Cisco Security and IBM SOAR

IBM SOAR Incident Response Platform (IRP) is the leading platform for orchestrating and automating incident response processes. IBM SOAR IRP quickly and easily integrates with your organization’s existing security and IT investments. It makes security alerts instantly actionable, provides valuable intelligence and incident context, and enables adaptive response to complex cyber threats. IBM SOAR IRP includes Dynamic Playbooks, that provide the agility, intelligence, and sophistication needed to contend with complex attacks, automatically adapting to real-time incident conditions.

Product Integrations

Umbrella: The Cisco Umbrella enforcement API, included with Umbrella Platform, integrates directly with the IBM SOAR incident response platform. This app allows for streamlined malicious domain-based threat mitigation, extending network and on-prem based intelligence and threat containment to where your users operate. SOAR & Investigate: This app combines Cisco Umbrella Investigate API integration with the IBM SOAR Incident Response Platform, the leading platform for orchestration of people, process, and technology. This integration includes out-of-the-box workflows that provide threat analysis in a single workbench and a set of discrete functions that SOAR administrators can easily deploy in custom workflows.

Secure Malware Analytics: The IBM SOAR + Cisco Malware Analytics app provides security teams with actionable insights needed to respond to incidents faster. Built directly into the SOAR Incident Response Platform, this powerful integration enables analysts to rapidly drill down from SOAR into the Malware Analytics unified malware analysis and threat intelligence platform. Analysts in SOAR can both look up indicators of compromise within Malware Analytics and submit suspected malware for detonation within the sandbox technology. These findings are automatically pulled into an incident report. Security teams gain valuable incident data (for example, affected assets, related system information, forensic evidence, and threat intelligence) and can populate it into SOAR’s powerful and dynamic response playbooks.

Secure Endpoint: Cisco Security Endpoint integration with QRadar provides a consolidated view of security events across endpoints in a single dashboard eliminating the need to toggle between tools and monitoring of real-time endpoint threat detection. Security analysts can search, correlate, and analyze Cisco Security Endpoint threat events within QRadar. Then quickly drill down into detected threats; including identifying the user who initiated the attack, which machine the threat originated, and what file triggered the attack.