Breach detection and analytics
Now you can automatically investigate suspicious web traffic. Cognitive Threat Analytics quickly detects and responds to attempts to establish a presence in your environment and to attacks that are already under way. All without additional hardware or software to deploy.
Features and capabilities
Stop threats in your network
More than 90 percent of attacks use the web for command-and-control communication. Yet employees visit thousands of websites every day without a thought to their legitimacy. Nor do they know what those websites might be serving up. Cognitive Threat Analytics analyzes anomalous web traffic. It pinpoints attacks before they can begin to exfiltrate sensitive data.
Rapidly detect threats
Threats can be botnets, rootkits, malvertising, or any other piece of malware. Most of them will attempt to establish a presence within an organization’s environment. Cognitive Threat Analytics detects advanced threats attempting to communicate with a command-and-control infrastructure, usually within 2 to 3 hours.
Stop data exfiltration
Many organizations must protect trade secrets or risk financial ruin. Cognitive Threat Analytics:
- Identifies both the source and the destination of web traffic. It verifies the legitimacy of the destination, notes the size and type of information that is being returned, and checks what other domains are being communicated with.
- Can detect the exfiltration of your most sensitive data, whether over HTTP, HTTPS, or even anonymous protocols such as Tor.
Drastically reduce investigations
By identifying confirmed threats, Cognitive Threat Analytics:
- Eliminates false-positive alerts
- Reduces the amount of time investigators spend determining the root cause of an incident
- Helps your IT team quickly remediate threats and focus on running your business
Easily integrate with other technologies
Cognitive Threat Analytics:
- Uses Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Indicator Information (TAXII)
- Integrates with existing security monitoring technologies, including security information and event management (SIEM) platforms
- Automates responses with an established workflow
Specifications at a Glance
- No software or hardware to deploy
- Initial results within hours of baselining
- Available as add-on license to Cisco Web Security Appliance, as part of Cisco Cloud Web Security Premium, or as a standalone solution that can analyze third-party proxy logs
Protect against web-based threats
Learn how we helped a transportation company catch what its antivirus software missed.Read case study