All organizations must deliver security business outcomes, says Sean Earhard, Global GTM, Secure Endpoint, Cisco, at CDW’s BTEX 2020 virtual event. “Their board of directors expects it, their executives demand it, their users require it and their customers are counting on it.”
Earhard’s security must-haves include breach defence, compliance, rapid incident response and containment, which can be achieved by purchasing security tools. But buyer beware! “When you a buy a security tool, at the start it feels lightweight, easy to use and everything’s great,” says Earhard, lifting a small, two-pound weight. “But a few months later, when you have an incident, it is heavy to lift, hard to integrate and automate, which can be a huge challenge.”
Cisco SecureX is a cloud-native, built-in platform that can be accessed from within Cisco security solutions. SecureX can accelerate your security team by bringing together all of your security tools, so your team can accomplish tasks they couldn’t get to otherwise. “They can be so much more productive if they can take tasks off their plate and get the tools to do them instead,” says Earhard.
5 most common security challenges, according to Cisco
- “We’re not using everything we paid for.”
- “We’re seeing something, but not everything.”
- “We can’t react fast enough.”
- “We can’t/don’t do that.”
- “We’re getting slower, not faster.”
“We’re not using everything we paid for.”
You might often find you don’t have time to use all of the tools at your disposal. What if we could bring all those tools together, so you didn’t have to use each individual application? And what if you could automate them to do certain tasks for you?
IT teams don’t have to worry about configuring APIs from a variety of solutions, as they can easily be integrated within SecureX in just a few clicks. “We read the manuals,” says Earhard. “We did the work for you, and made it simple.”
“We’re seeing something, but not everything.”
Most organizations are limited by visibility. They get security information by looking at a phone, checking to see which email alerts have been generated. A SIEM solution can show what some tools are telling it, but not all tools talk to the SIEM, so the information can be incomplete.
If you have integrated all your tools within SecureX, as Earhard explains, the dashboard can show you everything that’s going on across your environment. “I can set them up so that each person has a different dashboard, so they can see what’s most important for them.”
“Visibility isn’t just seeing alerts from tools,” says Earhard. “It’s also understanding what’s going on across your team.” Using the ribbon feature, which appears across the bottom of SecureX, team members can create incidents, assign cases and make notes, which are visible across the team.
“We can’t react fast enough.”
Every IT professional has been in this situation. A security incident occurs, and now you’re being judged by how fast you identify what’s going on, and how fast you take action.
With SecureX, the ribbon allows you to use tools inside of tools. You can chain tools together so that with just a few clicks, you can take action, by taking a forensic snapshot or isolating the host. “Maybe as an admin, I don’t have rights to isolate a host, so I need Tier 2 approval,” says Earhard. “With SecureX, I’m bringing in other technologies, such as ServiceNow, where I can open a ticket.”
“We can’t/don’t do that.”
It’s all about time and expertise. If you’re looking to set up threat hunting, for instance, most organizations don’t have PhD threat hunters working for them.
“We’ve made it so straightforward for you to start a threat hunting program,” says Earhard. By purchasing the SecureX Threat Hunting add-on, as you deploy an endpoint security tool across your environment, Cisco’s threat hunting experts start hunting for you.
According to Earhard, one of the key use cases is “The IT security team that needs to take some action, but maybe deprioritizes that action.” Their human analysts have identified a threat, and built out a timeline, and now they need to react. “Not everything resolves itself; it’s key to prioritize those critical incidents.”
“We hear from customers who realize they weren’t doing everything they needed to do,” says Earhard. “But, thanks to Cisco’s threat experts, they have a complete list, and they’re going to upgrade their procedures in order to react properly the next time.”
“We’re getting slower, not faster.”
Bringing all of your tools together seamlessly allows you to customize how your security works. Cisco SecureX allows you to drag and drop actions into a workflows interface, which makes it easy to understand what’s going on. In SecureX, you can have workflows running on a schedule, so you can get work done while you’re eating lunch.
“You can personalize your security to make yourself faster every single day,” says Earhard. “Instead of your team clicking on a mouse 200,000 times a month, imagine if you could cut that down by a third, or by half.”