Showing posts with label Secure Cloud Insights (SCI). Show all posts
Showing posts with label Secure Cloud Insights (SCI). Show all posts

Tuesday, 20 December 2022

Cisco Secure Cloud Analytics – What’s New

Nowadays, “cybersecurity” is the buzzword du jour, infiltrating every organization, invited or not. Furthermore, this is the case around the world, where an increasing proportion of all services now have an online presence, prompting businesses to reconsider the security of their systems. This, however, is not news to Cisco, as we anticipated it and were prepared to serve and assist clients worldwide.

Secure Cloud Analytics, part of the Cisco Threat, Detection, and Response (TD&R) portfolio, is an industry-leading tool for tackling core Network Detection and Response (NDR) use cases. These workflows focus primarily on threat detection and how security teams may recognize the most critical issues around hunting and forensic investigations to improve their mean-time-to-respond.

Over the last year, the product team worked tirelessly to strengthen the NDR offering. New telemetry sources, more advanced detections, and observations supplement the context of essential infrastructure aspects as well as usability and interoperability improvements. Additionally, the long-awaited solution Cisco Telemetry Broker is now available, providing a richer SecOps experience across the product.

MITRE ATT&CK framework alerting capabilities


As part of our innovation story on alerting capabilities, Secure Cloud Analytics now features new detections tied to the MITRE ATT&CK framework such as Worm Propagation, Suspicious User Agent, and Azure OAuth Bypass.

Additionally, various new roles and observations were added to the Secure Cloud Analytics to improve and change user alerts, that are foundational pieces of our detections. Alerts now include a direct link to AWS’ assets and their VPC, as well as direct access to Azure Security Groups, enabling further investigation capabilities through simplified workflows. In addition, the Public Cloud Providers are now included in coverage reports that provide a gap analysis to determine which accounts are covered. Alert Details offers new device information, such as host names, subnets, and role metrics that emphasize detection techniques. To better configure alerts, we are adding telemetry to gain contextual reference on their priority. Furthermore, the ingest process has grown more robust due to data from the Talos intelligence feed and ISE.

Cisco Secure Cloud Analytics, Cisco Career, Cisco Skills, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides, Cisco

NDR: A Force Multiplier to Cisco XDR Strategy


The highly anticipated SecureX integration is now available in a single click, with no API credentials required and smooth interaction between the two platforms. Most importantly, Secure Cloud Analytics alerts may now be configured to automatically publish as incidents to the SecureX Incident Manager. The Talos Intelligence Watchlist Hits Alert is on by default due to its prominence among the many alert types.

Cisco Secure Cloud Analytics, Cisco Career, Cisco Skills, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides, Cisco

Among other enhancements to graphs and visualizations, the Encrypted Traffic widget allows for an hourly breakdown of data. Simultaneously, the Device Report contains traffic data for a specific timestamp, which may be downloaded as a CSV. Furthermore, the Event Viewer now displays bi-directional session traffic to provide even more context to Secure Cloud Analytics flows, as well as additional columns to help with telemetry log comprehension: Cloud Account, Cloud Region, Cloud VPC, Sensor and Exporter.

New Sensor Data to Quickly Detect and Hunt Threats


On-premises sensors now provide additional telemetry on the overview page and a dedicated page where users can look further into the telemetry flowing through them in Sensor Health. To optimize the Secure Cloud Analytics deployment and improve the user experience, sensors may now be deleted from the interface.

Cisco Secure Cloud Analytics, Cisco Career, Cisco Skills, Cisco Prep, Cisco Tutorial and Materials, Cisco Guides, Cisco

Regarding telemetry, Cisco Telemetry Broker can now serve as a sensor in Secure Cloud Analytics, so users can identify and respond to threats faster with additional context sent to Secure Cloud Analytics. In addition, there will soon be support for other telemetry types besides IPFIX and NetFlow.

As we can see from the vast number of new additions to Secure Cloud Analytics, the product team has been working hard to understand the latest market trends, listen to the customers’ requests, and build one of the finest SaaS products in the NDR industry segment. The efforts strongly underline how Secure Cloud Analytics can solve some of the most important challenges in the NDR space around visibility, fidelity of alerts and deployment complexity by providing a cloud hosted platform that can offer insights on-premise and on cloud environments simultaneously from the same dashboard.

Source: cisco.com

Tuesday, 1 March 2022

Cyber Asset Attack Surface Management with Cisco Secure Cloud Insights: Beyond CSPM

In today’s digital-first world having enterprise grade information, services, and workloads in the cloud is becoming increasingly important for success. Nonetheless the lack of asset visibility that haunted private networks has not disappeared in the cloud era; it has been transferred, or some may say even aggravated.

