber-crime. As we have seen from starting CSTA, technical integrations between our partners using our open APIs and SDKs help harden the networks of our mutual customers. Theresult? Integrations that enable granular visibility, higher fidelity analytics, and the ability to automate investigative and mitigation actions on threats across a multi-vendor security deployment. There is strength in numbers...more than 280 in this case.
Here's a summary of what's new:
Explosive growth of Cisco pxGrid Partners, pxGrid 2.0 and IoT Security
TheCisco pxGrid ecosystemis adding 20 new partner integrations to its arsenal, which now includes a new technology area for IoT Visibility. By utilizing enhancements to pxGrid with version 2.0, it now has 8 integrations withArmis, Claroty, CyberMDX, Cynerio, Medigate, Nozomi, SecurityMatters and ZingBoxwhich provide Cisco ISE with enhanced visibility of IoT devices on your network. Other vendors adopting pxGrid includeAcalvio, BlackRidge, Demisto, Digital Defense, LogZilla, Luminate, Rapid7, Siemplify,Syncurity, Tanium and VU Security. Splunknow also has an updated integration with their Cisco ISE App for Splunk.
Bringing 3rdParty Threat Intelligence into Cisco Next-Gen Firewall
By ingesting threat intelligence from 3rd party threat feeds,Cisco Threat Intelligence Director (CTID)capabilities in theCisco Firepower Next-Gen Firewallcorrelate threat intelligence with events in the Firepower Management Console, thereby simplifying threat investigation. CTID has 2 new integrations with IntSights and Visa Threat Intelligence.
Multi-Vendor Threat Event & Platform Management for Cisco Next-Gen Firewall
Cisco Firepowerhas new partner integrations with its highly-enriched event API -eStreamer.Syncurity, and Skyboxnow utilize Firepower next-gen firewall and threat context to complement their native threat analysis capabilities. Cisco firewall customers can now use Firewall Platform Management solutions fromTufin, Algosec and Firemonfor policy and configuration management with integrations built using the new Firepower REST API ver 6.3. Other integrations with firewalls includeClaroty, RedSeal, Siemplify, HoB Securityand an updated integration withArcSight.
Sharing Cisco Threat Grid Threat Intelligence
Using thepowerful and insightful Cisco Threat Grid API, 7 new integrations in theCisco Threat Gridecosystem being announced include -CyberSponse, Demisto, Exabeam, IBM QRadar, IBM Resilient, Siemplify & Syncurity. This integration ecosystem simplifies threat investigation for our joint customers by incorporating Threat Grid threat intelligence directly into our partners' platforms.
New Cisco Advanced Malware Protection (AMP) for Endpoints Integrations
Using the Cisco AMP for EndpointsAPIs partner integrations provide analysts with rich threat information and actions on endpoint events like retrieving endpoint information, hunting indicators on endpoints, searching events, etc.CyberSponse, Exabeam, IBM QRadar, LogRhythm, Siemplify & Syncurityare 6 integrations that are now available for AMP for Endpoint customers to integrate with. These integrations collect all AMP for Endpoint event data via the streaming API for correlation or other uses.
Cisco Security Connector (CSC) Integrations
Cisco Security Connectorfor Apple iOS provides organizations with the visibility and control they need to confidently accelerate deployment of mobile devices. CSC is the only Apple approved security application for supervised iOS devices, and integrates with best-in-class MDM/EMM platforms. CSC now adds support forIBM MaaS360 and JAMF
Cisco Cloud Security Integrations
The Cisco Cloud Securityecosystem also expands with more integrations fromCybersponse, EfficientIP, IBM QRadar, IBM Resilient, Menlo Security,Rapid7, RSA and Syncurity. These integrations not only help organizations manage, prioritize, and mitigate IOCs, but they also provide mechanisms to automate several threat lifecycle workflows, effectively improving both mean time to detect and response to threats, as well overall SOC efficacy.
As you can tell, we have been busy at work with our industry partners to grow the CSTA ecosystem. There are over 50 new integration capabilities to aid customers in building security architectures that fit their business needs.
For details on each partner integration in this announcement, please read through the individual partner highlights below.
