Get to know Cisco SecureX with a Demo!
About this lesson
Join Cisco & DSI experts for a demo of SecureX – a cloud-native, built-in platform experience that connects the Cisco Secure portfolio with your infrastructure. You’ll get a glimpse into the platform, a Q&A session, and a fun quiz!
Full Transcript
securex it is a cloud native built-in experience within the portfolio so what that actually means is a unified console or a an application that is able to provide unified visibility into the different solutions so um you are going to be able to interface with this whether it's within cisco solutions or if it's third-party or if you're pulling in threat feeds or intelligence from somewhere else or using this to help uh orchestration actions through a store or sending the information over to a sim uh that we see uh different groups that are interested in this uh either you know network operations i t operations or sec ops you could break it off into different areas uh to create different dashboards for each teams and things like that so uh securex is now being embedded into uh every cisco secure technology and it's not just another um layer of security we're really working to improve uh the cross-functional collaboration between the the teams but uh not only you know within the teams but within the different solutions within the environment so we are so by going in this direction we now have sore capabilities uh we we have xdr which is extended detection and response is what what that acronym stands for uh and uh what we're working to do is um we're not trying to be just completely a sore or be an xdr platform uh we do not require separate licenses for different capabilities or functionalities secure access free it's included if you buy uh certain solutions within our portfolio and we'll cover those in a little bit but uh we really just want to simplify that experience be able to unify your visibility and really create or help create that off that operational efficiency without any additional licenses and it has capabilities that some source don't have it has capabilities that some xdrs don't have but uh your soar platforms will have may have more capabilities in it or you may have already have a bunch of different orchestrations set up and this is actually meant to feed into that or help to to feed the solutions that you have it's not a rip and replace it it's not you know um like the lord of the rings one ring to rule them all or something like that it is a complimentary solution to uh these other platforms that you may already have in place um so unlocking the value we already kind of went through this but if you want to talk about some metrics so it takes about 15 minutes to set up and to be able to get data into it so it is usable it takes about half the time to be able to look at threats and identify what's going on within the environment if you want to talk about visibility and then on average we see between a 85 reduction in time to respond and remediate an attack and uh saving about a hundred hours uh you know unifying visibility and automating workflows so meaning by being able to dump all this stuff into one console makes it a lot easier to comb through and figure out what's going on all right so our the uh different pieces of the platform are going to be your integrations and i'll cover this in a second uh ribbon and sign on your dashboards your threat response piece so cisco threat response is still part of this and it's not going away and then your orchestration uh which uh engine which includes a drag and drop gui and we'll show that here in a second so um how this is going to be experienced so uh when we talk about the pillars i'm going to go through and walk through each of the pillars and then we'll go through the demo itself so uh simplicity the first one um before you know we're looking at trying to identify an alert do the investigation go through the different product dashboards uh and then you remediate by coordinating multiple teams multiple products and things like that it was very manual process now with securex or uh more or namely uh securex uh threat response we're able to integrate across the entire infrastructure we could automate the actions we're able to uh click on a a specific endpoint or maybe a malicious domain or an email message or whatever and tell it to remediate to either block a url or to remove or quarantine an email message or an endpoint or whatever directly within the console the next one is the next piece of this is the securex ribbon so the ribbon i'll show that in the um in the demo in a little bit more detail but uh the ribbon is what unifies all these different platforms so whether you're in securex you are in ctr you go into umbrella you go into amp you go into any of these other um the other solutions that that feed into securex the the ribbon is what ties all these together and it gives you a unified uh dashboard or really ribbon or part of a console where uh it is the same across all these different solutions so you can utilize this to look at different cases to look at incidents to pivot directly into other solutions and you'll see how it ties all of these products together and and gives you the ability to launch between one and the other and then uh the other uh piece of your um simplicity is being able to uh utilize uh securex for uh for your in incident response for your investigations uh utilizing uh secure threat response so uh this allows you to um aggregate query to visualize what's going on to see uh to look at a relations graph and see everywhere where you know either in ioc or indicator compromise it might be a hash it may be an ip or url or combination all the above be able to look at that to see everywhere where it's uh interacted within your environment or even out external to that if you're utilizing umbrella for dns requests and things like that which will allow you to automate your