Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

Similar documents
McAfee epolicy Orchestrator

Sustainable Security Operations

SIEM Solutions from McAfee

The McAfee MOVE Platform and Virtual Desktop Infrastructure

Defend Against the Unknown

McAfee Endpoint Threat Defense and Response Family

Petroleum Refiner Overhauls Security Infrastructure

ATTIVO NETWORKS THREATDEFEND INTEGRATION WITH MCAFEE SOLUTIONS

ForeScout ControlFabric TM Architecture

Sandboxing and the SOC

GDPR: An Opportunity to Transform Your Security Operations

Infoblox as Part of the Ecosystem

Building Resilience in a Digital Enterprise

McAfee Complete Endpoint Threat Protection Advanced threat protection for sophisticated attacks

Total Protection for Compliance: Unified IT Policy Auditing

SIEM: Five Requirements that Solve the Bigger Business Issues

Global Manufacturer MAUSER Realizes Dream of Interconnected, Adaptive Security a Reality

Reducing Operational Costs and Combating Ransomware with McAfee SIEM and Integrated Security

McAfee Advanced Threat Defense

Intelligent, Collaborative Endpoint Security

Securing the Software-Defined Data Center

ATTIVO NETWORKS THREATDEFEND PLATFORM INTEGRATION WITH CISCO SYSTEMS PROTECTS THE NETWORK

McAfee Endpoint Security

McAfee Virtual Network Security Platform

McAfee Embedded Control

McAfee Embedded Control for Retail

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

McAfee Public Cloud Server Security Suite

Seven Steps to Ease the Pain of Managing a SOC

IT-Security Symposium in Stuttgart. Workshop McAfee Device-to-Cloud, Erweiterte Endpunktsicherheit für Microsoft Umgebungen

Services solutions for Managed Service Providers (MSPs)

McAfee Total Protection for Data Loss Prevention

WHITEPAPER. Enterprise Cyber Risk Management Protecting IT Assets that Matter

McAfee MVISION Cloud. Data Security for the Cloud Era

Introducing MVISION. Cohesive Cloud-based Management of Threat Countermeasures and Devices Leveraging Built-in Device Controls. Jon Parkes.

Threat Containment and Operations. Yong Kwang Kek, Director of Presales SE, APJ

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

McAfee Data Exchange Layer Product Guide. (McAfee epolicy Orchestrator)

RSA INCIDENT RESPONSE SERVICES

RSA INCIDENT RESPONSE SERVICES

McAfee Skyhigh Security Cloud for Amazon Web Services

Cisco ISE Plus SIEM and Threat Defense: Strengthen Security with Context

How-To Threat Centric NAC Cisco AMP for Endpoints in Cloud and Cisco Identity Service Engine (ISE) Integration using STIX Technology

McAfee Skyhigh Security Cloud for Citrix ShareFile

WHITE PAPER. OpenDXL Idea Book. Fifteen Easy Ways to Integrate, Orchestrate, and Expedite Security Operations. 1 OpenDXL Idea Book

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Comprehensive Database Security

MITIGATE CYBER ATTACK RISK

Traditional Security Solutions Have Reached Their Limit

THE ACCENTURE CYBER DEFENSE SOLUTION

FOR FINANCIAL SERVICES ORGANIZATIONS

Security by Default: Enabling Transformation Through Cyber Resilience

Cisco Firepower NGFW. Anticipate, block, and respond to threats

United Automotive Electronic Systems Co., Ltd Relies on McAfee for Comprehensive Security

Using Threat Analytics to Protect Privileged Access and Prevent Breaches

OUTSMART ADVANCED CYBER ATTACKS WITH AN INTELLIGENCE-DRIVEN SECURITY OPERATIONS CENTER

Securing the Empowered Branch with Cisco Network Admission Control. September 2007

Decoding security frameworks for effective cyber defense. David Allott McAfee

McAfee Embedded Control

RSA NetWitness Suite Respond in Minutes, Not Months

Privileged Account Security: A Balanced Approach to Securing Unix Environments

CloudSOC and Security.cloud for Microsoft Office 365

Easily Managed, Advanced Endpoint Security Results in 125,000 Safer Desktops and Happier Users

Securing Your Microsoft Azure Virtual Networks

ForeScout Extended Module for Splunk

Public University Automates Security to Mitigate Risk

McAfee Database Security Insights

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

Expand Virtualization. Maintain Security.

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Vidant Health Shifts from Security Alert Overload to Automated Detection and Correction

CyberArk Privileged Threat Analytics

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Securing Your Amazon Web Services Virtual Networks

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

CA Security Management

An Investment Checklist

Why we need Intelligent Security? Juha Launonen Sourcefire, Inc.

Smart Data Center From Hitachi Vantara: Transform to an Agile, Learning Data Center

Security. Made Smarter.

