Securex BDM Presentation: - Long Version

SecureX BDM presentation - long version
1 Problem/need
Core slides This scripted slides in the deck
take <19 mins to present. All times
on the slides are in seconds.
50s 74s 71s 56s 66s Each scripted slide has defined
goals and full narrative.
2 Our platform
Buyer Audience:
70s 70s 51s 73s 53s 74s 72s CISOs/CIOs and managers/
decision makers with small
3 Demo 4 Integrations 5 Closing SecOps teams that desire better
collaboration with ITOps and
https://dcloud2-rtp.cisco.com/content/inst NetOps.
antdemo/cisco-securex-v1-instant-demo-
2 64s 58s 54s 46s 31s 72s 23s
Seller Audience:
For use by specialist cybersecurity
A Customer quotes B SecureX dashboard and ribbon for visibility deep dive sellers, SEs or architects that want
a comprehensive overview.
Slides outlined in blue and all

appendices excluded in the BDM
C SecureX threat response deep dive short version:
https://salesconnect.cisco.com/open.html
?c=398f072a-dc4d-41af-b307-071bde68
Insert these slides as needed 5d64
D SecureX orchestration (with pre-built workflows) deep dive Only 1-2 slides outlined in yellow
should be presented; they may be
more suitable if the audience
includes technical team members.
SELLER REFERENCE ONLY

Refresh your presentations - SecureX is built into other BDM decks
Umbrella BDM Firewall BDM Duo BDM Email Security BDM EA Seller Guidance
Tetration BDM Web Security BDM
Secure Remote Worker BDM
AMP for Endpoints BDM Stealthwatch BDM

Stealthwatch Cloud BDM
ISE BDM
Secure DC BDM
More solution decks coming soon, including:

Breach Defense (Sprint)
Zero Trust BDM | App-First Security BDM
SELLER REFERENCE ONLY Note: Right click on text to open SalesConnect hyperlink
Need more guidance? - Check out our seller guides
Conversation starter Enterprise agreement enabler FAQ Platform positioning and selling motions
dCloud demo TDM Who Uses SecureX

S e c u re X P la tf o rm
1 O v e rv ie w
Core s lide s
Buye r Aud ie nce :
U n ify v is ib ility w ith Te chnic al de cision make rs with Se cOps tea ms
2 S e c u re X d a s h b o a rd that de sire be tte r colla boration with ITOps and
Ne tOps .
E x p e rie n c e s im p lic it y
Seller Aud ience :
3 w it h S e c u re X For use by spe cialist c yberse curity s e lle rs, SEs or
th re a t re s p o n s e archite cts that want a compre he ns ive ove rvie w.
M a x im iz e e f fic ie n c y
4 w it h S e c u re X You can find the Se c ureX BDM long ve rsion here :
o rc h e s tra tio n https ://s ale s conne ct.cis co.c om/ope n.html?c =690f
cf4 0- 176b - 4fb6- a4 a0- 21b4e 4f60597
N e x t s te p
5 a n d re s o u rc e s
P r o d u c ts S e c u re X T h re a t In t e g ra t io n s w it h S e c u re X 3 rd O p e n s o u rc e /
A w it h b u ilt B R e s p o n s e D ic tio n a ry C S e c u re X P o rtf o lio D P a rty In t e g ra t io n s E c o m m u n it y
in S e c u re X
In s e rt the s e s lid e s as ne e d e d
SELLER REFERENCE ONLY Note: Right click on text to open SalesConnect hyperlink
SecureX
Business Decision Maker
Cisco Secure Marketing

Spring 2020
CISOs want to execute on a clear plan to deliver…
Your experience Your success Your future

simplified accelerated secured
…while keeping pace with business transformation
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential 5
And the security industry has made it more complex than
ever
57% 81% 77%
Say time to detect Say orchestration Plan to automate more

is a critical KPI for between products actions
security teams is challenging
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential Source: CISO Benchmark Study 2020 6
A platform approach confidently tackles
the most pressing security operation challenges
Simplicity Visibility Efficiency

