Cisco acquired a company called CloudLock that creates solutions to protect their customers against data breaches in any cloud environment and application (app) through a highly configurable cloud-based data loss prevention (DLP) architecture. CloudLock has numerous out-of-the-box policies and a wide range of automated, policy-driven response actions, including the following:
1. File-level encryption
3. End-user notifications
These policies are designed to provide common data protection and help with compliance. CloudLock also can monitor data at rest within platforms via an API and provide visibility of user activity through retroactive monitoring capabilities. This solution helps organizations defend against account compromises with cross-platform User and Entity Behavior Analytics (UEBA) for Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Identity as a Service (IDaaS) environments.
CloudLock uses advanced machine learning to be able to detect anomalies and to identify activities in different countries that can be whitelisted or blacklisted in the platform. CloudLock Apps Firewall is a feature that discovers and controls malicious cloud apps that may be interacting with the corporate network.
Cisco acquired a company called OpenDNS that provides DNS services, threat intelligence, and threat enforcement at the DNS layer. OpenDNS has a global network that delivers advanced security solutions (as a cloud-based service) regardless of where Cisco customer offices or employees are located. This service is extremely easy to deploy and easy to manage.
Cisco has also incorporated the innovative advancements to threat research and threatcentric security that OpenDNS has developed to block advanced cyber security threats with other security and networking products. Millions of people use OpenDNS, including thousands of companies, from Fortune 500 enterprises to small businesses.
OpenDNS provides a free DNS service for individuals, students, and small businesses. You can just simply configure your endpoint (laptop, desktop, mobile device, server, or your DHCP server) to point to OpenDNS servers: 184.108.40.206 and/or 220.127.116.11.
It also provides the following premium services:
1. OpenDNS Umbrella
2. OpenDNS Investigate
CISCO THREAT AWARENESS SERVICE
The Cisco Threat Awareness Service (CTAS) is a threat intelligence service that provides Cisco customers with network visibility by making security information available 24 hours a day, 7 days a week. CTAS is a cloud-based service that is accessed via a web browser.
It allows Cisco customers to maintain visibility into inbound and outbound network activity from the outside and displays potential threats requiring additional attention by the network security staff. CTAS requires no configuration changes, network infrastructure, or new software, as it tracks the domain names and IP addresses of Cisco customer premises to alert on suspicious activity or requests. CTAS also provides remediation recommendations through its web portal.
Cisco provides a base offer of the CTAS service with Cisco Smart Net Total Care Service at no additional cost. A premium offer is available as a yearly subscription for customers looking to track an unlimited number of domain names and IP addresses.
CISCO AMP THREAT GRID
Cisco acquired a security company called Threat Grid that provides cloud-based and on-premises malware analysis solutions. Cisco integrated Cisco AMP and Threat Grid to provide a solution for advanced malware analysis with deep threat analytics. The Cisco AMP Threat Grid integrated solution analyzes millions of files and correlates them with hundreds of millions of malware samples. This provides a look into attack campaigns and how malware is distributed.
This solution provides a security administrator with detailed reports of indicators of compromise and threat scores that help prioritize mitigations and recover from attacks. Cisco AMP Threat Grid crowdsources malware from a closed community and analyzes all samples using highly secure proprietary techniques that include static and dynamic analysis.
These are different from traditional sandboxing technologies. The Cisco AMP Threat Grid analysis exists outside the virtual environment, identifying malicious code designed to evade analysis. There is a feature in Cisco AMP Threat Grid called Glovebox that helps you interact with the malware in real time, recording all activity for future playback and reporting. Advanced malware uses numerous evasion techniques to determine whether it is being analyzed in a sandbox. Some of these samples require user interaction.
Glovebox dissects these samples without infecting your network while the samples are being analyzed. Glovebox is a powerful tool against advanced malware that allows analysts to open applications and replicate a workflow process, see how the malware behaves, and even reboot the virtual machine.
CISCO CLOUD EMAIL SECURITY
Cisco Cloud Email Security (CES) provides a cloud-based solution that allows companies to outsource the management of their email security. The service provides email security instances in multiple Cisco data centers to enable high availability.
The Cisco Hybrid Email Security solution combines both cloud-based and on-premises ESAs. This hybrid solution helps Cisco customers reduce their onsite email security footprint and outsource a portion of their email security to Cisco, while still allowing them to maintain control of confidential information within their physical boundaries.
Many organizations must comply with regulations that require them to keep sensitive data physically on their premises. The Cisco Hybrid Email Security solution allows network security administrators to remain compliant and to maintain advanced control with encryption, DLP, and onsite identity-based integration.