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

THE SIX ESSENTIAL CAPABILITIES OF AN ANALYTICS-DRIVEN SIEM

Sourcefire Network Security Analytics: Finding the Needle in the Haystack

EXABEAM HELPS PROTECT INFORMATION SYSTEMS

Power, Patch, and Endpoint Managers Expand McAfee epolicy Orchestrator Platform Capabilities While Cutting Costs

Enhanced Threat Detection, Investigation, and Response

Endpoint Security for DeltaV Systems

SOLUTION BRIEF RSA NETWITNESS PLATFORM ACCELERATED THREAT DETECTION & AUTOMATED RESPONSE FROM THE ENDPOINT TO THE CLOUD

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

empow s Security Platform The SIEM that Gives SIEM a Good Name

Stop Threats Before They Stop You

Technical Review Managing Risk, Complexity, and Cost with SanerNow Endpoint Security and Management Platform

McAfee Network Security Platform Administration Course

Manufacturing security: Bridging the gap between IT and OT

BUILDING AND MAINTAINING SOC

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Integrated, Intelligence driven Cyber Threat Hunting

Protecting Your Enterprise Databases from Ransomware

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Transcription:

Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries First united and open ecosystem to support enterprise-wide visibility and rapid response The cybersecurity industry needs a more efficient way to counter adversaries. Now, Cisco and McAfee have interconnected their platforms and ecosystems for comprehensive visibility, threat context sharing, and real-time security orchestration based on policies. Together, we lay the foundation for a universal, unified, and nimble infrastructure for threat detection and response. With this solution, DXL brokers bridge to Cisco pxgrid Controllers for bi-directional, one-to-many communication and shared services between these fabrics. Now, high-speed messaging and automated workflows can maximize the value of contextual, threat, network, and endpoint data by sharing it with any connected application. This ground-breaking integration links two ecosystems and leverages the open source OpenDXL initiative to help enterprises reduce friction, gaps, and delays that hinder effective security operations. Truly, together is power. McAfee Compatible Solutions DXL 4.0 as the messaging fabric Cisco ISE version 2.0 or later running pxgrid McAfee epolicy Orchestrator 5.3 or higher 1 Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

Unite Endpoint, Network, and Security Operations The Data Exchange Layer (DXL) threat intelligence fabric now interoperates with pxgrid, Cisco s open security information grid, to share contextual information and execute threat mitigation actions between and among any application connected to either fabric. The new bridge shares identity and threat intelligence in real time and supports automated threat response workflows across the security industry s largest joint community of vendors and open source applications. This unified integration fabric provides maximum utility for each application, dramatically increasing the value to customers and vendors of any single product while slashing the amount of time spent developing and maintaining integrations. Through the OpenDXL initiative, open source and in-house developed applications can also share and interact with little effort. Furthermore, organizations can extend the lifespan of existing security and IT systems and add new analytics, monitoring, and response capabilities without uprooting legacy or investing in entirely new systems. Clear the Integration Hurdle Enterprises are embracing integration and automation as a way of shortening threat mitigation and response cycles. However, traditional integration models that connect individual applications directly are expensive to create and maintain and become brittle over time as applications change. Few organizations have the time or expertise to get past this obstacle. They are left to manually gather data and implement policy and process updates. In addition, product boundaries constrain precious event, alert, and threat data that could make the difference between confident action and the risky wait and see approach. For example, insight found at the endpoint about a known threat is often not being leveraged at network threat vectors due to manual ticketing processes and operational boundaries. The resulting threat mitigation and remediation experience takes more time, more resources, and is less secure than a fully automated threat defense lifecycle. If the data is available, it traditionally arrives via batch and scheduled processes, after its peak utility. Thanks to the integration between pxgrid and DXL, now enterprises and service providers can leverage extensible and off-the-shelf integrations and a highspeed messaging fabric to automate and accelerate processes across silos of tools and operations. Challenges Integration cost and barriers slow data sharing and degrade data fidelity Manual integration and response increase risk New functionality disrupts operations and add complexity Stand-alone services reduce visibility and add management overhead Joint Solution Cisco and McAfee have integrated the pxgrid and Data Exchange Layer fabrics to share data and enable end-to-end threat mitigation, between and among any application connected to either fabric at maximum speed across vendors Results Less time and effort spent on integration More accurate and immediate decisions with higher confidence than ever before possible Reduced response time and manual troubleshooting through use of custom, automated policy actions 2 Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