Happy integrating!
More details about our new partners and their integrations:
[1]New Cisco Threat Intelligence Director (CTID) for Firepower Integrations
IntSights offers enterprises a threat intelligence and mitigation platform that drives proactive defense by turning tailored threat intelligence into automated security action. Joint customers using Cisco Threat Intelligence Director (CTID), part of the Firepower Management Center, can leverage IntSights to identify verified threats targeting their digital footprint such as leaked credentials, fraud, social engineering, and phishing attacks and automatically mitigate these new threats in real-time by blocking corresponding domains and applications on their Firepower appliances.
Visa Threat Intelligence offers threat feeds for its huge merchant customer base and has recently joined the CSTA program. Joint customers using the Firepower solution can use CTID, part of the Firepower Management Center, to automatically collect the latest threat information from Visa. This information gets applied to Firepower policy on the wire so that new threats are immediately detected and blocked.
[2]New Cisco Firepower Next-Gen Firewall Integrations
AlgoSec automates and orchestrates network security policy management on premise and in the cloud. Cisco customers can deliver business applications quickly and easily while ensuring security and compliance. Algosec Firewall Analyzer (AFA) collects and audits policy and configuration information from Cisco ASA and Firepower next-gen firewalls, switches and routers.
The Claroty Platform is an integrated set of cybersecurity products that provides extreme visibility, unmatched cyber threat detection, secure remote access, and risk assessments for industrial control networks (ICS/OT). Claroty vulnerability assessments in industrial and critical infrastructure environments can help Cisco Firepower tune intrusion policy and help prioritize event information.
FireMon solutions deliver continuous visibility into and control over network security infrastructure, policies, and risk. FireMon Security Manager is a policy and risk management solution that can collect policy and configuration information from Cisco Firepower and Cisco ASA.
HOB's WebTerm Express delivers an enterprise HTML5 gateway that allows users to access RDP targets, web applications, and internal file servers securely through their Cisco ASA firewalls and supporting single-sign on functionality.
Micro Focus Security ArcSight ESM can identify and prioritize threats in real time, so you can respond and remediate quickly.ArcSight ESM helps detect and respond to internal and external threats, reduces response time from hours or days to minutes, and addresses ten times more threats without additional headcount. A new Firepower-to-Arcsight Connector supporting CEF and Cisco Firepower eStreamer NGFW events is now available.
RedSeal's network modeling and risk scoring platform builds an accurate, up-to-date model of your hybrid data center so you can validate your policies, investigate faster, and prioritize issues that compromise your most reachable, valuable assets. RedSeal uses the Cisco Firepower Management Center REST API and the Firepower Device Management API to collect configuration and security policy information to understand how threats can be detected and blocked.
Skybox gives security leaders the cybersecurity management solutions they need to eliminate attack vectors and safeguard business data and services. Skybox's suite of solutions drives effective vulnerability and threat management, firewall management and continuous compliance monitoring for Cisco Firepower customers by integrating with the Firepower Management Center's REST API.
Siemplify provides a holistic Security Operations Platform that empowers security analysts to work smarter and respond faster. Siemplify uniquely combines security orchestration and automation with patented contextual investigation and case management to deliver intuitive, consistent and measurable security operations processes. Cisco Firepower customers can leverage Siemplify's integration with the platform's REST API to respond manually or automatically to critical events with user initiated or automatic responses such as blocking compromised devices to contain the threat.
Syncurity optimizes and integrates people, process and technology to realize better cybersecurity outcomes and accelerate security operations teams by delivering an agile incident response platform. Syncurity is the first CSTA partner to use the Firepower REST API to invoke block rules in response to critical security events triggered on their orchestration platform, IR Flow.
Tufin provides Security Policy Orchestration solutions to streamline the management of security policies across complex, heterogeneous environments that include Cisco ASA and Cisco Firepower. Tufin automatically designs, provisions, analyzes and audits network security configuration changes -from the application layer down to the network layer -accurately and securely. Tufin now offers a migration tool called SecureMigrate that dramatically lower the time and effort needed to migrate from ASA to Firepower.
