Cisco : Automate your way to success with Cisco SecureX

Take back control with an integrated security platform

In a makeshift SOCin thecorner of his home, Mattstarts his day withan alarm going off on his computer. There are four monitors ganged together, multiple consoles on each one of them, andnumerous empty coffee mugs. This probably draws a snapshotof what's been real for many of us. On top of the never-ending list of alerts in his inbox every morning, he is building playbooks, threat hunting, scanning news for the latest attack updates, and investigating alerts. Coffee stopped working a couple of hours ago. Mattwished he had more time in the day.…andit's only 9 AM.

Imagine if Matt started his morningby simply reviewing the work that already took place through scheduled or event-based automation. Theorchestration would simply happen in the background, dramatically reducing the friction and repetition in his processes, save time,and lower ongoing costs. Attempting to counter attacks with manual processes is like fighting a losing battle against relentlessly active adversaries. With attackers automatingtheir offense, security teams must do the same for a stronger defense powered by an integrated security platform.

Cisco SecureX maximizes efficiency

It's been almost a year since we announcedtheCisco SecureX platform at RSA 2020. You don't need me to tell you it's been quite a journey since then. We had no idea, however, of the rigor of the tests that SecureX would get before it even turned a year old. With SecureX, we reimagined how security enabled your business- the need to consolidate functionality, simplify operations,anddevelop an open platform that would work with customers' existingenvironments.

Getting started with security orchestration and automation

In my last blog, I spoke about the advantages of using orchestration and how it canmaximize operational efficiency. SecureX orchestration is a workflow automation feature of our platform that enables you to define workflows to replace your typical security processes; the automation steps (activities), the logic or flow between these steps, and how to flow data from one step to the next. With Cisco SecureX, you can leverage Cisco and third-party systems, applications, databases, and network devices in your environment to create these workflows. The platform includes full multi-domain orchestration with a no/low-code approach and an intuitive drag-and-drop canvas to deliver a high-performance, scalable playbook automation capability.

Let's talk about two important use cases that present opportunities for automationin your environment.Both workflows are especially relevant today, with an uptick in phishing scams during the current global pandemic and the recent SolarWinds supply chain attack.

1) Maneuvering the SolarWinds attacks with an integrated approach

Cyberattacks targeting the software supply chain have been on the rise. Since the discovery of the SolarWinds supply chain attack in early December, some security teams are scrambling to assess the impact,whileothers are revisiting their risk management practices and incident response playbooks. On the bright side, the Solarwinds attack maybe a catalyst for transformation in your organization. As the industry comes to terms with the scope of the SolarWinds Orion / Sunburst backdoor cyberattack and associated breaches, our team has taken steps to help customers who may have been impacted. While the story continues to evolve, customers want to understand immediate risks to their business, how to recover if they have been breached, and what they can do to improve their security posture in the future. Here is how you can maneuver the SolarWinds Attacks with an integrated approach.

The SolarWinds supply chain attack workflow is designed to conduct an automated investigation based on the content of a Talos SolarWinds threat advisory blog post. Theworkflow starts byusing theblog post as a source for observablesand then SecureX threat response determineswhich of those observables are worth digging in to. Since SecureX is being used to investigate, the results of the workflow are tailored to each customer's environment and telemetry from their integrated products. When the investigation is complete, you can document the findings in a SecureX threat response casebook and incidentmanager, ServiceNow incident ticket, and send notifications using Webex Teams, Slack, and email. The workflow also has an option to create an approval task that, upon approval, sets off automated remediation for non-clean observables. You canautomate security workflows that are reactive to network and system states. And with playbooks that execute at machine speed, customers can reduce research and response time while also improving precision with less overhead.

'If you want to know the impact of the Orion malware, it will say, 'Hey, I have this webpage showing me indicators of compromise with SecureX,' I basically get a button within my browser and I say, whatever is on this page, check it against my live environment.'

-Wouter HindriksTechnical Team Lead Network & Security at Missing Piece BV

Explore the sample workflowHERE

See how Cisco is moving forward after the SolarWinds breach and understandhow the SecureX platform approach can reduce dwell time for infrastructureattacksby exploringour rapid response webpage.

2) Automate Phishing investigations and remediation

Phishing emails are not a new type of threat to most security professionalsbutdealing with the growing volume and potential impact of them requiresan innovative solution. TheSecureX platform now supports a sample workflowforphishing that can help you accelerate investigation and respond to phishing-based email threats in your environment. By shortening the investigation timeline through security automation, your team can ensure that they're not wasting valuable cycles performing repetitive, manual tasks.

This workflowis designed to be triggered by an email arriving in a phishing investigation mailbox. When an email is received, the workflow investigates its attachments and attempts to determine if anything in the email (or its attachments) was suspicious or malicious. This accelerates threat hunting and incident management. If anythingsuspicious or malicious is found, the user who submitted the email is told to delete it. A SecureX threat response casebook and incident are also created and notifications are sent via Webex Teams and email. Thispowerful workflow simplifies the complexity of handling phishing attempts, providing mailbox monitoring for incoming phishing reports.

Next steps: Getting started with SecureX

Security orchestration between multiple technologies will create opportunities for automation critical for success in the modern threat landscape. Now Matt can get a head start with pre-built sample workflows aligned to common use cases that can eliminate friction in the processes and automate routine tasks.

Set SecureX up in minutes and see the benefits almost immediately! Get Simplicity. Visibility. Efficiency today. If you are new to Cisco, explore our portfolio to start a trial. And if you are already a Cisco Secure customer and want to learn more? Watch a quick SecureX demo and explore additional workflows on GitHub to learn more.

More resources:

Share: