Time is critical when facing an incoming attack. Security analysts and incident responders must quickly detect, investigate, understand, and react quickly to limit any potential damage. They sift through threat intelligence information from multiple sources and event logs from multiple devices to determine what’s happening and what to do about it, and then from that information derive an effective response strategy and implement that strategy across several security products. Much of this process today is manual, error-prone, and time-consuming.
That’s why we developed Cisco Visibility, an innovative platform that improves the efficiency and accuracy of your incident response operations. It brings together critical information from Cisco and third-party sources into a single, intuitive investigation and response console. Cisco Visibility offers combined threat intelligence, event log information, and relationship graphs to confirm an attack and to quickly and intuitively see what’s happening. It enables teams to work together on efficient and effective response actions.
How? Here’s one example: When I discuss Cisco Visibility, I often describe one of its many benefits as the resulting reduction in “copy-paste lag”. While this is somewhat tongue in cheek, it’s also entirely true. Bringing data together in one console reduces the significant amount of time analysts currently spend transporting information from one UI to another and gathering all the responses from all of them into a note taking application. What if something could gather all that info for them, and collect it into one spot? That’s exactly the use case for Visibility, and for the most recent Visibility feature, “Casebooks”.
Casebooks is an API and data structure hosted in Visibility that allows other applications to provide UI components for submitting observables directly to Visibility for immediate reputation lookups without ever leaving the host application’s interface. It allows you to gather observables in groups (aka cases). Additionally, it allows you to assign the case a name, take notes, and add other observables directly into the casebooks portion of that UI. And because it’s all hosted at Visibility, your case notes can follow you from product to product, eventually across the Cisco security portfolio.
This capability has been previously leveraged already by Threat Grid, and was recently released for AMP for Endpoints. Get ready to make use of the Casebooks feature in either, by having a deeper look at how it streamlines investigations and response in this video.
If you are a customer of AMP for Endpoints or Threat Grid, using the public North American or European clouds for either, you already have access to Visibility! Go to your product interface and follow the instructions there to sign up, configure your account, and start using this powerful, free tool today.
To see more of Cisco Visibility in action, check out this Cisco ThreatWise TV episode and ask your Cisco account team about it.