Cisco Security and Google

How Google and Cisco Security work together

Google Cloud accelerates organizations' abilities to digitally transform their businesses with the best infrastructure, platform, industry solutions, and expertise. We deliver enterprise-grade solutions that leverage Google's cutting-edge technology – all on the cleanest cloud in the industry. Customers in more than 200 countries and territories turn to Google Cloud as their trusted partner to enable growth and solve their most critical business problems.

Product Integrations

  • SecureX orchestration: Workflow consumes the Google Threat Analysis Group and converts individual blog posts into Cisco SecureX casebooks, if they contain suspicious observables. These casebooks can then be investigated with one click in SecureX Threat Response. Workflows
  • SecureX threat response:
    • - Google Chronicle: The Google Chronicle SecureX threat response module enables queries for Sightings of observables (IP, domain, hash, file name, file path) within the SIEM. Also, List Assets, obtain IOC Details, to List Alerts within a time range, and to List IOCs within a time range.
    • - Google Safe Browsing: Google Safe Browsing helps protect over four billion devices every day by showing warnings to users when they attempt to navigate to dangerous sites or download dangerous files. Safe Browsing also notifies webmasters when their websites are compromised by malicious actors and helps them diagnose and resolve the problem so that their visitors stay safer. Safe Browsing protections work across Google products and power safer browsing experiences across the Internet. Supported Types of Observables: url, domain. Returns Judgement, Verdict.
    • - VirusTotal: VirusTotal is a free service that inspects items with over 70 antivirus (AV) scanner and URL/domain blocked list services, in addition to a myriad of tools to extract signals from the submitted content. In the incident response process, it allows users to query a URL, IP address, domain or file hash to gain additional context from the AV scanners and services as to the threats associated with the sample.
  • Secure Firewall: Google Chronicle can parse Secure Firewalls three main syslog event types collected directly from the Secure Firewall appliance.
  • CloudLock: CloudLock is a Google Apps Premier Technology Partner and uses a cloud-native, API-based architecture, delivering immediate risk reduction without interfering with Google Apps end-user experience or requiring any hardware, gateways, or proxy configuration.
  • Secure Endpoint: Siemplify and Cisco Secure Endpoint work together to provide security operations teams around the world with stronger prevention, detection and response capabilities. By utilizing the Secure Endpoint integration in Siemplify, Security teams are able to easily provide context to any and all alerts, enable quicker triage and decision making, and facilitate higher level investigation and response capabilities.
  • Identity Services Engine: Siemplify's security orchestration, automation and incident response platform enable security operations teams to investigate, analyze and respond to threats faster, with less effort. Through its integration with Cisco Identity Services Engine (ISE), Siemplify delivers the vital context needed to build a full threat storyline as well as respond to and contain incidents more decisively.
  • Secure Malware Analytics: By utilizing Siemplify‘s integration with Secure Malware Analytics, Security teams can easily leverage Secure Malware Analytics intelligence to receive context and triage alerts as well as easily automate malware analysis for a large number of use-cases
  • Secure Network Analytics: Secure Network Analytics leverages GCP Flow logs and audit logs to monitor and detect threats for a customers who deploy services using GCP IaaS and functions
  • Umbrella: Siemplify’s security orchestration, automation and incident response platform enables security operations teams to investigate, analyze and respond to threats faster and with less effort. By integrating with Cisco Umbrella, security operations teams can more quickly apply robust threat intelligence and analyze malware to conduct more efficient investigations and make better response and remediation decisions.

Oort: Google Workspace is a collection of cloud computing, productivity and collaboration tools, software and products developed by Google. It holds a great deal of information about company identities. Just add your API key to bring in:

  • Users
  • Devices
  • Groups
  • Events

The Oort identity security platform then correlates this information with other identity sources within an enterprise to provide a complete picture of the user behavior and highlight any anomalous activity or identity risks.

Useful links

Security Suites