Cisco Cyber Threat Defense

Cyber Threat Defense Overview

An advanced threat detection and response system. (3:46 min)

Stronger Protection Against Advanced Threats

Advanced threats can breach even the best security perimeter and penetrate your network undetected. And they even may hide for a while until they begin to do damage. Over time, they conduct a sophisticated strategic campaign that may use multiple methods.

Defense against this type of attack requires a new approach. You need network visibility, control, context, and intelligence. You need to understand a threat that has gained an operational footprint on the network interior and learn how it is operating.

Cisco Cyber Threat Defense is an advanced threat detection and response system. With it, you can reduce both the probability of an attack and the time to discovery and remediation of the threat. It is a Cisco Validated Design that encompasses the entire Cisco security portfolio and integrates into the fabric of the Cisco network.

Cyber Threat Defense detects, tracks, exposes, and quarantines advanced threats using the following automated capabilities:

  • NetFlow analysis: Identifies suspicious network traffic patterns inside the network
  • File analysis: Performs reputation scoring and the dynamic analysis of files traversing the network
  • Deep-packet inspection: Identifies exploits that can lead to system compromise
  • Log analysis: Uncovers stealthy activity that may be spread across days, weeks, or months
  • Policy updates: Automatically implements a change in policy or quarantine based on network behavior

Once exposed, advanced threats can be mitigated by using:

  • Restricted access for compromised devices to network resources
  • Dynamic inline blocking
  • Endpoint-based remediation

Cyber Threat Defense gives security analysts visibility and control over advanced threats. Specifically, the solution is designed to:

  • Detect network reconnaissance, including network probing that aims to identify attack vectors
  • Block known threats that are potentially part of a larger coordinated attack
  • Detect and block command-and-control traffic between the attacker and compromised internal hosts
  • Track and remediate internal malware propagation aimed at gathering information and disrupting operations
  • Protect against data loss and the stealthy exfiltration of data

Solution Components

The Cyber Threat Defense solution is built on the following components:

Additional Resources

Let Us Help

Best-in-Class Tools

Use the solution’s latest Cisco Validated Design to deploy defense in depth. (PDF - 1 MB)

Get Design Guide

An Updated Architecture

Layer your Cisco security solutions to protect your business. (PDF - 930 KB)

Get Design Guide