As long as there have been security products on the market, there have been management interfaces and systems to go with them. Taking that a step further, there have been products to try to consolidate the management interfaces to make it easier to analyze security data. Cisco tried this as well with a product that was well received due to the fact it could take data from the whole range of Cisco security products. This was the product we know as CTR, or Cisco Threat Response. But even Cisco seems to have realized that there was even MORE that could be done from the standpoint of a consolidated security interface. That is where Cisco SecureX comes into play.
Cisco SecureX is built on the theory that there is a wide range of security products within any given enterprise, and they might not all be from the same provider (Cisco). A good security dashboard used for managing incidents should be able to take advantage of data from all of these systems. That is the goal of SecureX.
So what exactly can SecureX integrate with? Obviously SecureX will be able to take advantage of data from the Cisco security suite of products, but there will be 170+ third party applications that SecureX can interface with at launch.
This is part of what makes SecureX special. Cisco is providing a way to correlate data from both their products and a wide range of products from other vendors. That way, as network engineers and admins, we have as much data available as possible before making security minded decisions for our network. But you might be asking, what happens if there is not a module for my software? Cisco thought of that as well. If your software has an API, there is a way to interface the data with SecureX. I was recently part of the Tech Field Day Virtual Cisco Live Experience and had the chance to learn about this from Ben Greenbaum from Cisco. Here he is explaining the process of using relay servers to allow SecureX to reach out to your other products for data:
What to do with all that data…
So we covered how we can gather data from many different sources, so now what kind of interface does that show up in? Here’s a quick look at what that dashboard will look like.
The dashboard is a conglomerate of data from the security products you have selected and have integrated with. On the left side of the screen are the different security products that you currently associate with SecureX in the event you want to drill down into one specifically. Again- a single pane of glass that you can use to browse and research data throughout your available security products, all managed by a single sign-on solution as well.
How is incident research made easier?
SecureX is all about saving time when it comes to researching network security incidents. In the past, admins and engineers used to have to go into each of their systems and investigate the same incident over and over while manually trying to make sense of what data they are getting from each system. Cisco SecureX has an answer for this as well: The SecureX Ribbon. The SecureX Ribbon allows you to maintain the context of an incident across all of your products while you are working. When you move to a new product, your dates, times, affected hosts, etc are all maintained so you can begin immediately examining the data without the process of repeatedly searching in each product. This does not apply to a single incident either. The Ribbon allows a user to flip between incidents as they see fit. Here is a glimpse of what the Ribbon looks like:
For more information:
As I mentioned, I was fortunate enough to be a part of the Tech Field Day Virtual Cisco Live Experience where SecureX was a much anticipated topic of discussion. Be sure to view the recording of the presentation if you missed it. There is a great demo and a lot of information about SecureX included. You can also get started for FREE with SecureX if you already own a qualifying Cisco Security product. For more information be sure to check out Cisco’s site here: Cisco SecureX