Security is an interconnected system, not a bunch of disparate boxes. Like a school of fish, security should operate collaboratively to accomplish a goal. Not just for the sake of “integration”, but because the very nature of securing networks, applications and data require it. There is no security “god box” that can do everything. It would be great if there was, because security would be simpler and we would all be more secure. But until such time that nirvana is achieved (likely never… security is distributed just like networks and compute are), the best approach is creating open platforms that can collaborate with each other to solve security problems more effectively and more efficiently. That is the approach we take at Cisco.
It took Cisco awhile to get here. We now have the Cisco Security Technical Alliances (CSTA) program, which is a program with nearly 100 partners with certified platform-to-platform integrations… not just company logos on a slide. But that wasn’t always the case. In our early years we had trouble spelling “API” much less opening up our platforms with them. But for the last 3 years we have been on quite a tear opening up our security platforms with APIs and advanced data sharing frameworks, as well as driving security data exchange standards on multiple fronts. Just a couple weeks ago we announced 10 new pxGrid integration partners taking that part of our security ecosystem to 40+ partners in less than 2 years. Networks and data are safer when security vendors integrate with each other.
To help create better security through these integrations, today we are announcing several extensions and expansions to the CSTA partner program. Here’s a snapshot of what’s new:
Two New Security Ecosystems – Cisco AMP and Incident Response
Cisco Advanced Malware Prevention (AMP) is the platform for threat intelligence, advanced sandboxing, and real-time malware blocking on endpoints and integrated in the Cisco network. In addition to its multi-dimensional malware visibility, AMP now exposes an AMP Endpoint API that allows direct access to threat data and events in the AMP cloud instead of solely via the AMP management console. This enables greater flexibility in how the data is used, visualized and analyzed. Two of our SIEM technology partners, AccelOps and Splunk are leading the market with support of the AMP Endpoint API. This provides our joint customers turnkey integration they can use today.
The new Incident Response and Breach Recovery Partner Program is a different sort of program for CSTA. It focuses on systems integration partners with specialized services expertise with Cisco security products. In this new services ecosystem, systems integration partners BAE Systems, Dimension Data and Optiv provide specialized incident response and breach discovery services to help customers triage, contain and clean up after a breach. These partners are experts who are trained in use of tools, such as Cisco AMP and Threat Grid, to provide these specialized discovery and response services at a moment’s notice.
Learn more about the Security Incident Response and Breach Recovery ecosystem
Firepower Management Center Ecosystem Enhancements
In Firepower Management Center (FMC) v6.1, Cisco introduced a “write” function in addition to the existing “read” capability on our Firepower REST API. This enables management of Firepower firewall policy from 3rd party management tools, thereby simplifying creation of consistent policies across a deployment… even when there are multiple firewall vendors in the environment. Leaders in this space—AlgoSec, FireMon, KPN, and Tufin—are adopting these new API capabilities and can be used as common firewall policy management platforms with Cisco Firepower. Availability varies by partner, but all will be available by year end.
IBM QRadar is adding Firepower eStreamer API support for FMC 6.x and will be first to market among SIEMs supporting the latest Firepower releases. eStreamer provides highly-enriched event data (far better than syslog) for Firepower firewall, IPS and AMP network events. With this support, to be released this summer, IBM QRadar provides the greatest visibility and event management to Cisco’s Firepower customers. Accelops now also supports eStreamer in addition to their integration with the AMP cloud noted above.
Cisco has also updated its integration with Tenable Nessus, allowing Tenable endpoint vulnerability data to populate the FMC event tables. This enables association of IPS, AMP and firewall events in FMC with vulnerability event data from Tenable. This provides a more complete view of the significance of events in FMC. In a similar vein, packet capture partner Viavi can perform advanced forensics on firewall and IPS events through their new integration with FMC.
Also worth noting, our Cisco eStreamer partners can now connect to a dedicated, live version 6.0.x Firepower Management Center. This test platform makes it easy for partners to test and certify their existing eStreamer clients against Cisco’s latest Firepower version as well as develop new clients. The deployment runs 24×7 and generates live events across the API’s entire schema.
Learn more about Cisco Firepower technology partner integrations
Infoblox Sharing DDI Data with pxGrid Partners
Cisco and Infoblox already have an excellent pxGrid integration in production. But a key function of the pxGrid security data exchange framework is the ability for any pxGrid adopter to share their data or service capabilities with any other partner in the pxGrid ecosystem. Infoblox is blazing the trail as the first pxGrid partner utilizing this new function since it shipped earlier this year. Using Infoblox DDI data published to the grid, other pxGrid partners can subscribe to this data to get real-time DHCP and IP address lease information. This provides very accurate and granular endpoint and device data that is universally applicable to a number of security and networking integration use-cases.
Learn more about Cisco pxGrid and pxGrid technology partner integrations
5thColumn – A Model Integration Partner
5thColumn is a managed security service provider specializing in orchestration of threat monitoring and incident response for global enterprises. They utilize many Cisco security platforms in providing their service, but what makes them interesting is the customization they have done on top of these platforms. Utilizing Firepower APIs, eStreamer, pxGrid and other Cisco security integration points, 5thColumn has integrated Cisco security with 5thColumn’s own StackBOSS™ software to create a truly differentiated and high value managed security orchestration service for their customers. They illustrate how a Cisco security tech partner can move the ball forward in security through multi-product integration.
New AMP Threat Grid Malware Analytics and Threat Feed Partners
The Cisco AMP Threat Grid integration ecosystem continues to expand, adding 14 new partners across a breadth of security technologies. These new partners— Anomali, BluVector, BrightPoint Security (now ServiceNow), Centripetal Networks, Cybersponse, EclecticIQ, Fox-IT, IID (now Infoblox), NTT Security, Phantom, Swimlane, ThreatConnect, ThreatQuotient and TrapX—are leveraging AMP Threat Grid for file analysis to detect malware, threat intelligence queries, and premium threat feeds curated hourly and daily from the malware analysis results.
Cisco welcomes all these new and expanding technology partner integrations. All integrations noted above are available now or within the next 90 days, unless otherwise noted.
Whether you are a customer deploying security platforms, a vendor partner or start-up integrating security platforms, or a services integration partner building unique security service offerings there is goodness to be had by an open integration environment. For integrations to Cisco Security, you can start your path on the Cisco DevNet Security Developer Center and see what fits for you.