Integrate technology Accelerate time to detect and investigate Accelerate time to remediate and
together with true threats and maintain contextual automate workflows to lower costs and
turnkey interoperability awareness strengthen security
Building a platform takes time and
engineering talent
Started with Began acquiring Unified The most comprehensive integrated
foundational new technologies and networking cybersecurity platform on the planet
security solutions innovating at a rapid pace and security gets even better
2007 2009 2011 2013 2015 2017 2019 2021
Network Cloud Web Network Unified Threat Enterprise Firewall CASB Access Management
Segmentation Security Access Management Security Services Network Security Threat
Email Security Gateway Control VPN Policy Response
Web Security
Gateway
Malware Analysis Cloud Security SD-WAN Cloud Email
Endpoint Detection Traffic Analytics SD-Access Security
and Response Workload Protection Application Performance Supplements
NGIPS Management
DC Networking Cloud Analytics
Over $6B in M&A Over 400 Unparalleled

over the past 6 years threat researchers platform breadth
And requires a broad security portfolio
Backed by unrivaled threat intelligence
Network User/Endpoint Cloud Edge Application
Firewall and IPS Endpoint Protection, Cloud Access Security Workload Protection
Network Access Detection and Response DNS-Layer Security
Control Multi-Factor Authentication Secure Web Gateway
Traffic Analytics Email Security
threat Cloud-Delivered Firewall
intelligence Secure Web Gateway
Cloud Analytics
Malware Analytics
Services: Talos Incident Response | Managed Detection and Response | Segmentation
Introducing SecureX
A cloud-native, built-in platform experience within our portfolio
Cisco Secure Your Infrastructure
Network Endpoint 3rd Party/ITSM Intelligence
Cloud Applications Identity SIEM/SOAR
Unified Visibility
Detection Investigation Managed Orchestration

Analytics Remediation Policy Automation
Your teams
SecOps ITOps NetOps
Our portfolio includes XDR capabilities and beyond
SOAR XDR
API-based
integration X-product integration
These values in Simplified experience
Simplified SOAR/XDR platforms
policy
and beyond are a Unified visibility
Process + Simplified analytics
fundamental right
automation
Response efficiency in SecureX Operational efficiency
And more
Separate license Separate license Already entitled to it

Integration
experts
Automation experts Unlike SOAR/XDR No special skills required
No data
+ platforms, these pains do
normalization Massive data lake not exist in SecureX No data storage required
Context lacks
Third party limitations No vendor lock-in
breadth *SIEM/SOAR is easier to use!
XDR - Extended Detection & Response

SOAR – Security Operations, Automation and Response
SecureX unlocks value for your organization
Integrated and Unified in one Maximized

open for location for operational
simplicity visibility efficiency
Included In 15 minutes, In half the time, Save 100 hours 85% reduction
with every Cisco you achieve real benefits customers say they by unifying visibility in time to respond to
Secure product using what you already have visualize threats within and automating and remediate
as it’s cloud-native their environment1 your workflows2 an attack2
[1] Source: TechValidate [2] Source: Based on internal simulation

SecureX is a cloud-native security platform
Integrated and Unified in one Maximized

open for location for operational
simplicity visibility efficiency
integrations ribbon & sign-on dashboard threat response orchestration

built-in, pre-built never leaves you customizable for what is at the core drag-drop GUI
or custom maintains context matters to you of the platform for no/low code
How true simplicity is experienced
Before: 32 minutes After: 5 minutes
1. IOC/alert SecureX threat response

is integrated across your
security infrastructure
2. Investigate incidents in multiple consoles

Product Product Product Product
dashboard 1 dashboard 2 dashboard 3 dashboard 4
Email Malicious
Subject domain
Target endpoint SHA - 256