Cyber Asset Attack Surface Management, Cisco Secure Cloud Insights, Cisco Exam, Cisco Prep, Cisco Preparation, Cisco Certification, Cisco Career, Cisco Skills, Cisco Jobs

In its Hype Cycle for Security Operations, Gartner has defined Cyber Assets Attack Surface Management (CAASM) as “an emerging technology focused on enabling security teams to solve persistent asset visibility and vulnerability challenges”. This tackles our lack of visibility concerns. However, it extended CAASM’s definition to include “enables organizations to see all assets (both internal and external) through API integrations with existing tools, query against the consolidated data, identify the scope of vulnerabilities and gaps in security controls, and remediate issues.”  This highlights the fact that while there is no lack of data, processing and assessing remains challenging due to silos. This is where Secure Cloud Insights (SCI) steps in.

Secure Cloud Insights (SCI) is a technology that delivers multiple CAASM’s benefits:

◉ Ease of provisioning: Native API integrations make provisioning and deploying SCI a simple task. A wide range of integration types are supported such as cloud providers, vulnerability assessment tools, code repositories, identity sources, endpoint solutions, workflow

◉ Cyber asset visibility and classifications: Numerous pre-defined integrations feeds SCI with diverse assets and asset types and their associated “state” or “configuration” that defer from one integration to the other. The graph database and the classification engine play a big role in grouping assets by their class and type. For example a data store class contains asset types such as an S3 bucket, EFS, google storage bucket, etc.

Mapping asset relationships: SCI maps asset based on their relationships as shown below: A security group ‘Allows’ access to the internet and ‘Protects’ an EC2 instance (Figure 1).

Cyber Asset Attack Surface Management, Cisco Secure Cloud Insights, Cisco Exam, Cisco Prep, Cisco Preparation, Cisco Certification, Cisco Career, Cisco Skills, Cisco Jobs
Figure 1

This Instance ‘Uses’ a specific role (Figure 2)

Cyber Asset Attack Surface Management, Cisco Secure Cloud Insights, Cisco Exam, Cisco Prep, Cisco Preparation, Cisco Certification, Cisco Career, Cisco Skills, Cisco Jobs
Figure 2

This role is ‘Assigned’ a policy that ‘Allows’ full control to an S3 bucket(Figure 3)

Cyber Asset Attack Surface Management, Cisco Secure Cloud Insights, Cisco Exam, Cisco Prep, Cisco Preparation, Cisco Certification, Cisco Career, Cisco Skills, Cisco Jobs
Figure 3

This graph not only reveals the connected asset types with various relationships but also expands to disclosing the risk of having the publicly accessible instance compromised, which leads to the exposure of data in the private S3 bucket to leakage or destruction.

◉ Flexible asset querying: SCI’s simple query language and relationship graph database structure make it easy to query the data to answer questions that are the bread-and-butter of security teams, such as:

    ◉ Which hosts are vulnerable in my environment?
    ◉ Who has not completed the required security training?
    ◉ Are my data stores encrypted at rest?
    ◉ …

◉ Expansive Question Library: The querying language is expanded in SCI with a built-in library of more than 650 security questions that makes it easier to answer challenging enquiries with simple spoken language without having to learn the technicalities of the underlining querying language.

◉ Compliance reporting and configuration drifts detections: SCI supports pre-built security compliance frameworks including SOC2, HIPAA, FedRAMP, CIS benchmarks etc. SCI simplifies configuration drift detection with always-on compliance and gap analysis that does not wait for auditors to knock asking for reports. Moreover, SCI eliminates another layer of time-consuming processes by removing the need to contact system owners for evidence collection by automating it where applicable.

Cyber Asset Attack Surface Management, Cisco Secure Cloud Insights, Cisco Exam, Cisco Prep, Cisco Preparation, Cisco Certification, Cisco Career, Cisco Skills, Cisco Jobs

Secure Cloud Insights ticks all the boxes for a CAASM solution and goes beyond by offering simplicity and flexibility in operation with built-in customizable question library and reporting features that focus on security gaps and compliance drifts.

In fact, every feature is built on top of graph relationship database and the simple querying language that makes any piece of data accessible and visible with a simple modification of the query as per the user needs. SCI emerges from the realm of CAASM and CSPM by turning into a framework that answers security team challenges around visibility, compliance, threat risk, incident impact investigation, threat blast-radius and many others with simple few clicks.

Source: cisco.com