Feature Briefs

Custom Integrations

Issue link: https://learn-umbrella.cisco.com/i/718719

Contents of this Issue


Page 0 of 1

For the first time, you can prevent — not only detect — threats both on and off the corporate network using an API. Cisco Umbrella is a cloud security platform built into the foundation of the internet that enforces your threat intelligence at the DNS layer. Programmatically take immediate action on threat intelligence Hours or days can go by before you manually configure appliance or agent-based defenses to take action on newly aggregated threat intelligence. Cisco Umbrella enables you to complete the last necessary step to operationalize your threat intelligence. By leveraging the Umbrella API, you can create up to 10 custom integrations between your own in-house systems and our cloud security platform. Each integration allows your custom scripts to automatically add or remove domains in a separate security category. You can enforce different policies on each security category. By enforcing security at the DNS layer, Umbrella uses the internet's existing infrastructure to keep malware, phishing, and command & control callbacks (C2) from compromising systems and exfiltrating data over any port, protocol, or app. Blocking internet activity attributed to your domains on any device — on or off the network — reduces the time between detection and prevention to seconds. If any devices are requesting suspicious domains, you gain global visibility instantly and can store logs indefinitely for incident response. " By 2017, at least 50% of technology providers will use intelligence-sharing capabilities between disparate technologies and across different vendors to support orchestrated security policy responses across protected environments." Lawrence Pingree, Ruggero Contu, Eric Ahlm Context-Aware Security and Intelligence-Sharing Concepts Merge to Create Intelligence- Aware Security Controls © 2016 Cisco and/or its affiliates. All rights reserved. Custom integrations with Cisco Umbrella. Immediately convert your threat intelligence into global threat prevention. F E AT U R E B R I E F Curate & correlate Take immediate action Umbrella Enforcement Blocks internet activity attributed to domains and retains all DNS logs for as long as required. Investigate Intelligence Access our threat intelligence about domains, IPs, ASNs, •le hashes, and more. Get logs Post domains Get context on domains, IPs, les, etc. Custom in-house systems Your in-house systems may contain, for example, a SIEM that ties together several internal servers, AWS cloud services, and your own scripts. But no matter what you have built, you can integrate it with Umbrella. Internal servers Your scripts Security incident & event management Logs S3

Articles in this issue

Links on this page

view archives of Feature Briefs - Custom Integrations