Зарегистрируйтесь сейчас для лучшей персонализированной цитаты!

Better Security Through Openness and Multi-Vendor Integration

Jun, 28, 2016 Hi-network.com

Cisco Further Expands Technology Partner Ecosystem -New PartnersandNew Tech Integration Areas 

Security is an interconnected system, not a bunch of disparate boxes.  Like a school of fish, security should operate collaboratively to accomplish a goal. Not just for the sake of "integration", but because the very nature of securing networks, applications and data require it.  There is no security "god box" that can do everything.  It would be great if there was, because security would be simpler and we would all be more secure.  But until such time that nirvana is achieved (likely never... security is distributed just like networks and compute are), the best approach is creating open platforms that can collaborate with each other to solve security problems more effectively and more efficiently.  That is the approach we take at Cisco.

It took Cisco awhile to get here.  We now have the Cisco Security Technical Alliances (CSTA) program, which is a program with nearly 100 partners with certified platform-to-platform integrations... not just company logos on a slide.  But that wasn't always the case.  In our early years we had trouble spelling "API" much less opening up our platforms with them.  But for the last 3 years we have been on quite a tear opening up our security platforms with APIs and advanced data sharing frameworks, as well as driving security data exchange standards on multiple fronts.  Just a couple weeks ago we announced 10 new pxGrid integration partners taking that part of our security ecosystem to 40+ partners in less than 2 years.  Networks and data are safer when security vendors integrate with each other.

To help create better security through these integrations, today we are announcing several extensions and expansions to the CSTA partner program.  Here's a snapshot of what's new:

Two New Security Ecosystems -Cisco AMP and Incident Response

Cisco Advanced Malware Prevention (AMP) is the platform for threat intelligence, advanced sandboxing, and real-time malware blocking on endpoints and integrated in the Cisco network.  In addition to its multi-dimensional malware visibility, AMP now exposes an AMP Endpoint API that allows direct access to threat data and events in the AMP cloud instead of solely via the AMP management console.  This enables greater flexibility in how the data is used, visualized and analyzed.  Two of our SIEM technology partners,AccelOpsandSplunkare leading the market with support of the AMP Endpoint API.  This provides our joint customers turnkey integration they can use today.

The new Incident Response and Breach Recovery Partner Program is a different sort of program for CSTA.  It focuses on systems integration partners with specialized services expertise with Cisco security products.  In this new services ecosystem, systems integration partnersBAE Systems, Dimension DataandOptivprovide specialized incident response and breach discovery services to help customers triage, contain and clean up after a breach.  These partners are experts who are trained in use of tools, such as Cisco AMP and Threat Grid, to provide these specialized discovery and response services at a moment's notice.

Learn more about the Security Incident Response and Breach Recovery ecosystem

Firepower Management Center Ecosystem Enhancements

In Firepower Management Center (FMC) v6.1, Cisco introduced a "write" function in addition to the existing "read" capability on our Firepower REST API.  This enables management of Firepower firewall policy from 3rdparty management tools, thereby simplifying creation of consistent policies across a deployment... even when there are multiple firewall vendors in the environment.  Leaders in this space-AlgoSec, FireMon, KPN, and Tufin-are adopting these new API capabilities and can be used as common firewall policy management platforms with Cisco Firepower.   Availability varies by partner, but all will be available by year end.

IBM QRadaris adding Firepower eStreamer API support for FMC 6.x and will be first to market among SIEMs supporting the latest Firepower releases.  eStreamer provides highly-enriched event data (far better than syslog) for Firepower firewall, IPS and AMP network events.  With this support, to be released this summer, IBM QRadar provides the greatest visibility and event management to Cisco's Firepower customers. Accelopsnow also supports eStreamer in addition to their integration with the AMP cloud noted above.

Cisco has also updated its integration withTenable Nessus, allowing Tenable endpoint vulnerability data to populate the FMC event tables.  This enables association of IPS, AMP and firewall events in FMC with vulnerability event data from Tenable.  This provides a more complete view of the significance of events in FMC.  In a similar vein, packet capture partnerViavican perform advanced forensics on firewall and IPS events through their new integration with FMC.

Also worth noting, our Cisco eStreamer partners can now connect to a dedicated, live version 6.0.x Firepower Management Center.  This test platform makes it easy for partners to test and certify their existing eStreamer clients against Cisco's latest Firepower version as well as develop new clients.  The deployment runs 24

tag-icon Горячие метки: pxGrid Cisco Secure Technical Alliance (CSTA)

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.