Cisco Rapid Threat Containment

Detect, Analyze, and Stop Threats

Quickly and automatically remove infected endpoints. (2:26 min)

Stop Threats Before They Stop You

Get answers fast about threats on your network and stop them even faster. Cisco Rapid Threat Containment uses an open integration of Cisco’s security products, technologies from Cisco security partners, and the network control of the Cisco Identity Services Engine (ISE).

In addition, you can protect critical data through the solution’s Threat-Centric NAC feature: Dynamically change your users’ access privileges when their threat or vulnerability scores go up.

Get Answers Faster

Organize relevant threat information on one platform instead of having to conduct lengthy investigations, traversing from system to system.

Stop Attacks Faster

Stop a threat immediately by directing ISE to contain the device. Automate your responses so you don’t have to spend time on threats that are clearly identified.

Protect Critical Data Faster

Change users’ access privileges before or after they get on the network, based on their threat score. If a device starts to act suspiciously, you can automatically deny it access to critical resources such as finance or patient records while allowing access to noncritical resources.

The Cisco Rapid Threat Containment Solution offers:

Context and control: The Cisco Identity Services Engine provides contextual identity data (user, device type, and posture). It contains threats by using the network as an enforcer with VLANs or Cisco TrustSec security groups.

Integration: Cisco Platform Exchange Grid (pxGrid) provides an open, highly secure system for security technologies to exchange intelligence, obtain contextual information from ISE, and direct ISE to contain threats.

Intelligence: Cisco partners who integrate their technologies with pxGrid’s Rapid Threat Containment capability can share their data and use ISE to control network access to threatening devices.

Cisco security technologies: With the Cisco Firepower Management Center and Stealthwatch behavior analysis, you can share security intelligence. You can also request threat containments through ISE.

Threat-Centric NAC technologies: You can use the standard expressions of of the Structured Threat Information Expression (STIX) for threats and the Common Vulnerability Scoring System (CVSS) for vulnerabilities to help ensure consistent categorization and responses. Qualys is integrated with pxGrid for vulnerabilities and Cisco AMP for threats.

The Rapid Threat Containment solution is supported by Cisco customer service.

For more details on Cisco Rapid Threat Containment, please contact your local Cisco sales representative or Cisco Partner.

Featured Content

Additional Resources