[3]New Cisco pxGrid Integrations
Acalvio ShadowPlex, a comprehensive, distributed deception platform, is designed to easily deploy dynamic, intelligent and scalable deceptions across the Enterprise network, both on-premises and in cloud. By deploying a rich set of deceptions, ShadowPlex presents attractive targets to the attacker, and generates high-fidelity alerts. ShadowPlex integrates with Cisco ISE via pxGrid for Rapid Threat Containment, by isolating the host machines where malicious activity has been observed.
The Armis agentless security platform discovers and analyzes every device in your environment, on and off the network, to protect you from exploits and attacks. Cisco ISE enforces role-based access control and uses device insights from Armis for finer-grained, more accurate network policies. Together, Armis and Cisco provide complete visibility and control over any device including unmanaged devices like Bluetooth peripherals, IoT devices, and rogue access points.
BlackRidge integrates with Cisco ISE via pxGrid to extend Software Defined Perimeters to private and public clouds, IoT and other network environments. BlackRidge Transport Access Control (TAC) uses ISE identity and access policies to authenticate access on the first packet of network connections. BlackRidge TAC proactively isolates and protects cloud-based resources and services by stopping port scanning, cyber-attacks and unauthorized access.
Claroty provides deep visibility and comprehensive protection for industrial control networks. The Claroty platform passes complete asset details to Cisco ISE, enabling ISE to assign specific access policies based on asset profiles. With Claroty, organizations using pxGrid and ISE can implement segmentation in their OT networks. Claroty automatically discovers micro-segments based on the behavior of the ICS networks, enabling ISE to create and enforce segmentation policies.
CyberMDX, a pioneer of healthcare cybersecurity solutions, delivers visibility and threat prevention for connected medical devices and clinical assets. CyberMDX helps boost Cisco ISE's clinical device classification with CyberMDX's AI powered engine. Organizations using pxGrid also benefit from device visibility and risk assessment to automate processes of micro-segmentation. Deployment via pxGrid and ISE automates manual processes, saving labor resources, and reducing human error.
Cynerio is a leading provider of medical device and IoT security solutions. Built on healthcare-driven behavior analysis, Cynerio's technology provides enhanced visibility into the clinical entities and associated risk of connected device communications, making it easier and safer to enforce secure access policies with Cisco ISE.
Security teams can use Demisto's integration with Cisco ISE for unified security data visibility and coordinated incident response across their security environments. As a security orchestration solution, Demisto enables users to create codified and automatable playbooks that connect with a range of Cisco products through pxGrid, resulting in single-window investigations and accelerated resolution.
Combining the automation power of Cisco ISE and Digital Defense's Frontline Vulnerability Manager? creates greater device visibility and network access control, building improved workflow and rapid responses to infrastructure threats. ISE integrates with our award-winning vulnerability scanner to add additional power by kicking-off a scan automatically according to the organization's established device policies. Based on the severity of the device scan results, the device can then be automatically removed or segmented from the network to protect the organization's assets quickly, and help ward off network intruders.
LogZilla leveragesCisco pxGrid to exchange data between the LogZilla platform and Cisco ISE allowing automation of intelligent decisions for NetOps, SecOps and ITOps functions. The LogZilla Platform provides ISE contextual information from within the LogZilla UI with intuitive dashboards containing key information such as Passed and Failed authentications, Device Summary, Compliance, TrustSec and MDM. It also allows the LogZilla administrator to take right-click Adaptive Network Control (ANC) mitigation actions for Rapid Threat Containment (RTC) after automatically correlating information from multiple disparate sources.
Luminate Security enables security and IT teams to create Zero Trust Application Access architecture, securely connecting any user from any device to corporate applications, on-premises and in the cloud, in an agentless cloud native manner. By integrating with Cisco ISE via pxGrid, Luminate leverages user identity, device posture, location and behavior patterns to provide contextual access to corporate resources.
Protect your connected medical devices by providing clinical context to your NAC. Medigate delivers complete visibility into medical devices, enabling you to create profiles and policies by device types and vendors. It detects behavioral anomalies based on a deep understanding of clinical workflows and communication protocols. Then Cisco ISE can activate preventative security capabilities with clinically-based informed alerts from Medigate, providing a new level of threat protection.
