Earlier this week, Cisco Security released a blog announcing more than 26 new integrations with 3rd party security products. Here at Exabeam, we’re thrilled to have been prominently mentioned several times throughout the announcement for the value our integrations deliver to joint Cisco / Exabeam customers. This exemplifies the commitment we’ve made to working with Cisco Security as a strategic partner.
Exabeam was specifically mentioned for several integrations including:
- Cisco Firepower
- Cisco Umbrella
The joint value prop for these integrations is simple: holistic analysis for advanced threat detection and rapid threat containment. Allow me to explain:
Exabeam is able to ingest data from Cisco Firepower, Cisco Umbrella, and other Cisco Security solutions, then to analyze it alongside data from other 3rd party security products in a customer’s environment. These disparate data sources are mapped back to the responsible users and machines, and then used to build behavioral baselines. In other words, how an environment (the people and machines) normally behaves. Once baselines have been established, Exabeam is able to identify risky, anomalous activity which may be indicative of advanced threats like rogue or compromised insiders, data exfiltration, and lateral movement.
The second part of the value these partnerships provide happens after detection. After all, a security practitioner’s job is not over when they detect a problem; they must now respond to the threat. First off, Exabeam automatically stitches all available events and security alerts together to create a prebuilt incident timeline which enables analysts to perform rapid, investigations of incidents. From there, analysts can use Exabeam’s security orchestration to connect and coordinate incident response using all of the tools in their security arsenal. At the push of a button, analysts can run playbooks that might pull in additional data from reputation tools like Cisco Umbrella, detonate a malicious file in a sandbox like Cisco Threatgrid, or perhaps update a firewall rule in Cisco Firepower. Response playbooks tie these actions together into logical tasks such as performing investigation, containment, or remediation. Ultimately this automates tedious, manual processes, codifies response best practices to ensure consistent outcomes, and amplifies the productivity of SOC analysts.
Want to learn more about Cisco Security’s announcement? Check out their blog post here.