Professional Documents
Culture Documents
Cisco Siem Integration
Cisco Siem Integration
As the threat from the industrialized hackers grows, new, novel solutions will need to evolve to
counteract the threat, so that our customers can defeat the attackers….open architectures with
best of breed solution providers is the only way to go. The era of the closed, black box
architectures is dead!
John Negron, SVP WW Sales - Cisco Security
Cisco Security Technical Alliances is…
An umbrella program covering multiple partner ecosystems in the BU
Packet No No Yes
Request-able No No Yes
CISCO ISE
Cisco Shares User/Device & Cisco Receives Context from Eco- MITIGATE
Network Context with IT Partners to Make Better Network
Infrastructure Access Policy CISCO NETWORK
SIEM &
Vulnerability
Threat Defense ? Assessment
• ThreatGrid API
Hand off suspicious files for analysis ThreatGrid and AnyConnect ecosystems are
specific-purpose and by application only.
Threat Grid
Malware Analysis & Threat Intelligence
Sandbox Appliance
x1
Load Balancer
x1 Security Services Platform
IDS/IPS
x4
NAT
x2
NG-Firewall
x2
Web Proxy
x4
Security Services Architecture (SSA)
IPS
FW WEB
SSA
OS
WAF SSL
DDOS
Check Out Related DevNet Security Sessions
• Cisco pxGrid Developers Learning Lab – in the DevNet Zone
• DEVNET-1123 - CSTA - Cisco Security Technical Alliances Overview
Tuesday, Jun 9, 2:00 PM - 2:30 PM
• DEVNET-1124 - Cisco pxGrid: A New Architecture for Security Platform Integration
Tuesday, Jun 9, 3:00 PM - 3:30 PM
• DEVNET-1010 - Using Cisco pxGrid for Security Platform Integration
Thursday, Jun 11, 9:00 AM - 10:00 AM
For More Information…
• DevNet Microsites:
https://developer.cisco.com/security
• pxGrid SDK, Tutorials & Test Tools:
http://cisco.com/go/pxgrid
• Forums:
https://supportforums.cisco.com/community/4561/security
• CSTA Partner Listing Customers:
http://www.cisco.com/c/en/us/products/security/partner-ecosystem.html
Thank you
CSTA Partners at Cisco Live US 2015
Stand 1624, Partner Village: SIEM and analytics platform. Collects data
FireSIGHT via eStreamer, from ISE, WSA, and ASA through syslog
Stand 2501:‘Packet Broker’ helps with many traffic visibility,
maintenance and high availability architectures
Stand 2211: Full packet capture and session analysis. Integrates with
FireSIGHT via community patch extending IPS event analysis
Stand 2319, SIEM and analytics platform. Collects data FireSIGHT via
eStreamer, from ISE, WSA, CSA, ASA and ThreatGrid through syslog
Stand 1524 : Integrates with ASA. Collects policy information for security
risk modeling, change control, audit and compliance