Cloud-based Threat Protection
Advanced statistical modeling identifies new threats and adapts over time.
Stop Threats in the Network
More than 90 percent of network threats come through the web. Cybercriminals use it to establish command-and-control communications and to exfiltrate sensitive information. There are significant financial incentives for successful attacks. So these criminals have become proficient at taking advantage of any gaps in security and creating new techniques to conceal their activity.
Cisco Cognitive Threat Analytics automatically identifies and investigates suspicious web-based traffic. It quickly detects and responds to attempts to establish a presence in your environment and to attacks that are already under way. The attack can be from a known threat campaign that has spread across multiple organizations, or a unique threat never seen before. It doesn’t matter. You can quickly remediate the infection and reduce its scope and damage.
When deployed, Cognitive Threat Analytics sets a baseline for your web traffic and searches for anomalous activity. On average, it finds 45 infected hosts per 5000 employees in the first week.
Rapidly Detect Threats
Threats can be botnets, rootkits, malvertising, or any piece of malware. Most of them will attempt to establish a presence within an organization’s environment. Cognitive Threat Analytics rapidly detects advanced threats attempting to communicate with a command-and-control infrastructure, before they have a chance to do damage.
Stop Data Exfiltration
Many organizations must protect trade secrets or risk financial ruin. Cognitive Threat Analytics analyzes web traffic and identifies both its source and its destination, the legitimacy of the destination, the size and type of information that is being returned, and what other domains are being communicated with. It can indicate the exfiltration of your most sensitive data, whether over HTTP, HTTPS, or even anonymous applications such as Tor.
Drastically Reduce Investigations
By identifying confirmed threats, Cognitive Threat Analytics eliminates false positive alerts and reduces the amount of time investigators spend determining the root cause of an incident. Organizations can quickly remediate threats and focus on running their business.
Integrate Easily with Other Technologies
Cognitive Threat Analytics uses Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Indicator Information (TAXII). It integrates with existing security monitoring technologies, including security information and event management (SIEM) platforms. You can integrate and automate your response with an established workflow.
Cognitive Threat Analytics is easy to turn on, and can be deployed in a variety of ways:
- As part of [Cisco Cloud Web Security Premium, it independently analyzes web traffic to spot anomalous activity and detect breaches.
- You can use the Cisco Web Security Appliance to turn your web proxy into a security sensor. Cognitive Threat Analytics analyzes web logs for anomalous traffic.
- Third-party proxies, including BlueCoat ProxySG
- Cognitive Threat Analytics Data Sheet
- Cognitive Threat Analytics At-a-Glance
- Cisco Cognitive Threat Analytics on Cisco Cloud Web Security At-a-Glance (PDF - 261 KB)
- Optimum Defense with CWS Premium Cognitive Threat Analytics (5:22 min)
- Cognitive Threat Analytics on Cisco Web Security Appliance (PDF - 437 KB)