workflows and take immediate action uh so now we're able to see and stop attacks in a couple of minutes utilizing just a few clicks rather than as we said before we're looking at you know five to ten minutes to look through and identify what's going on and be able to make an informed decision versus a half hour plus to be able to go through multiple consoles to identify what what uh goes on um so that that is you know really our our focus or the intention with trying to simplify what you're doing so the amount of information you're looking at different dashboards logs sources things like that uh so our goal is you know at least an 85 percent reduction in time to respond and remediate an attack uh versus uh what what we see our customer base going through now on a day-to-day basis so first pillar that was uh simplicity so now we're looking at visibility so our second pillar of the solution is visibility so this is allowing us to provide a singular console to be able to see what's going on across your infrastructure so you're able to um look at instantly at what matters you can create your different views you can create your dashboards uh and either if you want to do a per person by team or however you would prefer to do that you get that visibility into a single dashboard and this is uh what it looks like and i'm going to cover this in the demo as well but you have your applications you have your tiles which is uh providing information and then your news on the right so it's our version of an rss feed that will provide information about either securex how to do certain things uh information from talos cisco security uh cert or usf and other uh organizations as well and uh you know how we really maximize that efficiency is uh instead of doing uh working through um some automation scripts and playbooks and things like that that you know really uh end up getting outdated or uh the some of the scripts may break or so can be really manual tasks that are being done and time-consuming tasks but uh being able to move those over into an orchestration engine that is able to orchestrate not only cisco but across uh multiple uh solutions or across your entire security uh portfolio and then um after being able to just combine these different tasks across different security tools and uh be able to orchestrate or automate uh what goes on with within a single um task or a single workflow so and this is where we'll get into orchestration i'm i'm going to skip through these quickly because i'm going to show these in the demo um but the just the difference in the last thing that i want to cover here uh before we get into efficiency is the um difference between automation and orchestration so i touched on this before automation is the ability to perform individual repetitive tasks so uh we want to either deploy something quicker respond to something do more with less things like that this is where you're going to want to employ automation or or utilize automation to help with that everybody's short of manpower everybody wastes too much time on a repetitive task and the having the ability to uh utilize an engine like this to uh be able to get past that is really really helpful so uh orchestration is the arrangement and coordination of automated tasks for non-automated tasks so uh like i had said earlier automation is being able to take individual items and automate those orchestration is taking multiple automated tasks and orchestrating those or being able to coordinate all of those tasks to be able to perform a common out output so if you wanted to automatically spin up uh say like an aws bucket or something on demand and uh be able to so that's you would orchestrate actions like that or orchestrated deployment of a site or um cat 9ks or you know something like that for a new site turn up all right and the the last piece of this is um about uh integrations right so i talk about orchestration you talk about automation talk about a single console um this is really uh what it looks like so uh once we start to talk about integrations there's two different flavors of integrations within this platform and i'll show you this again in a minute but the integrations are not only cisco infrastructure but between third-party security tools third-party infrastructure and your general infrastructure so that could be scripting or dev tools uh data exchanges messaging protocols having securex create messages within webex teams for instance through the api if you if there's a specific event that's going on or uh if you want to notify the team of uh maybe an outage or an infection or a breach or something like that you could you could automate things like that but the integrations themselves are are done either through apps within the platform that you'll see that are are built in and we're continuing to you know develop on those and add new ones in there almost weekly and then we also have our api which is open which you can utilize the api to create your own integrations between any other solution out there that has an open api so you could script it you could uh have it pull information in uh things like that to be able to share data between platforms but what you see on here are just some of the platforms that we have already included in here that you have access into and we're consider and we're continuing to add more uh and this is not um including you know just having access to the api to be able to do that um so the integration into the um into the sock itself and uh what we're looking at here if you look at it from a um infrastruc infrastructure standpoint you have your cisco security portfolio you have your third-party security you have other infrastructure in there and then what we want to do is be able to provide that enrichment and response so you have secure acts over the right-hand side so all the information from your environment dumps into uh securex and into some of your other tools