A higher number of security solutions do not automatically guarantee a better level of protection against cyber threats. It’s a truth that organizations are constantly rediscovering, which is statistically confirmed. Although most companies use a minimum of five security products from different vendors, they experience, on average, more than 5,000 security alerts per month, of which only 56% are investigated.

To provide concrete solutions to these challenges, Datanet Systems organized the webinar “Security incidents’ traceability with SecureX“, in which it showed how the Cisco SecureX platform can be used to obtain superior visibility and traceability of security events.

George Ioniță, Datanet IT security consultant, exemplified how security solutions can be integrated, processes automated, and remedial actions orchestrated using the Orchestration and Automation module of the SecureX platform, by presenting three common work scenarios within any company.

 

 

Cisco SecureX integrates heterogeneous solutions

„Cisco SecureX transforms heterogeneous security architectures from conglomerates of ‘individual’ products into integrated systems. The Cloud platform, delivered free of charge by Cisco, integrates not only its own security solutions but also from other vendors, thus allowing the sharing of information and improving the efficiency of response and remedial measures”, explained the Datanet Systems specialist.

Important to know about the SecureX platform:

• Available free of charge with the purchase of a Cisco  security product (Umbrella, Cisco Secure Web, Secure Endpoint, or Cisco Secure Firewall)
• Quick implementation – it can be put into use in just a few minutes
• Reduces the time allocated monthly to security operations by up to 100 hours
• Provides an 85% increase in attack response speed.

With SecureX’s Orchestration and Automation module, companies can fill the “gaps” left by non-integrated security solutions and automate and orchestrate response actions, whether it’s isolating compromised equipment, blocking threats, or remediating them. For this, the platform comes with a series of predefined workflows, and the development of new customized flows does not require advanced programming knowledge. In turn, the orchestration component provides end-to-end coverage, connecting multiple security solutions so that when a security event occurs, the IT team is notified in real-time, and that occurred incident into a resolution flow easy to monitor.

 

Working Scenarios 

The three detailed scenarios addressed the following situations:

• Security incidents management with Secure Endpoint and SecureX. Cisco’s advanced malware protection solution detects when a mobile device is infected and can automatically block the identified malware file as well as the device’s network connection. However, the security event must be reported to the IT department – to be fully investigated and remedied – which requires a well-defined workflow and comprehensive documentation of all phases (identification, isolation, blocking, remediation, etc.), a mandatory requirement for many companies. The Orchestration and Automation module in SecureX allows the creation of a dedicated workflow, which periodically checks the Secure Endpoint and retrieves the “Critical” and “High” security alerts from the anti-malware solution. The created flow collects and stores the contextual data, and sends a notification to a third-party ticketing solution – such as ServiceNow or ALVAO – which in turn opens a “Security Incident” case, which is entered into a resolution flow with a specific SLA.

• Umbrella and SecureX usage to detect, block, and remediate situations when a station inside the company tries to connect to a command and control server. Similar to the previous scenario – Cisco Umbrella automatically detects and blocks the connection, and the workflow created through the Automation and Orchestration module expands the visibility over the stations and sends a message to the ticketing solution, through which the necessary information is delivered to the IT department to remedy the situation.

• Using Cisco Threat Hunting Security Services with SecureX to detect and remediate advanced threats. In the event that a threat is identified by the Cisco specialist team, the customer receives a notification about the existence of an incident displayed in the Secure Endpoint console, which includes information about the threat, its behavior, possible impact, and a clear set of recommendations for investigation and remediation. The workflow created using the Automation and Orchestration module in SecureX periodically checks for Threat Hunting events in Secure Endpoint, and, when one occurs, it sends it to the ticketing solution automatically generating a notification and resolution flow.
  *Threat Hunting services are available in the Premier licence of Cisco Secure Endpoint security solution.

The webinar, including the use-case scenarios and other examples of Automation and Orchestration module usage in Cisco SecureX, can be viewed below:

 

For additional technical information about the SecureX platform, the Cisco security solutions presented above, as well as about the full range of services provided by Datanet, please contact us at sales@datanets.ro.

 

Other useful materials about the SecureX platform prepared by Datanet Systems specialists:

• Security architecture too complex? It’s time to test Cisco SecureX!
• XDR, a catalyst for the efficiency of cyber security solutions 
• Cisco Secure Endpoint & SecureX, advanced protection for workstations and terminal equipment 
• Datanet Systems Guide to Adopting the Cisco XDR Solution

As well as Cisco documentation, available in English:

• Reduce complexity with a built-in platform experience
• Threat Hunting with SecureX 
• The Total Economic Impact Of Cisco SecureX