The spend-time-to-save-time  dilemma 

We’ ve all noticed that  “ it takes cash to make money, ”   and similarly  that  “ it takes time to save period. ”   David Pogue, a former  New York  Times tech columnist, once  wrote  that  “ not every of us have that type of time. ”   Pogue  was aware that he was  at the  far  finish of the  “ spend some time to save time”   range,   and  that  right now there simply  weren’ t  sufficient hours in  his  day  to learn how to exploit all  his  time-saving devices.    

Check out   his now  fifteen-year-old examples – many  of which  still keep true today. So  how  would  the ordinary person  manage?   Pogue  faulted not really his readers,   however the software companies  for  marketing  time-saving features that are not  simply  realized. Fast forwards to today’ s protection technology,   and the exact same dilemma exists for common security leaders and professionals:  

	I’ ll save period if I can  easily simplify threat response   with aggregated intelligence, automatic enrichment, interactive visualizations, event tracking, and direct remediation.
	I’ ll conserve time if I can  enable automation   for my workflows, which includes threat response playbooks, modifying access policies, receiving authorization from collaborators, or even provisioning security controls.
	I’ ll conserve time if I can unify visibility across my protection environment in one place instead of pivoting to multiple games consoles.

Why aren’ t APIs enough?    

To gain these time-saving security experiences, you need to incorporate your security together. Many security vendors market just how their products’ open APIs enable integration with any kind of third  party to save period. While it’ s certainly true, APIs fall into this particular “ spend time to save time” quandary.   Even before a person write,   host,   install, and maintain your incorporation, learning multiple  products’   APIs is a complex, time-consuming experience. Based on your level of experience, your time commitment will vary.    

One method of overcome this dilemma is not really new – shift time burden from customers in order to vendors. The vendors’   developers learn the APIs in addition to write, host, install,   and maintain the scripts plus infrastructure that  are  necessary for integration.   Cisco  has  done this  for years,   building 300+  solution-level integrations  across the Cisco Security portfolio  with 170+ partners.   Yet,   too many options still lead to an unsustainable level of complexity.  

Why are two-product integrations  not  enough?  

All  technology across your  security facilities must work as one group to:   (1)  enhance the maturity of your security plan,   (2)  know the  impact  of  attacks throughout your environment, and  (3)  measure the effectiveness of protection controls.   The reality is that  implementing  integrations  two items at  a  time  outcomes in  10  or more  fragmented  solutions  arguing more than who knows the answer best.   Cisco recognized that a brand new approach was needed.    

Cisco SecureX  combines security to save you time 

In February, we announced  Cisco  SecureX   as the  industry’ s  broadest, most integrated  security  platform. Bold promises in an industry rife along with incompatibility and hyperbole.   Cisco  is  committed to getting open with your security facilities, including third parties.   So ,   in addition to  the  solution-level integrations  we’ ve  already  made  accessible;   new,   wide,   platform-level integrations have  also  been and keep on being developed.   Cisco will be not  just saving safety practitioners  time,   but  also  eliminating the difficulty that security leaders encounter.   So , let’ h discuss a few details just before SecureX becomes  commercially  accessible this June.  

Our platform-level integrations fall into three buckets:

	Built-in integrations are developed by Cisco  together with select technology partners  for customers to instantly set up. Some examples are  Google  VirusTotal  for threat response  or even ServiceNow for automation.
	Pre-packaged integrations are produced by Cisco or technology companions for customers to use ready-made scripts that they install into impair infrastructure,   which  they will maintain. The time spent will be radically minimized,   while you don’ t need to learn any kind of APIs or write any kind of code. Some examples are  Qualys IOC  or Microsoft Chart Security  for threat reaction.
	Custom integrations can be created by customers using Cisco and technology partners’ open APIs. The time used on integration is reduced by utilizing our resources on DevNet   in order to quickly get started.