that you would have that your stock is going to be looking at or your security team um and uh if we're going to um provide that information or send that into securex then uh from there you could create your orchestration or you could uh add that data or utilize that data in your current playbook or your store or your security feeds uh send that stuff over to your sim or allow you know the itops or the network operations center to also uh have visibility into what's going on across the environment through uh centralized consoles such as this so very last slide i swear this is our uh what you can do so some of the things that uh that we claim some of our claims or the claim to fame with secure acts or securex threat response is uh you know while having one dissolution in place some of the things that you're going to be able to do are answer questions faster block and unblock domains uh block and unblock executions uh isolate hosts you can hunt for an observable you can see incidents all in one place you could store uh our thread intel or your own thread intel into uh or be able to pull it into the platform to be able to use an investigations you can integrate threat response easily into your existing processes and your tools or any custom tools at that via the api docu document your analysis in different case books that are available within ctr and then save point in time snapshots of either your investigations of your analysis or you could force the platform to take a snapshot of an individual host itself if you wanted to do it that way so i know this was a lot of data but i really want to show you this in action so i'm going to switch over from here into the demo itself and let me bring my browser over to this screen and we will go from there all right so secure x good okay it resized for me so this is going to be your securex dashboard and when you launch into it this is what you're going to see so i went ahead and i created a couple different dashboards here to show you uh or give you a better idea of the types of data that you're going to be able to get out of this so i'm going to just expand the window to give you a better idea of some of the information that we're seeing here so in the security operations in here let me do it this way these are the the way that the integrations are gonna show within the platform so when you go to create a dashboard i can name this whatever i want so if i wanna if i wanna name this pete's dashboard and say i care about our uh amp so i could go come in and pick and choose what i want from here if i just want a summary if i want to be able to look at quarantines or compromises i could add miter attack tactics in this as well so we support the wider attack framework and it'll map it to the different observables or the different methods that are being used that are outlined by uh mitre or i could go in and add in um what we're seeing from orbital so orbital is the advanced query engine that you can add on to uh amp for for endpoints but i could go through and add just either individual things or i could add all of them for uh the different um for the different solutions so in this first one what i did was uh for security operations i just dumped everything in here so i took all of our security uh controls or all of our security solutions and i added them in to uh the dashboard so that so that this way uh you give you a better idea of what some of these screens will look like so either compromises by amp through incoming mail messages from the esa going down to the wsa umbrella and then looking at uh stealthwatch information and then going last into uh orbital and looking at threat grid threat scores and uh your malware analysis that that are in here as well so uh going through uh from from this standpoint you could see uh or just wanted to give an idea of what you know some of these uh tiles or some of these dashboards would look like uh when you're looking at it so for security operations i did everything in network security i made it a little bit more pointed where i only did firepower i did wsa i did stealthwatch so we could look at what's going on within the network um if any of these are not showing traffic i could look at it all at a log scale it'll tell you exactly what's going on uh via the api so um securex is completely api driven even uh within the stuff that that we have in there so ap so securex under the covers really is a series of apis that make calls into the different solutions that pull the data in and then uh correlate it and then you're able to use that for these different dashboards so um going through you have the ability to change uh timelines you could change some of the settings within um some of the tiles or the way that the apis are calling if you want to create your custom integrations or you know different customized dashboards or if i want to look at uh so going from network security and pivoting now over to um this one i just called fish food so that this is uh all about phishing attempts so uh looking at email security uh whether it's amp for email or all the way down to i also include an amp for endpoints in this as well uh and record and umbrella so we could see if there was a phishing attempt what urls they were trying to access if there's command and control traffic if anything was uh brought down to the endpoint itself uh or if any if we had any submissions to uh threatgrid to see if we have any uh any either malicious or benign files that were downloaded or brought down as well so uh just a couple examples here of the different types of dashboard that that you're able to create so to step back one step uh the other areas that i had talked about is your news feed so this is you know you're welcome to secure x different things about cisco security or releases from cisco security about either new releases or different intelligence feeds over the left-hand side you have your integrations