Datasheets

Investigate from Cisco Umbrella

Issue link: https://learn-umbrella.cisco.com/i/711474

Contents of this Issue

Navigation

Page 1 of 1

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) Combine human intelligence These models are built and tuned by the Cisco Umbrella security researchers — our team of data scientists, engineers, mathematicians, and security researchers. The Umbrella security researchers leverage 3D visualization, numerous data mining techniques, and security expertise to develop the models and add additional context to the output of the models. They continuously come up with new ways of analyzing the data to find new connections and patterns. Result: Predictive intelligence As a result of this analysis, we can accurately identify malicious domains, IPs, networks, and file hashes across the internet, and even predict where future attacks may be staged. How it helps you • See attacks like never before with internet-wide visibility: Our view into global internet requests shows where attackers are staging infrastructure and how bad, good, or unknown domains, IPs, ASNs, and file hashes are connected. • Speed up incident response: Incident response times can lag when security teams do not have the right context or access to pertinent information early in the investigation. By speeding up incident investigations, you can respond faster and reduce attacker dwell time in your environment. • Prioritize incident investigations: To properly triage incidents, you need to get accurate information and the relevant context quickly. Our unique view of the internet enriches your security event data and threat intelligence with global context to help better prioritize investigations. • Use threat intelligence more effectively: Bolster your outdated, commodity threat feeds with our up-to-the-minute, internet-scale intelligence. Use Cases Speed up investigations Stay ahead of attacks Prioritize investigations and response Enrich security systems with real-time data How you can use Investigate Dynamic search engine Our web-based console gives you real-time access to all of our intelligence and the ability to interactively pivot on different data points during investigations. You can either query Investigate for exact matches to domain names, IP addresses, email addresses, ASNs, and file hashes, or use pattern search for more flexible queries of certain terms, brand names, patterns, and non-exact matches. RESTful API Investigate provides API access to bring contextual data into your SIEM, threat intelligence platform, or incident workflow so you can quickly surface high impact security incidents. Product capabilities • Associate attacks with specific domains, IPs, ASNs, and malware in order to map out attacker infrastructure. • See suspicious spikes in global DNS requests to a specific domain. • Predict where future attacks might be staged by identifying related domains and IPs that are associated with malware. • Research the behavioral indicators and network connections of malware samples with data from Cisco AMP Threat Grid. • Use WHOIS data to see domain ownership and uncover malicious domains registered with the same contact information. • Leverage our risk scoring across a number of domain attributes to assess suspicious domains. • Detect fast flux domains and domains created by Domain Generation Algorithms. • Access the largest passive DNS and WHOIS database to see historical data about domains.

Articles in this issue

Links on this page

view archives of Datasheets - Investigate from Cisco Umbrella