Nozomi Networks, the leader in ICS cybersecurity, provides real-time visibility and security solutions, such as SCADAguardian and the Central Management Console (CMC). These solutions integrate with Cisco ASA and Cisco ISE product platforms. Together, we extend visibility deep into OT networks and enhance cyber resiliency through integrated IT/OT threat intelligence and ICS cybersecurity.
Rapid7 powers the practice of SecOps by delivering shared visibility, analytics, and automation that unites security, IT, and development teams. Rapid7's InsightVM and InsightIDR offer powerful analytics to help teams identify and prioritize vulnerabilities and threats. By integrating InsightVM and InsightIDR with Cisco ISE, security and IT teams can go a step further by blocking or quarantining assets if deemed vulnerable or compromised.
Siemplify's security orchestration, automation and incident response platform enable security operations teams to investigate, analyze and respond to threats faster, with less effort. Through its integration with Cisco ISE, Siemplify delivers the vital context needed to build a full threat storyline as well as respond to and contain incidents more decisively.
The Splunk Add-on for Cisco ISE allows a Splunk software administrator to collect ISE syslog data. You can use the Splunk platform to analyze these logs directly or use them as a contextual data source to correlate with other communication and authentication data in the Splunk platform. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.
Syncurity delivers an agile SOAR platform, built by analysts for analysts, that reduces cyber risk.Syncurity's Cisco ISE integration will enable SOC and IR analysts' faster endpoint containment or isolation options by using Cisco pxGrid to enable ISE to bounce or shutdown a switch port based on a known host MAC address, and send a quarantine signal to apply a new policy to a host.
Tanium's mission is to enable business resilience through manageability and security at scale for all connected devices. Tanium provides security and IT operations teams with the visibility and control needed to manage every endpoint, even across the largest global networks. The Tanium platform integrates with Cisco ISE via Cisco pxGrid to enforce Rapid Threat Containment policies against managed and unmanaged endpoints based on their state.
VU Security offers products for all stages of the digital life cycle of a citizen within the client's business and the possibility of integrating any existing technology in an agile, fast and standard way. By integrating VU Behavior & Fraud Analysis platform (including machine learning & artificial intelligence technologies) with Cisco ISE using pxGrid allows customers to control and secure in a better way digital identity as well as related transactions.
Zingbox IoT Guardian is a behavior analytics platform that discovers, classifies, manages, secures, and optimizes IoT assets and unmanaged network-connected devices. Through machine learning, Zingbox enables organizations using Cisco ISE and pxGrid to reduce security risks and ensure business continuity by dynamically organizing IoT assets into microsegments. It also applies access control to only allow the trusted behaviors and contain threats, including zero-day exploits.
[4]New Cisco Threat Grid Integrations
CyberSponse's integration with Cisco Threat Grid enables analysts to leverage actions like submitting a sample for detonation, fetching its status and report in detailed or summary formats, search reports for a given indicator or against a feed, get related IOC's associated with the sample and more such actions that help in automating malware investigation and threat intelligence scenarios using CyOPs Playbooks. CyOPs integrates with over 250+ security tools, thereby presenting analysts with the industry's most comprehensive cybersecurity workbench that enables SOC teams to leverage the power of automation in the most meaningful way.
Demisto integrates with Cisco Threat Grid for automated malware protection and accelerated incident response. Demisto's orchestration capabilities enable security teams to include a range of Threat Grid actions as automated workflow tasks. By embedding Threat Grid actions in concert with other security products, Demisto playbooks provide security teams with enhanced visibility and context upon which to base their response decisions.
Exabeam provides advanced threat detection by integrating data from Cisco solutions like Threat Grid and AMP for Endpoints within a customer environment. Exabeam builds behavioral baselines for user and machine behavior using this integrated data and patented machine learning techniques. As a result, Exabeam can indicate user behavior that is both unusual and risky, quickly enough to take effective action. Exabeam can integrate network-level analytics data from Threat Grid with user-level behavior to understand the full impact of a threat, leading to complete elimination of the attacker from the corporate network.
