I recently attended the informative Cisco presentation at Data#3’s JuiceIT digital, entitled: Telemetry Architecture – The Future of Security Analytics. TK Keanini, CTO of the Security Business Group at Cisco, spoke about the “The big picture” where he said, “Telemetry feeds analytics and analytics delivers outcomes.”
This really resonated with me, as telemetry is one of the key, if not the key ingredient when it comes to gaining visibility in your environment so you can protect against cyberthreats and orchestrate your response.
Today, it is not uncommon for multiple solutions (or telemetry consumers) to require the same information. This can lead to complex configuration on a telemetry provider to accommodate this and in many cases, it is not possible at all. With trends such as remote working and digital transformation now a reality, it’s become imperative that security technologies and teams do not work in a silo. Not only do security solutions have to work with one another to adequately defend today’s networks, but they must also work with other technologies. In the IT and networking realms, integration fosters the automation and collaboration levels necessary to effectively and efficiently defend against ever-changing threats.
We know that threats can slip through gaps in coverage and that they can get lost amidst siloed telemetry, give conflicting alerts and that security teams simply don’t have enough resources to deal with them, even when they’re identified. This is an industry problem of not enough eyes on the screen and complex remediation processes.
The answer is security through insights – and what better way to get insights than through your own telemetry data. This is where Cisco Telemetry Broker comes into play. The Cisco Telemetry Broker provides you with the ability to not only broker your telemetry, but also filter and transform, allowing you to gain control over what telemetry is sent and how. These very insights can then be used to practically secure your environment by utilising tools such as Cisco SecureX.
That is a great question. Cisco SecureX is a cloud-native tool that connects to the entire Cisco Secure Platform. A direct feed from the Cisco Telemetry Broker into Cisco SecureX enables visibility into your environment and allows you to react proactively to cyberthreats.
By connecting all of the solutions in your Cisco security portfolio and many additional security, IT, and networking technologies from both Cisco and third parties, Cisco SecureX substantially decrease the manual steps necessary for detecting, investigating and remediating attacks. The goal is to simplify security via a single console that streamlines operations and conserves resources. This enables traditionally separate solutions and teams working together for a more robust defence against ever-increasing cyberthreats.
When we break this down to ensure we meet this goal, we look at visibility with context first. Cisco SecureX provides unified visibility with a customisable dashboard that allows you to maintain context around security incidents. This is important if we access our organisations’ readiness to respond to threats. That brings us to our second goal – accelerated threat investigations and incident management through aggregating and correlating global telemetry and local context all into a single view.
These goals allow you to orchestrate your responses and enable your teams to automate routine tasks using prebuilt workflows that align with everyday use cases or to build your own workflows with the no-to-low code, drag-and-drop canvas within Cisco SecureX.
There is a ton of functionality that Cisco SecureX can provide your organisation. In fact, too much to cover in one blog. However, let’s break down the key capability takeaways of Cisco SecureX:
One of the areas that we focus on in our Security Practice at Data#3 is helping our customers to gain the visibility required to derive actionable intelligence that can be used to proactively secure their environment. I have seen how Cisco Telemetry Broker and Cisco SecureX can achieve this for our customers and we want to make sure you do to.
We will work with you to activate up to three Cisco security solutions on the Cisco SecureX platform. This includes a workshop, technical discovery session and the activations.