Thursday, November 14, 2024

The Benefits of Tech Alliances

Since we adopted an open ecosystems approach, we have witnessed numerous integrations made available by Cisco Security and our technology partners. These integrations aim to improve the cybersecurity posture and defenses of our mutual customers due to their collaborative nature.

These partnerships enable the creation of more comprehensive, effective and efficient cybersecurity solutions. As cyber threats continue to evolve, these collaborations play an increasingly crucial role in helping organizations protect their digital assets. By utilizing these integrated solutions, businesses can establish a stronger security posture and be better prepared to face the challenges presented by today’s digital landscape. Vendor openness fosters better synergy and outcomes for the state of cybersecurity.

The strength of our integrations was put to the test at significant events such as RSAC, Black Hat, NFL Superbowl LVIII and the Paris Olympics. In these events, Cisco Security and our technology partners worked together in the Network & Security operations centers and effectively safeguarded these events from threats, ensuring the safety of people and infrastructure.

As we wrap up our fiscal year 2024, our open and inclusive cybersecurity technology alliance, Cisco Security Technical Alliance, now boasts over 400 technology partners and 825 integrations across Cisco’s cybersecurity product portfolio. In our annual roundup, Cisco Security extends a warm welcome to all new and expanding technology partners in our ecosystem. Deploying these integrated solutions together fosters a “synergy” that aids in more efficiently addressing customer security issues.

To learn more about each partner integration in this announcement, please review the individual partner highlights below. For more details on the partners, please visit our webpage at Cisco Security Technical Alliance.

Happy Integrating!


More details about our partners and their integrations:

New Cisco Breach Protection Suite integrations

These integrations help customers using Cisco’s Breach Protection Suite establish a stronger security posture.

Atlassian — Jira Cloud

Jira Cloud is built for every member of your software team to plan, track, and manage their work. Jira offers bug tracking, issue tracking, agile project management and more. Enabling this integration in Cisco XDR will make the Jira API available as a target for automation workflows.

Criminal IP

Criminal IP by AI Spera is an AI-powered threat intelligence search engine that offers you the latest data on all internet-connected assets. This integration with Cisco XDR offers real-time insights and risk scoring for IP addresses and domains to gain more information on the findings through Criminal IP’s UI by initiating a search in Criminal IP.

CrowdStrike

Two new Cisco-managed XDR workflows for CrowdStrike were released:

  1. Create Custom IOC: This appears in the pivot menu and allows you to create an IOC in CrowdStrike for an observable.
  2. Lift Containment for Hosts:This incident response workflow allows you to lift containment for hosts in CrowdStrike from a playbook or using an automation rule.

CrowdStrike also developed the Cisco Secure Email Gateway Data Connector to ingest Secure Email Gateway data into their Falcon platform. This improves detection of modern threats by unifying security data from endpoints and emails.

Darktrace

Darktrace is a Network Detection and Response (NDR) offering. In Cisco XDR, we enable Darktrace users to leverage it for threat hunting and investigation features. Use the Darktrace integration to query for security detections of observables including IP, hostname and Darktrace device ID.

Elastic Cloud

Enabling this integration in Cisco XDR will make the Elastic Cloud API available as a target for automation workflows, which can be used to do things like send incident data to Elastic search for indexing and retention.

Integrating with ExtraHop Reveal(x) Enterprise allows you to automatically search for devices, add or remove devices from a watchlist and search for detections. This integration with Cisco XDR also creates an HTTP target automatically in Automation for out-of-box workflows.

LevelBlue (AlienVault)

The AlienVault Open Threat Exchange (OTX) is the world’s most authoritative open threat information sharing and analysis network. AlienVault OTX integration with Cisco XDR allows OTX Activity Feed data to be used to enhance the threat detection capabilities in XDR.

Microsoft

Microsoft Azure Active Director — Users: Microsoft Azure AD with Cisco XDR provides user and device information to the Cisco XDR Assets feature. It enriches investigations and incident triage and response with device and user context.

Microsoft Defender of Endpoint: In Cisco XDR, we enable Defender for Endpoint users to leverage it for threat hunting and investigation features, as well as rapid response actions to understand and defend against threats on the endpoint. It also provides important device inventory context to help triage detected threats.

Microsoft Defender for Office 365: In Cisco XDR, we enable Defender for Office 365 users to leverage email intelligence and detections while performing incident investigations and threat hunting.

NetApp

NetApp-Volume-Snapshot: The workflow performs a volume snapshot operation on all volumes in a NetApp ONTAP system, excluding those specified in the Skip Volumes input variable. It can be triggered by Cisco XDR for automated response actions or playbooks to protect volume data during a threat response.

Enabling this integration in Cisco XDR will make the PagerDuty REST and Events APIs available as targets for automation workflows. Workflows can be used to do things like send a page through PagerDuty when Cisco XDR incidents are generated.

Palo Alto Networks

Palo Alto Panorama — Add IP, Domain, or URL to Group or Category: This Cisco XDR workflow appears in the pivot menu and allows you to add a URL, IP or domain name to a group or category in Palo Alto Panorama.

Pure Storage

Pure Storage Volume Snapshot: This Cisco XDR workflow performs a volume snapshot operation on the set of volumes configured on the Flash Array (On-Premises Target) using the names provided as an input variable.

Pure Storage Protection Group Snapshot: This workflow performs a Protection Group snapshot operation on the set of protection group volumes configured on the Flash Array (On-Premises Target) using the names provided as an input variable.

Pure Storage Delete User: This workflow performs a user deletion on the Flash Array (On-Premises Target) using the names provided as an input variable.

