Lessons Learned from Cisco Live
Written by: Joseph Salazar, Technical Marketing Engineer –Attivo Networks recently spent a week at the San Diego Convention Center for Cisco Live 2019. While not as crowded or crazy as San Diego ComicCon, Cisco Live certainly offered its share of well-attended sessions and events. Attivo had a presence in the Security Village surrounded by other Cisco partners who are all contributors to the security ecosystem. We had on opportunity to speak at the Security Theater and met with prospects, customers, partners, and potential integration partners to expand our capabilities and hear first-hand about the challenges they are encountering in the security space.
During the event, we announced our partnership with Digital Defense to introduce the industry’s first integrated risk and deception-based platform for IoT and ICS networks. It was an exciting week, featuring many fruitful chats with Cisco engineers to confirm our integration enhancements with Cisco’s offerings. Just as the theme of this year’s Cisco Live was “Bridge to Possibilities”, as the sole deception technology provider, our presence provided a bridge to the continuing possibilities with Cisco’s security solutions.
As announced at Cisco Live, our partnership with Digital Defense involves their Frontline.Cloud offering, a vulnerability management and threat assessment platform that identifies high-risk/critical assets with a business context that is highly vulnerable to exploits, remains unpatched, are un-patchable, or have already been infected in real-time. The integration with the Attivo Networks BOTsink® solution allows administrators to quickly and confidently make strategic decisions on where to dynamically deploy additional deception technology assets to enhance their deception deployment and further misdirect attackers. This gives organizations the advantage of the time to detect, analyze, and stop an attacker even as their risk posture and critical assets change. Digital Defenses leverages its dataset to call the BOTsink to deploy additional on-demand decoys where they are needed based on vulnerability data and threat profiles.
Our partnership with Cisco is particularly robust and was the impetus to participate at Cisco Live. Prior to the conference, we conducted a webinar with Brian Gonsalves, Senior Manager of Product Management and Business Development with Cisco, that covered how the partnership between Cisco Systems and Attivo Networks better defends the enterprise. This partnership involves several key integrations that enhance overall security, decreases the time to respond to a security incident, and allows for easy scaling of the deception environment to remote sites. The Attivo Networks ThreatDefend™ platform integrates with several Cisco security products to offer customers a collective defense solution that provides detection of real-time threats, gathering of attack analysis, manual or automated blocking of attacks, and quarantining of endpoints based on suspicious activity:
- The ThreatDefend platform can add deception-based detections of internal attacker IP addresses to Cisco ASA firewalls to manually or automatically block Command and Control communications or data exfiltration.
- Attivo Networks is a pxGrid Partner, and as such, the ThreatDefend platform can transmit threat information to Cisco ISE via pxGrid to offer manual or automated quarantining of endpoints based on a deception-based detection.
- The Cisco Firepower Threat Defense (FTD) platform can also ingest this threat information from Cisco ISE via pxGrid, extending the deception-based detection value to the Cisco Next-Generation firewalls.
- The ThreatDefend platform can project Cisco IOS decoys for routers, switches, and VOIP from the BOTsink server.
- The ThreatDirect™ solution is a VM forwarder mechanism for scaling to remote or branch offices, micro-segmented networks, and cloud environments. Cisco ISR 4000 Series & ASR 1000 Series routers support the ThreatDirect solution within the built-in hypervisor.
- The Catalyst 9000 Series Switches can run the ThreatDirect container application to provide coverage on a per-VLAN basis, deployed via Cisco DNA-C. Cisco had a running demo of this capability at their Cisco Live demonstration booth.
Participating at Cisco Live 2019 was an excellent opportunity to showcase how Cisco and Attivo better protect Cisco customer’s networks through our joint partnership.
For more information on our various integrations with Cisco, please see our Cisco Partner Brief.