[1] IBM QRadar + Cisco Threat Grid: Quickly identify, understand, and respond to advanced threats with advanced sandboxing, malware analysis and threat intelligence combined in one solution. Details from the sandbox analysis of Threat Grid is used by QRadar to determine if the potential threats within the organization are malicious or benign. A right click into Threat Grid opens a full malware report, enabling the analyst to better understand the scope and veracity of threats and more quickly resolve prioritized threats detected in QRadar.
[2] IBM Resilient IRP + Cisco Threat Grid: Get actionable insights for faster incident response and mitigation. Security analysts in Resilient can rapidly drill down to research indicators of compromise within Threat Grid's threat intelligence, automatically detonate suspected malware with its sandbox technology, and then pull findings into an incident report. The incident data within Threat Grid (e.g. affected assets, related system information, forensic evidence and threat intelligence) integrated with Resilient's orchestration and automation eliminates the need to pivot on disparate tools and improves incident response times.
Siemplify's security orchestration, automation and incident response platform enables security operations teams to investigate, analyze and respond to threats faster, with less effort. By integrating with Cisco Threat Grid, security operations teams can more quickly apply robust threat intelligence and analyze malware to conduct more efficient investigations and make better response and remediation decisions.
Syncurity? delivers an agile security orchestration, automation & response platform that reduces cyber risk. We make security operations centers (SOCs) more efficient and effective using tightly integrated alert and incident response workflows. Syncurity's IR-Flow integration enables Cisco Threat Grid customers to automatically submit malware for analysis and use the results in support of SOC and Incident Response workflows. This saves time and analyst effort, and allows them to move on to the next task while awaiting malware sandbox analysis results. Analysts can also send files ad-hoc to Threat Grid, pivoting an existing workflow on the fly.
[5]New Cisco Advanced Malware Protection (AMP) for Endpoints Integrations
CyberSponse integrates with Cisco AMP for Endpoints and provides analysts with actions like retrieving endpoint information, hunting indicators on endpoints, searching events, managing file lists, managing groups, fetching policy details and over 20 such dedicated actions for automating investigation and remediation scenarios through CyOPs Playbooks. CyOPs integrates with over 250+ security tools, thereby presenting analysts with a comprehensive cybersecurity workbench that enables SOC teams to leverage the power of automation in the most meaningful way.
Exabeam provides advanced threat detection by integrating data from Cisco solutions like Threat Grid and AMP for Endpoints within a customer environment. Exabeam builds behavioral baselines for user and machine behavior using this integrated data and patented machine learning techniques. As a result, Exabeam can indicate user behavior that is both unusual and risky, quickly enough to take effective action. For example, Exabeam can ingest log data from Cisco AMP, and link that activity to other behavior, such as source code access in GitHub or customer data access in Salesforce.
IBM QRadar + Cisco AMP for Endpoints: Integrate the prevention, detection, and response of advanced threats in a single solution with IBM QRadar + Cisco AMP for Endpoints. This integration protects your Windows, Mac, Linux, Android, and iOS devices through a public or private cloud deployment. QRadar maintains Device Support Modules (DSM's) to collect highly contextualized log information from AMP for Endpoints and parses it into QRadar. This enables security analysts to better understand the scope and veracity of threats for faster threat detection and response.
LogRhythm offers extensive support for and integration across Cisco's product portfolio, automatically incorporating, normalizing, and contextualizing log, flow and event data captured from across the Cisco product suite. LogRhythm integrates with Cisco AMP for Endpoints via a REST based API that allows LogRhythm to pull and ingest data from an AMP deployment. LogRhythm then applies scenario and behavioral-based analytics on this data, as well as other log and machine data from throughout the environment for comprehensive visibility. Security teams can visualize high priority events in an AMP-specific dashboard within LogRhythm's centralized console. This combination, along with the robust Cisco device and log source support that LogRhythm integrates with across the Cisco product portfolio, equips security professionals with the tools necessary to detect and rapidly respond to threats.
Siemplify's security