Mitigate Threats End to End, Seamlessly Gain comprehensive visibility The pxgrid to DXL integration is bi-directional: data flows between the Cisco and the McAfee worlds, plus OpenDXL-integrated applications. Analysts and administrators have unprecedented system-wide visibility to detailed network, user/endpoint privilege level, sensor, and real-time network-attached asset state data. They can improve decision with high fidelity, freshly collected data such as: What devices are attached to my network? What is a new device s security posture? What level of network privilege does it have? Is this event likely to be bad? Which actions can I take now to reduce or mitigate risk? In addition to informing the security team, answers to these questions are highly valuable to operations and analytics tools that can incorporate this data in their calculations. Automate rapid response The integration extends the options for automated, policy-driven responses by increasing interactions throughout endpoint, network, and security operations. This pervasive expansion from monitoring and detection to active mitigation and containment reduces the vulnerability window and the potential dwell time of an attacker. It makes the best use of the services, their data, and the people that oversee them. Share services end to end With this solution, data flows one to many across the messaging bus. Threat response actions published over DXL by McAfee epolicy Orchestrator (McAfee epo ) software can be picked up by Cisco Identity Services Engine (Cisco ISE) and Cisco Threat Defense platforms, plus pxgrid partners. Services integrated with pxgrid can also direct DXL-integrated products from the McAfee portfolio, the McAfee Security Innovation Alliance, and the OpenDXL community. For instance, network session telemetry from ISE becomes visible to McAfee epo software, which can interpret which sessions are legitimate and initiate actions to shut down connections to specific endpoints or issue blocking to IP addresses, domains, or URLs. Or, an unmanaged device detected by Cisco ISE could be added to the McAfee epo software asset database and quarantined or given only minimal or guest network and data access until it had been brought into compliance. Containment policies for the new host could include an immediate scan of related endpoints, automatic placement of files in the quarantine portal, software updates, and malware deletion. These steps are traditionally manual, triggered after the user calls the help desk and asks about being kept out or disconnected. Similarly, an infected or suspicious host flagged by McAfee Endpoint Security could trigger isolation or restricted network access privileges by Cisco ISE. Cisco 3 Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

DXL/Cisco pxgrid Integration McAfee epolicy Orchestrator Threat Events Automatic Responses DXL Client Identity Services Engine (ISE) Policy Database Adaptive Network Control Service (ANC) Endpoint Protection Service (EPS) Authentication Service Session Information pxgrid Node Integration Pattern Engine (IPE) OpenDXL Client DXL Message Broker Figure 1. An engine bridges policies across DXL and ISE to connect services across application ecosystems. response options extend to adjusting dynamic access control lists (ACLs) on switches or increased inspection by network intrusion prevention systems. Data published to pxgrid and over the DXL bridge can also become part of analytics, indicator of compromise (IoC) hunting, and integrated monitoring within McAfee Enterprise Security Manager. DXL events can be used in a correlation rule or watch list, for instance, to trigger an alarm if a high-sensitivity asset behaves unusually. Centrally visualize, configure, and monitor services Data-sharing relationships and automated responses can be defined within the new interactive OpenDXL Console. This new fabric monitor provides an easy way to see available services, invoke requests or responses, and subscribe to or publish an event. To enable the McAfee-Cisco solution, an integrated pattern engine bridges McAfee epo software policies with pxgrid policies for transparent interoperation. 4 Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

About pxgrid Cisco pxgrid is an open framework that enables multivendor, cross-platform network system collaboration among IT infrastructure, such as security monitoring and detection systems, network policy platforms, identity and access management platforms, and virtually any other IT operations platform. About Cisco ISE The Cisco Identity Services Engine (Cisco ISE) allows you to see and control network access policy for users and devices connecting to the corporate network. It does all this from a central policy location. About the Data Exchange Layer Bringing high-speed messaging to security systems, the Data Exchange Layer provides a universal fabric for exchanging data in real time. It leverages a one-to-many integration model so each application can publish and subscribe to messages over a common communication system. About OpenDXL As an open source initiative, OpenDXL increases the variety of services running over Data Exchange Layer. The OpenDXL.com community uses an SDK and their creativity to invent an expanding range of tools, integrations, and applications that overcome the integration hurdles of security software. In addition to many open source and commercial product integrations, a growing set of utilities, including the OpenDXL Console, are featured on opendxl.com. About McAfee epolicy Orchestrator The DXL-pxGrid bridge expands the reach of the McAfee epo software single-agent and single-console architecture that provides policy-based management for McAfee, third-party partners, and enterprises. In addition to publicizing threat events over DXL, a McAfee epo software automated response can trigger actions by connected services. To integrate OpenDXL services into McAfee epo software, the community can use an OpenDXL service wrapper and other tools at OpenDXL. com. About McAfee Enterprise Security Manager The foundation of the security information and event management (SIEM) solution from McAfee delivers performance, actionable intelligence, and real-time situational awareness at the speed and scale required for security organizations to identify, understand, and respond to stealthy threats, while the embedded compliance framework simplifies compliance. To Get Started Enterprises: View and download OpenDXL integrations from OpenDXL.com, including open source integrations contributed by the community. Download the OpenDXL Console to configure integrations. Developers: To create new services to run across these fabrics, developers should access the OpenDXL SDK, the OpenDXL Docker Container and other tools, and the Cisco integration via OpenDXL.com. Learn More The integration and components are freely available. www.opendxl.com www.mcafee.com cisco.com/go/pxgrid 2821 Mission College Boulevard Santa Clara, CA 95054 888 847 8766 www.mcafee.com McAfee and the McAfee logo, epolicy Orchestrator, and McAfee epo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. Copyright 2017 McAfee, LLC. 3629_1017 OCTOBER 2017 5 Integrated McAfee and Cisco Fabrics Demolish Enterprise Boundaries

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback