Category Archives: Cisco Threat Response

Top Security and Risk Management Trends Unveiled at Gartner Security and Risk Management Summit 2019

Standing at the shores of the Potomac, The Gaylord National Resort and Convention Center National Harbor is gearing up to host the 2019 Gartner Security and Risk Management Summit June 17-20. On in its 24th year, this event is the premier gathering of security, risk management and business continuity management leaders.

In the Digital Age, IT security is everyone’s business and Cisco is looking forward to continuing our tradition of being a Premier sponsor and sharing the latest innovations to improve your security posture and mitigate risk.

Whether you are a CISO looking to network with peers and improve your leadership skills or a security professional looking for practical advice – Cisco has a you covered.



Private Meetings

Want to talk strategy? Cisco executives and subject matter experts will be available for private meetings. Please get in  contact to schedule a meeting.

 Discount Code

Use priority code SECSP25 and receive $350 off your conference registration.

Cisco Booth 409

Will feature giveaways and demos including:


  • Endpoint Security
  • Advanced Malware Protection (AMP) and Cisco Threat Response
  • Secure Internet Gateway and SD-WAN
  • Cisco Umbrella, Cisco Cloudlock and Cisco Web Security Appliance (WSA)
  • Zero Trust
  • Duo Security, Now Part of Cisco
  • Network and Cloud Security Analytics
  • Stealthwatch
  • NGFW and NGIPS
  • Firepower and Cisco Defense Orchestrator
  • Workload Protection
  • Application and Workload Security


Networking Welcome Reception

Monday, June 17, 2019 | 5:45 p.m. – 7:30 p.m.

Location: Exhibit Showcase

Join us in the Exhibit Showcase for a special circus-themed reception where you can engage with your peers, Gartner Analysts, and exhibitors while enjoying delicious food and beverages, fun games, raffle drawings, and lively entertainment. Also, don’t miss a chance to get a sneak peak at the motorcycle we’ll be raffling off on Wednesday.

Hospitality Suite: Cisco Hog Wild

Wednesday, 5:45 p.m., National Harbor 5

All attendees are invited to cruise over for a night of blues, beer, BBQ, and a chance to win a 2019 Harley-Davidson Softtail Street Bob motorcycle!

Cisco Sessions

SPS13: The Tectonic Shift in Security

By: Gee Rittenhouse, Jeff Reed

Monday, June 17, 2019, 3:15–4 p.m. | Potomac C

Securing today’s modern work environment is increasingly complicated. As technology shifted to lean into the digital business transformation, a new architecture built for a multicloud environment was required. Cisco will discuss the multi-domain architecture needed to securely connect every user, on every device, on every network, to every application.


TH5: Threat Research – Fighting the Good Fight

By: Joel Esler

Monday, June 17, 2019, 1:15–1:40 p.m. | Theater 1, Exhibit Showcase, Prince George’s Hall D

Exploitable vulnerabilities exist. It’s a fact of life in the modern work environment. Attackers are achieving greater ROI with every attack. The counterpunch is threat intelligence. Cisco will discuss the future of threat, the evolving threat landscape and the inescapable need for automated threat intelligence as part of your security architecture.


ETSS3: Building Zero Trust Security Solutions

By: Wendy Nather, Ash Devata

Monday, June 17, 2019, 11:30 a.m.-12 p.m. | Chesapeake 3

Call it “zero trust” or “an initial step on the road to CARTA” – we know the classic design patterns of security have to change. In this session, we’ll talk about different ways to build on the fundamentals of “zero trust,” working together with partners in stages to create better and more usable security.


ETSS15: Future of the Firewall

By: Bret Hartman, Houda Soubra

Tuesday, June 18, 2019, 10:45–11:15 a.m. | Chesapeake 5

The digital transformation underway in many organizations poses an increasing challenge to security operations. Secure your hybrid environments of edge, end point and cloud with a single orchestrator solution to: Streamline policy design and enforcement; automate administrative tasks; improve accuracy; and reduce deployment time.


ETSS17: Designing Security for the Future of Your Network

By: Meg Diaz

Tuesday, June 18, 2019, 3:30–4 p.m. | Chesapeake 2

With the explosion of cloud apps, the move to highly distributed environments (SD-WAN, anyone?), and an increase in mobile workers, the threat landscape isn’t standing still. Learn more about what your peers are experiencing, a new approach to secure roaming users/branch locations, and how Cisco is evolving security to address these challenges in innovative ways.


ETSS23: Workload Security and Visibility

By: Vaishali Ghiya

Wednesday, June 19, 2019, 10:45–11:15 a.m. | Chesapeake 3

Technologies like virtualization, SDN are rapidly rolling out new applications and services. Modern applications no longer reside just within a company’s physical data center but also deploy across a multicloud environment. Learn how to 1) protect workloads 2) deliver a zero-trust security approach with deep visibility and multi-layered segmentation.

View the full agenda here. Don’t forget to download the conference app so that you don’t miss a beat!


Follow us and join the conversation on TwitterFacebookLinkedIn.

See you there!

The post Top Security and Risk Management Trends Unveiled at Gartner Security and Risk Management Summit 2019 appeared first on Cisco Blog.

3 things you need to know about Cisco Threat Response at CLUS

Overwhelmed by the sheer volume of security alerts and potential threats hitting your SOC? Security risks have never been greater, with networks expanding into the cloud, the explosion of mobile and IoT devices, and increasingly sophisticated threats. On top of that, disparate security tools make it tougher to find and remediate threats, especially when you’re under attack and time matters most.

So how can you stay ahead of threats? Enter Cisco Threat Response, a tool that was created to help SOC analysts simplify and speed threat detection, investigation, and remediation from a single interface.

This week at Cisco Live, we’re excited to share continued innovations from Threat Response designed to make your life even easier.

1. Introducing our integration with Cisco Firepower NGFW

You may know that Threat Response is already integrated across multiple Cisco Security products – AMP for Endpoints, Threat Grid, Umbrella, and Email Security. In the coming weeks, you will be able to analyze and triage high priority IPS alerts in Threat Response and enrich these IPS events alongside data from other integrated products. This means  streamlined threat investigations with a fuller picture of the impact across your network, all from a single console.

Join us at Cisco Live to get a preview of this exciting integration. You can see a live NGFW demo at the Cisco Security booth in the World of Solutions. In the meantime, check out this new episode of ThreatWise TV that showcases how Firepower events are integrated into Threat Response.

2. Learn how to enhance your existing SIEM and SOAR tools with open APIs

Threat Response isn’t trying to replace the SIEM or SOAR you’ve already got; rather you can leverage our open APIs for 3rd-party integrations to complement your existing security stack. Script up your own integrations to automate data enrichment and response actions across multiple security products, all in a single interface for a seamless workflow.

At Cisco Live, get your learn on and get hands-on in the DevNet Zone:

  • DEVNET-2505– Automate your threat hunting workflow with Cisco Threat Response APIs – Presented by Christopher Van Der Made.
  • DEVWKS-2639– Security Research and Response Workflows with APIs – Workshop with Neil Patel.

3. Use our browser plug-ins to access threat intel and kick off investigations now

Still haven’t leveraged our APIs or you’re using non-Cisco security products?  Don’t worry, you can still use Cisco Threat Response thanks to our browser plug-ins for Chrome and Firefox. In seconds, you’ll be able to pull threat intelligence to get verdicts on observables and start investigations.

You can see the Threat Response browser plug-in in action in demos and breakout sessions at Cisco Live. We’ll show you how you can pull threat data from sources like Talos  and take actions without native integrations.

  • Demos across the Cisco Security booth in World of Solutions, such as Stealthwatch Cloud.
  • BRKSEC-2433– Threat hunting and incident response with Cisco Threat Response – Breakout session with Ben Greenbaum.

Additionally, you can check out Threat Response elsewhere on the ground in San Diego:

More integrated demos at the Cisco Security booth in World of Solutions

  • AMP for Endpoints
  • Email Security
  • Umbrella theater sessions: Umbrella Investigate, Umbrella and AMP for Endpoints

Hands-on Labs

  • LABSEC-1012– Threat intelligence, security investigation, incident response with Cisco Threat Response – Sunil Kumar and Vivek Singh
  • LTRSEC-2200– You Got Hacked! Here is What to Do (AMP4E, TG, Splunk, CTR, CTA)
  • – Karel Simek, Michal Svoboda, Ben Greenbaum


  • CCP-1302– Roadmap: Endpoint Security – Cisco Customer Connection Program session with Snehal Patel (CCP membership required – it’s free to join, sign up here)

Come see why there’s so much buzz around Threat Response at Cisco Live this week. Holler at me on Twitter @jolenetam if you’ll be around! Until then, learn more at


The post 3 things you need to know about Cisco Threat Response at CLUS appeared first on Cisco Blog.

Incident response: Putting all the R’s in IR

It is well established that the ‘R’ in IR stands for “Response.” But given the challenges facing incident response teams today, IR could just as well stand for “It’s Rough.” The landscape is challenging, tools are multiplying, and the talent shortage seems insurmountable.

First of all, according to Cisco’s recent CISO Benchmark Study, 79 percent of security leaders are finding it challenging to orchestrate threat response in a multi-vendor environment. There has also been a drop from Cisco’s 2018 survey in the number of legitimate security alerts organizations are remediating – down from roughly 50 percent last year to just under 43 percent this year. All this means that incident response is not getting any easier: only 35 percent of security professionals find it easy to determine the scope of a compromise, contain it, and remediate it.

Attackers continue to innovate and come up with new attack types at a record pace. They’re so brazen that they even use Facebook and other social networks to share tools and sell stolen, personal information. Meanwhile, security teams struggle to keep up with this innovation, acquiring new technology to deal with every emerging threat.