IP
3. Remediate by coordinating multiple teams
Product Product Product Product In one view
dashboard 1 dashboard 2 dashboard 3 dashboard 4
Query intel Quickly visualize Remediate
and telemetry the Threat impact directly from
from multiple in your one UI
integrated products environment
Go To:
SecureX threat response deep dive
What unified visibility looks like
Before: “We swivel our After: “We instantly see what
chair to see many views” matters to us in one view” “We can view ROI metrics and
operational measures across
many products in one or more
Dashboard Integrations Orchestration Administration customizable dashboards”
My apps and NetOps SecOps ITOps 🁢Customize

integrations “We never lose context as
News
MITRE ATT&CK the ribbon follows us
tactics detected everywhere when we
use the Cisco Secure
Talos Intel portfolio”
Integrations
available
“We can try other platform
integrations with a click
C2 blocked before we buy”
“Our SOC knows latest intel

from the largest threat
research team on the planet”
Go To:
SecureX dashboard and ribbon deep dive
Maximizing operational efficiency
Before: Repetitive, Solution: Orchestrating After: I combined 9 tasks across 3
human-powered tasks security across the security tools, 2 infrastructure
full lifecycle systems, and 3 teams in one
Pre-built or customizable workflows keystroke!
Playbook Automation
Outdated script that
playbook works ALERT
“sometimes” I make automated playbook changes in
minutes with a drag-drop interface
Cisco or
non-Cisco task
infrastructure
condition task
We have never communicated faster:
task task Our approvals are automated
while
loop
Integration My top 5 most frustrating tasks have all
script that no
longer works be automated
task:
REMEDIATE
Go To:
SecureX threat response deep dive
The platform experience is built on breadth
to improve product efficacy
76% 83%
of organizations with Secure Email use SecureX threat of organizations looking to identify and remediate
response to investigate the source of the threat through threats faster use SecureX threat response in their SOC
comprehensive relationship graphs1
Each product enhances the The platform experience improves

platform experience security infrastructure
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential [1] Source: TechValidate 17
Endpoint security with SecureX built-in
Share details on affected

endpoints, blocking of
Endpoint security enhances malicious files, and
the platform experience isolate endpoints
Enhance endpoint
The platform experience improves detection and response
supported with
endpoint security telemetry
from other
security controls
Email Security with SecureX built-in
Use email as a
Email security enhances the threat vector for better
insight into context of a
platform experience threat
The platform experience improves Achieve a more

complete way to combat
email security phishing attacks
Network security with SecureX built-in
Analytics:
additional incident
Network security enhances the enrichment to speed up
platform experience execution of
remediation actions
Firewall:
The platform experience achieve a more
improves network security complete way to combat
phishing attacks
Demo
© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Partner Confidential 21
Meaningful integrations with your investments
not just a simple syslog data dump
Third-party Cisco Third-party General
security infrastructure infrastructure infrastructure
Operational tools, Networking, collaboration, IT service management, Scripting/dev tools, system
intelligence sources, server/app, and multicloud and cloud/virtual and interfaces, data exchanges,
infrastructure protections and management platforms devOp platforms and messaging protocols
visibility
UCS Director CloudCenter
ACI
HTTP SMTP SNMP …and more!

SecureX seamlessly integrates into your SOC
Your environment Your SOC
network | users and endpoints analysts | threat hunters
cloud edge | applications incident responders
Cisco Secure portfolio Cisco SecureX

2 2 dashboard | ribbon 4
threat response | orchestration
Third-party security
Provide
enrichment Playbooks (SOAR)
Cisco infrastructure and
response
Security feeds
Third-party infrastructure
1
SIEM
General infrastructure
3
Your ITOps and NOC
SecureX in the classroom
Multiple, global threat hunting workshops

Every quarter and now as virtual classes
to educate teams with real-world scenarios
Now features SecureX use cases