your apps and things like that and then the very last thing that i'm going to hit on before we turn it over for q a because i know we're right at the 15 minute mark left uh is just the orchestration piece itself just to i want to show you know how easy this is so if i look at this uh workflow this is your amp host um isolation so this is how the um let me get out of this wrong way so these are how your um the different runs are set up so you get uh block objects that you're able to pull in for uh your different observables so um everything from amp it also goes in and it has options for aws or azure or different solutions that you're going to have and what this does is it allows you to pick on any of these processes that that you want and then tell it what to do uh tell it to either you know pick a sli this one is uh select a target um create an approval request so this is gonna send a request out and ask for um approval so this is going to be the message that's going to be sent this is going to be sent over the email so that you have to approve so your approval choices are approve or reject how long this is good for when it expires and things like that so you're able to go through and if we see a endpoint that has been identified by amp to have something malicious on it allow it to automate that action to send you an endpoint so you're not sitting in the um in the amp console itself uh staring and trying to see uh what is um what what's going to be uh you know popping up or if there's anything that you need to uh that anything that you need to be able to respond to and this is another one it's just adding to a triage group but just showing you know some of the logic and some of the capabilities here uh and then you have the ability to view your runs you do test your runs and be able to validate all these before any of the stuff is moved into um into production itself and so if i run this it's going to dump me out and then show me whether or not uh it fails it and this is what it looks like if if you have something that is incorrectly done within here it's going to show you where and then you you have to go back and if you click on any of these spots it it'll give you a little bit of help uh with you know what's wrong or it'll tell you where it where it actually failed when you look through the orchestration engine and very last piece just to note on is the ribbon and this is what i was talking about with tying everything together where uh your ribbon gives you the ability to access your case books case books were originally an idea or concept brought in from cisco threat response and then from here you could directly uh either look at your different cases look at different observables you could pivot within here to uh to some of the other solutions whether it's threat response or securex or it works very similar to um what you're familiar with if you're familiar with ctr and then uh being able to look at incidents again directly respond to anything or if you want to you want to pivot into secure into ctr in which i messed up my authentication there anyway uh but you'll be able to get into ctr it's gonna time out on me here because i use the wrong credentials but uh but anyway uh you'll be able to uh directly pivot into and launch cross launch into any of these other platforms so i i know i went over by a couple minutes uh but we have about 10 minutes left for uh q a if anybody has any questions or anything please uh enter them into the chat or into the q a window and i'd be more than happy to be to answer any of your questions hey pete and everyone just so you know um we are we do have some questions that came in through the chat so um i'll go ahead and ask those and then after we do the q a we do have a quiz that we're going to do um and if you stick around and solve the quiz we do have some slags that we can send you if you win so definitely stick around for that um give me one second pete let me just get these okay um how is your platform different from a sem or a store all right so the the difference between our platform or an assembler is that so a sim is a logging mechanism so typically what a sim is is it's going to pull in all your syslog and then correlate it and then tell you or help to identify security events and things like that so this platform does correlate events but it's taking them directly from different platforms it's not ingesting syslog it's not it's not capable of ingesting syslog it's actually doing api calls to reach out and pull in the event so it is looking for specific pieces of information that are relevant to what it's trying to do and pulling them into the platform so really that that's the difference we're um pointedly looking at a at different uh types of data or intelligence and pulling that in and using that to make it to to respond to or create alerts rather than looking at all the raw log data and trying to tie that together and be able to um to make decisions based on all the logs we do provide the capability within uh ctr to be able to send the logs and it's uh on the roadmap for securex as well to be able to send this data over to a sim as well and then for the soar question that the soar is um we you know want to complement or integrate with your store we do give you the ability to to orchestrate or automate a lot of your workflows in the different tasks especially across uh multiple you know solutions um it just when we're we have this completely uh or mostly focused on security and then some network tasks and things like that if you look at sd-wan or sd-lan and integrating with dna center and things like that so it does spill over to the network side but where we see uh heavy store users whether it's uh ansible puppet chef things like that they're automating entire infrastructures they're automating workloads they're uh it goes the typical uh customers that we see that are running these automation engines go