IT infrastructure is too complicated, and resources are too scarce, to manage all of these tools and derive the intended benefits from them. Especially since, often times, security products don’t talk to one another – requiring the manual analysis and comparison of seemingly infinite alerts and logs to try to make sense of what’s going on.

But there is some good news in all of this. According to a Cybersecurity Almanac published by Cisco and Cybersecurity Ventures, Fortune 500 and Global 2000 CISOs are expected to reduce the number of point security products they are using by 15-18 percent this year. Additionally, our CISO Benchmark Study tells us that more security teams are using time to remediate as a success metric for their operations (48 percent compared to just 30 percent last year). Remediation is difficult, demonstrating that security teams are setting the bar very high for themselves.

This hopefully shows that organizations are allowing CISOs to think more strategically about security – and that the C-suite in general is perhaps realizing that it’s about more than just buying a bunch of products and hoping they work.

Three more R’s: readiness, recon, and remediation

In actuality, there’s more to the ‘R’ in IR than just ‘response.’ To effectively respond to attacks, organizations not only have to react when they occur, but also:

  1. Be prepared for them in the first place. (Readiness.)
  2. Have an efficient way of obtaining visibility into any threats that make their way in. (Recon.)
  3. Mitigate attacks as quickly as possible. (Remediation.)

How do you master all these R’s? First of all, if your environment is made up of dozens of security technologies each performing siloed tasks and not sharing intelligence, you can’t really succeed. You will never have enough time, resources, and patience to piece all of this disparate information together and identify attacks before they rip through your environment.

At Cisco, we are constantly trying to figure out how to make security better to more effectively protect today’s businesses. Above all else – beyond all the latest features and capabilities – we focus on integrated security above everything. We don’t want our products to protect against just one type of attack, or secure just one area of the network. We want to cover you from edge to endpoint – and we want our products to work together to lessen the burden on you and your team.

Here are some of the newer ways we are helping to fortify organizations’ incident response plans, and putting all the R’s in IR.

Cisco Stealthwatch – A whole lot of readiness  

Talk about being prepared. Cisco Stealthwatch has recently become the first and only security analytics platform to provide comprehensive visibility and threat detection across today’s modern infrastructure – including private, hybrid, and public multi-cloud environments. It automatically aggregates and analyzes security information across the entire enterprise to deliver a clear, understandable look at what’s going on 24/7. Stealthwatch prioritizes the most critical issues for the security team, and enables team members to easily drill down into any alerts that require further investigation.

Essentially, Stealthwatch serves as the eyes and ears of the network, using a combination of behavioral modeling and machine learning to pinpoint anomalies that could signify risk. It even detects threats in encrypted traffic without the burden of IT teams having to do decryption. In addition to monitoring on-premises infrastructure and private clouds, Stealthwatch can monitor all public cloud environments including Amazon Web Services, Google Cloud Platform, and Microsoft Azure.

Cisco Threat Response – Advanced recon and remediation

In the one year since we introduced our threat response platform, included for free with several of our security products, Cisco Threat Response (CTR) has become a foundation for fast, efficient incident investigation and response across the entire Cisco security architecture. It brings together threat intelligence from Cisco and third-party technologies, as well as Cisco Talos, via a single, intuitive console.

CTR reduces the need for security teams to shift between different interfaces and manually piece together data. If a threat is uncovered, it can be quickly remediated directly through CTR. The result is dramatically accelerated threat detection, investigation, and response.

This year, we unveiled a new browser plug-in for CTR to further simplify investigations. With the plug-in, if you are on a web site (such as the Talos blog) that includes information and observables on specific attacks, you can easily pull those observables into CTR to determine if the attack is present in your environment. It works with any web page that includes data on Indicators of Compromise (IOCs), allowing security analysts to quickly kick off the threat investigation process.

AMP for Endpoints – Speaking of recon and remediation…  

Some of you may already be familiar with our Advanced Malware Protection (AMP) technology. But do you know that it can be used to proactively hunt for the riskiest one percent of threats in your environment to improve both security posture and operations? AMP for Endpoints provides a holistic view of all end devices on your network, including IoT devices. It continuously monitors and records all files to quickly detect stealthy malware.

AMP provides valuable insight into how malware got in, where it’s been, what it’s doing, and how to stop it. This greatly simplifies investigations and shortens incident triage and mitigation time. Once a threat is uncovered, you can quickly block it within AMP using just a few clicks.

Through integrations with other prominent Cisco security technologies, this investigation and remediation can also be extended to other parts of the network beyond just endpoints. AMP can see a threat in one area of your environment and then automatically block it everywhere else it appears.

Integrated solutions for accelerated response

These are just a few of the ways Cisco is helping to speed and improve incident response. These new features are complemented by our comprehensive, integrated security portfolio, as well as a full array of professional services. In fact, we’ve also recently enhanced our incident response services to increase customer resiliency in the face of evolving attacks.

Putting all the R’s in IR? That’s Imminently Reachable.

Find out how we can help. See our infographic to get started.

The post Incident response: Putting all the R’s in IR appeared first on Cisco Blog.