Learn how to defend against advanced
adversaries with the platform
Services to unlock your full potential
Reach your outcomes and resolve roadblocks towards a mature security posture
faster with these Cisco CX Services:
Automation SOC Talos Incident

and orchestration advisory Response
Identify automation opportunities Integrate SecureX into your SOC Plan, prepare, and respond to
and build custom playbooks across while also benchmarking and incidents identified through
Cisco and multi-vendor solutions. improving your SecureX with the help from the
operational processes. experts at Cisco Talos.
Maximize your security investment with
buying programs
Cisco All-In Security Choice Enterprise

Enterprise Agreement Agreement
Access to our full portfolio of security Deploy what you need now and add
products to unlock value more in the future
Compelling financial reasons to make us your trusted security partner
98% 95% 91%
Proven platform found the unified view
enables rapid threat
say that our security
platform helps them
find that our
security platform
with 10,000+ response take action helps their teams
and remediate collaborate more
customers
unlocking new
“I am able to visualize threats within my
value today with environment and take action in half the time it
SecureX used to take me.”
threat response —Security Engineer,
Large Enterprise Banking Company
Simplify your security with
the broadest, most
integrated platform
cisco.com/go/securex
learningnetwork.cisco.com
Customer quotes
“ A platform approach like SecureX is the future of
security at Mohawk Industries. It will make
things easier, faster, and we will see much more
going on in our environment than ever before.
Fortune 315 The automation and custom playbooks we have
$10B revenue seen in SecureX will make a difference in a zero-
42K employees trust environment and will improve security for
our company even further.
Michael DeGroote,
”
Infrastructure Consultant
“ One of the most important aspects as a CISO is
to make sure I feed intelligence into other
agencies. The platform approach gives us
excellent, superb stitching-together of forensic
”
Top 400 university investigations.
in the world
3,100 staff Mick Jenkins,
15,000 students Chief Information Security Officer
“ The harmonized network security and
collaborative platform is key when all teams can
work together to solve a problem. You’re most
vulnerable when you have silos. This platform
unifies visibility and taps into DevOps, SecOps,
Alvarez and Marsal
and even infrastructure.
management consulting for
38% of the Fortune 500 Collin John,
4,500 employees
65 offices, 24 countries
Global Security Manager
”
SecureX dashboard and
ribbon for visibility
Deep dive section
A new level of visibility with SecureX dashboard
• Applications (left)
View, launch or trial the integrated products
• Tiles (middle)
Presents metrics and operational measures
from the integrated products
• News (right)
Product updates, industry news, and blog
posts
Understand what matters in one view across your security infrastructure
Have it your way with customizable dashboards
• Up to 5 customizable dashboards
per user
• 60+ and color-coded tiles available across 12+

Cisco Secure product families
• Customize tiles by layout, size, timeframe,

scale, etc.
Never lose context with SecureX ribbon
Incidents Find observables on page
Casebook Query
Home endpoints Search Settings
Max/Min
Never lose context with SecureX ribbon
Scenario: What about Bob?
BEFORE: AFTER:
Cannot maintain context of a user, device, app, Maintain awareness of what is happening across
location, threat or policy when you sign on your security infrastructure with SecureX sign on
separately to each security technology and ribbon with fewer clicks
cloud security cloud security
product sign-on product details ... and ran
manage cloud a bad file
Who are How can Bob visited a manage endpoint Bob visited a and sent IP
you? I help? bad site bad site to Gmail
manage email
endpoint security security endpoint security

product sign-on platform sign-on product details ... and sent
IP to Gmail
Who are How can Bob ran Who are How can Bob ran and visited
you? I help? a bad file you? I help? a bad file a bad site
email security email security

product sign-on Incident product details … and ran
Bob had suspicious cloud, a bad file
Who are How can Bob sent Bob sent and visited
endpoint, and email activity IP to Gmail
you? I help? IP to Gmail a bad site
Go Back: Maximizing operational efficiency
SecureX threat response
Deep dive section
Accelerate investigations in SecureX
Aggregate and query global intel and
local context in one view
Visualize the impact of threats across

your environment
Take immediate action to isolate hosts

and block destinations or files
Automate workflows with approval

actions for better collaboration
Investigate with intelligence, context and response
Intelligence Local security context Response actions
Endpoint security Endpoint security Cloud security Block destinations