Red Sift

Red Sift Pulse provides IP, hostname, and domain-based threat intelligence to Cisco XDR users to aid swift identification and remediation of phishing and impersonation attacks. By leveraging Red Sift OnDMARC’s email security capabilities, Red Sift Pulse gives security teams complete visibility into and control over what’s happening across their email-sending infrastructure.

Sentinel One

Two new Cisco XDR automation workflows were added for SentinelOne integration.

Add Hash to Blocklist: This workflow appears in the pivot menu and allows you to add a file hash to a blocklist in SentinelOne.

Remove Hash from Blocklist: This workflow appears in the pivot menu and allows you to remove a file hash to a blocklist in SentinelOne.

ServiceNow

Enabling this integration in Cisco XDR will make the ServiceNow API available as a target for Automation workflows. This target can be used to perform tasks such as creating incidents, creating change tickets and more.

Slack

Slack brings team communication and collaboration into one place so you can get more work done, whether you belong to a large enterprise or a small business. This integration allows Cisco XDR users to leverage Slack as a team collaboration and communication tool in Automation workflows, including incident notification and response.

xMatters

The xMatters service reliability platform helps DevOps, SREs and Ops teams automate workflows, ensure infrastructure availability and deliver products at scale. The integration with Cisco XDR makes the xMatters API available as a target for automation workflows.

New Cisco Cloud Protection Suite integrations

These integrations help customers using Cisco’s Cloud Protection Suite establish a stronger security posture.

CrowdStrike

Cisco Umbrella Data Connector: Seamlessly ingest Cisco Umbrella Security Service Edge (SSE) data into the CrowdStrike Falcon® platform to gain comprehensive cross-domain visibility of threats throughout your attack surface.

IBM QRadar

Cisco Secure Workload now has a Device Support Module (DSM) for IBM QRadar. The DSM module parses received events from Secure Workload and converts them to a standard taxonomy format that can be displayed in IBM QRadar.

Sevco Security

By integrating with Cisco Umbrella and correlating the data there with other tools, Sevco provides comprehensive asset inventory which can uncover previously unknown vulnerabilities in your environment like missing security controls, misconfigured agents, out-of-date software and more.

New Cisco User Protection Suite integrations

These integrations help customers using Cisco’s User Protection Suite establish a stronger security posture.

Google

Google Chrome Device Trust Connector: The Duo + Chrome Device Trust Connector helps organizations easily enforce device posture at the time of authentication and simplifies endpoint trust access policy management through a simple, agentless configuration for MacOS, Windows and ChromeOS.

Google Chronicle updated its integration with Cisco ISE. This new integration with ISE extends the existing one with Chronicle SIEM.

Microsoft

Microsoft Entra ID External Authentication Methods (EAM): Duo was one of the first partners to build an integration with Microsoft’s new framework for integrating with third-party authentication providers, External Authentication Methods. With EAM, Duo is a fully integrated MFA and advanced identity secure identity provider within Entra ID. Duo is supported across all Microsoft workflows including Microsoft Partner Center.

Duo SSO integrations

Organizations can easily protect access to their applications with Duo SSO and enjoy all the benefits of our continuous identity solution. Duo SSO is simple to set up and deploy, making it easy for end users to access the applications they need, without the hassle of remembering passwords. Additionally, Duo SSO combines Duo’s authentication capabilities, such as MFA and Passwordless, with powerful security insights into identity and device risk. This provides organizations with a robust tool to safeguard their users, data, and applications.

Our Duo SSO team has been actively building integrations with the top applications that organizations use. Here is a list of the some of the FY24 new Duo SSO integrations:

  • Amazon (14 product integrations)
  • Absolute
  • Auth0
  • Auvik
  • Barracuda
  • Bitwarden
  • Citrix Workspace
  • Datto
  • Delinea
  • Elastic
  • Fortinet
  • GitLab
  • Google Apigee X
  • Google Workspaces
  • HackerOne
  • Hubspot
  • Huntress
  • Island
  • KnowBe4
  • ManageEngine (18 product integrations)
  • NetScaler
  • NinjaOne
  • Okta
  • Ping Identity
  • SentinelOne
  • Traceless
  • Tenable
  • Zoho (2 product integrations)

New Cisco Secure Firewall integrations

These integrations help customers using Cisco Secure Firewall establish a stronger security posture.

Blumira

By collecting logs from Cisco Secure Firewall, Blumira’s Automated Cloud SIEM makes advanced detection and response easy and effective for small and medium-sized businesses, accelerating ransomware and breach prevention.

CrowdStrike

CrowdStrike Falcon Insight XDR ingests cross-domain telemetry from Cisco Secure Firewall ASA to enable unified and threat-centric detection across an organization’s infrastructure.

Titania

Titania Nipper Enterprise accurately assesses the security and compliance status of Cisco Secure Firewall and Secure Firewall ASA regularly to make sure all configurations are up to date and compliance goals are met and maintained.

Tufin

Tufin now supports Cisco Cloud Delivered FMC for Tufin Orchestration Suite, which is a centralized security management layer allowing organizations to define and implement a comprehensive security policy and rapidly automate network changes while remaining compliant to that policy.

Acknowledgements: Thank you to my amazing teammates. Their collaboration with our technology partners has been instrumental in expanding our ecosystem — Jessica Oppenheimer, Ryan Maclennan, Dinkar Sharma, Correine Wiechec, Ginger Leishman, Jenn Kwok, Ben Greenbaum and Apostolos Kouloukourgiotis.


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels

Instagram
Facebook
Twitter
LinkedIn

Share:


Related Articles

Latest Articles