Managing the many security products in an organization’s environment is one of the key problems faced by CISOs. To help with the burden Cisco Systems today announced a cloud-based management portal for all of its products called SecureX, which it says will give administrators greater visibility to their security-related applications as well as automate workflows to speed threat detection and response.
What Cisco hopes will make the offering unique is that it doesn’t force administrators to work through SecureX’s single plane of glass — unless they want to. An admin can instead work through Cisco software they are used to, with SecureX acting as a bridge that shows security features from the other linked software there.
The announcement was made at the opening of the annual RSA Conference in San Francisco, one of the dozens of new products and capabilities companies will make there in the next few days.
SecureX, will be generally available in June and is free for licenced users of Cisco products.
Initially, SecureX will only work with Cisco products. However, third parties will be able to link their security-related products to it through application programming interfaces (APIs). Those partners will be announced shortly.
In an interview with Al Huger, Cisco’s Calgary-based vice-president of engineering for security products Cisco, explained the goals.
“What we set out to do is tie together the different capabilities we have in our portfolio — all the way from anti-malware to our authentication with Duo, our whole suite for security — and put it in one place where our customers can experience and drive change from.
“What is unique about the offering is … we’re ensuring an experience that reflects how our users use our products. So, for example, an admin using Cisco Endpoint Security who discovers a compromised endpoint can query all products linked through SecureX to see if they have seen the vulnerable file/artifact, and if so how it was dealt with. From there the admin can push out further controls (block all endpoints, firewalls/email/ multifactor authentication etc. from the file). Or the admin can work through the SecureX console.
“You can think about each product in our portfolio as a capability. Within SecureX you can leverage and licence different capabilities depending on your needs, and then you can use any of the capabilities from any of the products in the portfolio.”
SecureX also includes pre-built response playbooks, and customers can also develop their own playbooks as well for Cisco and non-Cisco products. Jeff Reed, a Cisco senior vice-president, said in a blog that the phishing playbook allows an end-user to submit a suspicious email to SecureX to get a recommendation of whether it is malicious. If it is the end-user is given recommended next steps. At the same time, an alert goes to the security team.
While it will help the detection of unknown threats and policy violations through security analytics, SecureX is not a security incident and event management (SIEM) application. The architecture relies on what the products know, Huber said, rather than storing all the data a network product pulls in to do centralized analytics.