Malware intelligence
Internet intelligence Block files
Email security Network firewall
Isolate hosts
VirusTotal and other
3rd parties Analytics Web security
Are these observables suspicious Have we seen these observables? Where? What can I do about
or malicious? it right now?
Which endpoints connected to the domain/URL?
Observables: 1 ) File hash, 2) IP address, 3) Domain, 4) URL, 5) Email addresses, etc.
Backed by the industry’s best threat intelligence
Web/URL Network Email Malware/ DNS/IP Network

Analysis Endpoint Intrusions
III00II 0II00II I0I0II0II0 I0 I0 I00 00I0 I000 0II0 00 Accurately identify

Threat intelligence researchers
III00II 0II00II I0I000 0II0 00I0I00 I0 I000I0I 0II 0I0 and block known threats
00I00 I00I0I II0I0I 0II0I I0I00I0I0 0II0I0II 0I00I0I I0 Analyze activity related to
Analyze network telemetry
II0III0I 0II0II0I II00I0I0 0I00I0I00 I0I0 I0I0 I00I0I00 suspicious payloads
II0II0I0I0I I0I0I0I 0I0I0I0I 0I0I00I0 I0I0I0I 0II0I0I0I Detect and block threats
Threat processing centers
III00II I000I0I I000I0I I000I0I II 0I00 I0I000 0II0 in email messages
00I I0I0I0 I0I0III000 I0I00I0I 0II0I0 I00I0I0I0I 00 Block access to known or

Threat intelligence partners
0II00 I00I0I0 0I00I0I I00I0I0 I0I0I0I 0I0I0I 0I0I0 suspected malicious web sites
Use cases
Threat Hunting Incident Response
• Ransomware • Phishing attacks
Protect your organization • Server-based attacks • Corporate espionage

against • File-less malware • IoT attacks
• Cryptomining • Data breaches
See and stop attacks in minutes with a few clicks
SecOps with SecureX threat response
Query intel
Visualize
and context
the impact of
Email from your
threats in your Address
Malicious URL integrated
environment
security
Message Malicious
Target
Domain
Email
IP
IP
Extract observables Malicious 85% reduction
Domain SHA-256 Message
from browser content in time to respond
with 1 click and remediate to
an attack
Target
Suspicious URL
Endpoint
Security blogs Isolate hosts
Target Target SHA-256 Target
Cisco interfaces Network Endpoint Email Block files
3rd-party interfaces Block destinations
Or eliminate the clicks, by automating this workflow
SecureX orchestration
with pre-built workflows
Deep dive section
Introducing SecureX orchestration
Investigate Automate
Reduce research and response Eliminate repetitive tasks and
times with workflows and reduce MTTR to increase
Process automation playbooks that execute at
machine speed
productivity and focus on
mission-critical projects
made simple with a
no/low-code drag-drop
interface Integrate Scale
Unique turnkey approach to Automation that scales infinitely
quickly integrate with other and never takes a day off,
systems and solutions to expand delivering the same SLA around
your toolbox the clock
Change how teams interact with products
to solve problems
BEFORE: AFTER:
UNLOCK NEW USE CASES
No use cases beyond SecOps,
● Threat hunting ● Offload Office 365 traffic
and little collaboration with ITOps and NetOps
●● Phishing investigation ● Optimize VPN capacity
● Vulnerability management ●●● Build your own workflow
ITOps
SecOps ITOps NetOps