much further past the security threshold and they're doing orchestration of uh entire you know workloads and workflows within the environment so we're security focused versus uh operationally focused where we see a lot of the other um sore uh users going perfect and um i think you might have mentioned this um this might be like a two-part question um but how do you give securex what platforms were they that came in um that you get securex with and then the other one was um again the second part to this was i think this might have an answer too is how many existing security components can connect to your platform okay so securex is um it is free as long as you have a license for um so here this is a good one this will show you over here so for amp for endpoints for your email security so esa or cloud email security firepower um stealthwatch threakrid umbrella and wsa so if you have a subscription to any of those five uh solutions and and now um tetration has been added to that we continue we're continuing to add uh we're working on meraki now as well as a couple other solutions and then we have a whole list and where is it no not that one so we have a whole list of different uh if you look at the the securex site uh of the different integrations that we're able to do and then we have uh all of our integration workflows so whether it's api whether it's using the applications and this will give you a list also of all of the available integrations uh both cisco and third party as well okay okay um awesome i think that's all the questions that we've gotten through um if anybody else has any feel free to send it through now with that we do have a quick quiz that we're going to go through and if you want to you just go ahead and type into the chat you can chat to the the host and presenter or to the all the panelists so that we can see your answers um with this it's not just swag that you're gonna win you're gonna win a um amazon gift card whoever gets the most uh correct will win the amazon gift card um so give me just a moment let me pull these questions up all right and sabrina to meet you the presenter if you need it to share anything perfect i think i'm just going to verbally announce them out just thank um all right first question is what percentage of companies in the security industry plan to automate more actions is it a 50 c 77 or c15 again what percentage of companies in the security industry plan to automate more actions is it a 50 b 77 or c 15 so i think we have julie hall was the first one in okay we'll tell we have about five questions we're going to tally them up at the end and so whoever gets the most right will win that we got to do a tiebreaker all right all right number two which of these is not a platform approach that securex uses to tackle security operations and challenges is it a complexity b visibility or c efficiency again which of these is not a platform approach that securex uses to tackle security operations and challenges is it a complexity b visibility or c efficiency all right this next one is extremely hard to pay attention kind of difficult um what is the name of cisco threat intelligence team that is used for securex is it a the avengers b the justice league or c hallows again what is the name of the cisco threat intelligence team used for secure x a the avengers b justice league or c talos all right we got two more questions um four which one is not secure x is uh a description of securex excuse me a it's a cloud native b it's on prem based or c it's a built-in platform experience again for number four which one is not secure x or a description of secure x a it's a cloud native b it's on prem base or c it's a built-in xp a built-in platform experience all right and last but not least our final question is where in securex can you go to create workflows for your organization is it a your dashboard b orchestration or c the api connections again where insecure x can you go to build workflows for your organization is it a dashboard b orchestration or c api connection all right and give us just a minute to look at these all right and we've gone through and looked at all the correct answers um and adam self has won um our amazon gift card for today so congratulations adam um awesome job and thanks for everyone who participated um this was awesome and we're really glad that you all were able to stay here uh and join us today so adam we will uh be getting your information from you and getting that over to you um if you have any questions i know it's 12 right now but um i will be hanging on for a few more moments to help answer any questions that you already have other than that thank you all so much for joining um pete i'm going to pass it over to you if you want to say anything to wrap this all up no no thank you very much to everybody who attended this morning um i also have a few minutes to hang around if anybody has any additional questions i went through everything that i could find within the chat um and went through and tried to answer all of those questions and uh if anybody would like a deeper look or more information on securex please uh reach out to dsi and we would be more than happy to set this up awesome thanks everyone
Original Description
Join Cisco & DSI experts for a demo of SecureX – a cloud-native, built-in platform experience that connects the Cisco Secure portfolio with your infrastructure. You’ll get a glimpse into the platform, a Q&A session, and a fun quiz!
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Related Reads
📰
📰
📰
📰
Beyond console.log: Advanced Debugging Workflows That Will Save You Hours
Medium · JavaScript
cgo Overhead Dropped 30%. When Should You Actually Care?
Medium · Programming
Why Everyone is Wrong About Website Development?
Medium · Programming
The Silent Killer in Your Node.js APIs: Mass Assignment & How to Catch It Before Production
Medium · Programming
🎓
Tutor Explanation
DeepCamp AI