Some  use cases we’ ve  heard  from our technologies partners and community consist of:  

• As an cleverness producer or consumer , I would like to publish or consume my actionable threat articles. The intelligence can be through Cisco, a third party, or open up source.    
• As a visibility or security device vendor , I would really prefer to provide context for exactly why an observable (e. gary the gadget guy., IP, domain, file) can be malicious or add sightings of an observable. The device could be from Cisco or a 3rd party.  
• As an functional tool provider , I would really prefer to query verdicts or even targets for an observable or even import only high-fidelity notifications as incidents. Cisco SecureX or a third-party platform could be performing the operations.

These types of use cases are mainly threat response focused, that was Cisco’ s first system feature released  more than a  year ago.  

Cisco  SecureX  simplifies  threat response 

These days,   our threat reaction feature  includes  built-in integrations across the Cisco Security profile.   Just as important,   this includes  pre-packaged integrations with  21  other  vendor  products  – a few are actually built  in.   Take a look at this  new  cisco. com  page   that  lists  the  integrations and companions.    

Simply by June,   we’ re  speeding up  detection, analysis,   and remediation throughout your environment with  many  more  pre-packaged integrations. After  the platform’ s industrial release, not only will  the  number  of built-in or even pre-packaged integrations  continue boosting, but we’ re focusing on making  those  pre-packaged  integrations  even simpler by  shifting  more  of the steps  through customers to Cisco.    

Some  tasks  we hear from SecOps  teams  working with these integrations include:

• As an event responder, I would like to know exactly what malware is associated with a good observable (e. g., IP, domain, file, email, consumer, device).
• As a threat hunter, I would really prefer to add observables on an actor or actress even if they’ re not really malicious.
• As being a security operator, I would like to behave on the sources (e. gary the gadget guy., domain, sender) or goals (e. g., devices, users) of attacks and whitelist my internal observables (e. g., IP, file).

Cisco SecureX enables automation 

The particular new  orchestration  feature easily simplifies these SecOps  tasks  so that as well  broader SecOps,   ITOps  and NetOps make use of cases. This feature depends on  built-in and custom made workflows leveraging built-in integrations.   A workflow is really a series of activities, such as you will probably find in  an incident response  playbook.   It can be started by a  trigger, a good API call, a different work flow, or manual input.   A trigger  can be centered on  monitoring external activities across the customer’ s safety environment (e. g.,   data exfiltration  alert) or even system conditions (e. gary the gadget guy.,   scheduled time).   And  event context can  even  change how a work flow is executed.

• Built-in workflows will include phishing investigation, risk or indicator hunting, occurrence enrichment, response orchestration, plus remediation approval for quick configuration.
• Custom workflows support drag-drop, auto-save editing  with  no or extremely little  code  required  making use of built-in integrations  to significantly minimize the time spent.

The pre-installed integrations for the automation function include:

• Security facilities covering Cisco and non-Cisco products (e. g., Splunk).
• Other facilities supporting security for example IT systems (e. gary the gadget guy., ServiceNow, Webex Teams), multi-cloud (e. g., AWS), plus networking (e. g., VMware).  

The full list  of  orchestration  integrations will be published within June. And as a cloud-native platform,   Cisco  SecureX  releases  will frequently add  workflows and interoperability with your current investments  to  save you period.    

Cisco  SecureX  unifies visibility 

The visibility function saves you time  by demonstrating what you need to know  in one location,   and following  you  around  to maintain contextual awareness  — whether that’ ersus a dashboard of RETURN ON INVESTMENT metrics and operational procedures, a feed of  brand new activity (e. g.,   workflow initiated, new occurrence,   new threat research),   or  aggregated  sights for  an  incident.    

In 06, built-in integrations will be offered with the Cisco Security profile.   In some cases, this  presence can include metrics, measures  or even insights from the 170 companions across the  Cisco Security Technical Alliance , however it depends  on the  solution-level integration. And in the future, we all anticipate  enabling  direct third-party  integrations  for  this presence feature.  

The stitch in time saves nine 

Don’ t delay within signing up for our  SecureX waitlist   and studying how Cisco can currently integrate with your existing protection investments  to save you period without you spending time.   Or if this is your  first time  hearing about  Cisco  SecureX,   click here for more info.