NetOps
See
alerts Respond
See Respond
alerts at scale
Observe Optimize
infrastructure performance
Learn Improve
Cisco Third party risks/lessons processes
SecOps
Advance SecOps maturity for threat hunting
Strengthen breach defense
Visit research blogs Hunt for IOC activity Contain threats BEFORE
SecOps Too much human
Visit Cisco Talos Create chat room Get authorization
error occurs in
Visit third parties Check traffic and connections Block domains and IPs less mature
teams
Check privilege changes Isolate endpoints
Check third parties Third party changes
Automate observations Automate investigation Automate remediation AFTER

SecOps 100 hours freed
10 min saved ✕ case 10 mins saved ✕ collaboration 10 mins saved ✕ approval
up (with less
same 1 hours saved ✕ 10 locations 10 mins saved ✕ destination human error) to
improve
1 hours saved ✕ 100 devices 1 hour saved ✕ host your posture
1 hours saved ✕ third party 25 hours ✕ integrations
Unify ITOps and SecOps for phishing investigation
Email submission Investigate observables Mitigate phishing attack BEFORE
Sec IT Lack of context
Extract observables Enrich observables (IP/hash) Get authorization
Ops Ops can degrade
Determine verdict Block domains and IPs breach
Pre-process and collect threat data
readiness and
Isolate endpoints response
Context from other technologies
Create chat room
Update email spam rules
Add hashes to outbreak list
Pre-built playbook Automate investigation Automate remediation AFTER

ITOps and SecOps 10 hours freed
10 min saved ✕ parse 10 min saved ✕ data correlation 15 min saved ✕ approval
up (with less
10 min saved ✕ extract 10 min saved ✕ intel sources 10 min saved ✕ destination human error)
to improve
10 min saved ✕ collab 2 hour saved ✕ >5 consoles 1 hour saved ✕ response your posture
30 mins saved ✕ update 1 hour ✕ policy
Eliminate ITOps tasks for vulnerability management
Look for CVE advisories Look for vulnerable devices Create IT service ticket BEFORE
ITOps Can take too
Visit Microsoft Security Response Is network share present? Describe fix for client/server
Center remote code execution
long before a
Is SMB compression disabled? breach happens
Visit other CERTs
Is Win build 18362 or 18363?
Is hotfix KB4551762 missing?
Pre-built queries Automate search on devices Automate ticket creation AFTER

ITOps 20 hours freed up
10 hours saved ✕ query 1 hour saved ✕ 100 devices 10 mins saved ✕ ticket
(with less human
same same error)
to enable
same your business
same
Eliminate NetOps tasks optimizing VPN capacity
Secure remote workers
Monitor VPN capacity Check for defined threshold Create IT service ticket BEFORE
NetOps Impact on
Monitor active session Collate data from multiple sites Request authorization
network
Understand maximum allowed Has the device load >=70%? Deploy additional head-end performance
VPN session due to lapse in
monitoring
Pre-built playbook Automate monitoring Automate deployment AFTER

NetOps 4 hours freed
1 hour saved ✕ observe 1 hour saved ✕ connections 10 mins saved ✕ approval
up with cost/
30 min saved ✕ identify 1 hour saved ✕ deploy time saving
10 mins saved ✕ device threshold
associated
with network
management
Eliminate NetOps tasks offloading O365 traffic
Secure remote workers
Look for Microsoft list Configure exclusion list Deploy headend capacity BEFORE
NetOps IP-based exclusion for O365 traffic
Impact O365
Manually convert exclusion list Create ticket
defined performance,
Identify related FW Execute commands on FW VPN saturation
Fetch destination JSON IP/domain list due to errors/
Check for next update batch delay in
Parse FW commands w/Python
manual update
Pre-built playbook Automate updated on FW Automate split tunneling AFTER

