Cisco Cognitive Threat Analytics

Cloud-based Threat Protection

Advanced statistical modeling identifies new threats and adapts over time.

Cloud-based Threat Protection

Stop Threats in the Network

More than 90 percent of network threats come through the web. Cybercriminals use it to establish command-and-control communications and to exfiltrate sensitive information. There are significant financial incentives for successful attacks. So these criminals have become proficient at taking advantage of any gaps in security and creating new techniques to conceal their activity.

Cisco Cognitive Threat Analytics automatically identifies and investigates suspicious web-based traffic. It quickly detects and responds to attempts to establish a presence in your environment and to attacks that are already under way. The attack can be from a known threat campaign that has spread across multiple organizations, or a unique threat never seen before. It doesn’t matter. You can quickly remediate the infection and reduce its scope and damage.

When deployed, Cognitive Threat Analytics sets a baseline for your web traffic and searches for anomalous activity. On average, it finds 45 infected hosts per 5000 employees in the first week.

Rapidly Detect Threats

Threats can be botnets, rootkits, malvertising, or any piece of malware. Most of them will attempt to establish a presence within an organization’s environment. Cognitive Threat Analytics rapidly detects advanced threats attempting to communicate with a command-and-control infrastructure, before they have a chance to do damage.

Stop Data Exfiltration

Many organizations must protect trade secrets or risk financial ruin. Cognitive Threat Analytics analyzes web traffic and identifies both its source and its destination, the legitimacy of the destination, the size and type of information that is being returned, and what other domains are being communicated with. It can indicate the exfiltration of your most sensitive data, whether over HTTP, HTTPS, or even anonymous applications such as Tor.

Drastically Reduce Investigations

By identifying confirmed threats, Cognitive Threat Analytics eliminates false positive alerts and reduces the amount of time investigators spend determining the root cause of an incident. Organizations can quickly remediate threats and focus on running their business.

Integrate Easily with Other Technologies

Cognitive Threat Analytics uses Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Indicator Information (TAXII). It integrates with existing security monitoring technologies, including security information and event management (SIEM) platforms. You can integrate and automate your response with an established workflow.

Cognitive Threat Analytics is easy to turn on, and can be deployed in a variety of ways:

  • As part of [Cisco Cloud Web Security Premium, it independently analyzes web traffic to spot anomalous activity and detect breaches.
  • You can use the Cisco Web Security Appliance to turn your web proxy into a security sensor. Cognitive Threat Analytics analyzes web logs for anomalous traffic.
  • Third-party proxies, including BlueCoat ProxySG

Additional Resources

Related Links