NetOps 20 hours freed up
1 hour saved ✕ monitor 1 hour saved ✕ observe 1 hour saved ✕ ticket
(with shortest
1 hour saved ✕ observe 1 hour saved ✕ identify 1 hour saved ✕ deploy timeframe) with
600+ entries
1 hour saved ✕ parse 1 hour saved ✕ check processed <3mins
Collaborate better by building your own workflow
Simplify complex playbooks
Incident identification Investigate observables Formulate response BEFORE
Sec IT Manual steps
Triage and prioritize Aggregate and assess impact Get authorization
Ops Ops drain
Create a case Query multiple technologies Block domain/isolate hosts productivity and
multiple
Assign analyst* Retrieve disposition Access management blind spots
Net
Ops Extract observables Create a snapshot Update policy+infra changes
Backup and recovery
Pre-built playbook Automate investigation Automate remediation AFTER

100 hours freed
1 hour ✕ triage 15 mins ✕ location ✕ IOC 10 mins saved ✕ approval
up (with less
20 mins ✕ ticket 10 mins ✕ queries 10 mins saved ✕ destination human error) to
Cross
Team improve time
10 mins ✕ assign 20 mins ✕ technologies 1 hour saved ✕ response to value
10 mins ✕ extract 1 hour ✕ manual OS query 1 hours ✕ devices

Securex BDM Presentation: - Long Version

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Securex BDM Presentation: - Long Version

Uploaded by

Copyright:

Available Formats

SecureX BDM presentation - long version

Slides outlined in blue and all

SELLER REFERENCE ONLY

Tetration BDM Web Security BDM

Secure Remote Worker BDM

AMP for Endpoints BDM Stealthwatch BDM

More solution decks coming soon, including:

dCloud demo TDM Who Uses SecureX

Cisco Secure Marketing

Your experience Your success Your future

…while keeping pace with business transformation

57% 81% 77%

Say time to detect Say orchestration Plan to automate more

Simplicity Visibility Efficiency

2007 2009 2011 2013 2015 2017 2019 2021

Over $6B in M&A Over 400 Unparalleled

Network User/Endpoint Cloud Edge Application

Services: Talos Incident Response | Managed Detection and Response | Segmentation

Network Endpoint 3rd Party/ITSM Intelligence

Cloud Applications Identity SIEM/SOAR

Detection Investigation Managed Orchestration

Separate license Separate license Already entitled to it

XDR - Extended Detection & Response

Integrated and Unified in one Maximized

[1] Source: TechValidate [2] Source: Based on internal simulation

Integrated and Unified in one Maximized

integrations ribbon & sign-on dashboard threat response orchestration

1. IOC/alert SecureX threat response

2. Investigate incidents in multiple consoles

Target endpoint SHA - 256

My apps and NetOps SecOps ITOps 🁢Customize

“Our SOC knows latest intel

Each product enhances the The platform experience improves

Share details on affected

The platform experience improves Achieve a more

UCS Director CloudCenter

HTTP SMTP SNMP …and more!

Cisco Secure portfolio Cisco SecureX

Multiple, global threat hunting workshops

Now features SecureX use cases

Automation SOC Talos Incident

Cisco All-In Security Choice Enterprise

Compelling financial reasons to make us your trusted security partner

Understand what matters in one view across your security infrastructure

• 60+ and color-coded tiles available across 12+

• Customize tiles by layout, size, timeframe,

endpoint security security endpoint security

email security email security

Visualize the impact of threats across

Take immediate action to isolate hosts

Automate workflows with approval

Intelligence Local security context Response actions

Endpoint security Endpoint security Cloud security Block destinations

Observables: 1 ) File hash, 2) IP address, 3) Domain, 4) URL, 5) Email addresses, etc.

Web/URL Network Email Malware/ DNS/IP Network

III00II 0II00II I0I0II0II0 I0 I0 I00 00I0 I000 0II0 00 Accurately identify

00I I0I0I0 I0I0III000 I0I00I0I 0II0I0 I00I0I0I0I 00 Block access to known or

• Ransomware • Phishing attacks

Protect your organization • Server-based attacks • Corporate espionage

SecOps ITOps NetOps

Check third parties Third party changes

Automate observations Automate investigation Automate remediation AFTER

Pre-built playbook Automate investigation Automate remediation AFTER