Cisco Systems Inc. has added a managed security service to its portfolio of hosted offerings.
Managed Threat Defence is a combination of on-premise hardware and software plus remote monitoring by Cisco, which monitors data and provides incident response analysis, escalation, and remediation recommendations, paid on a subscription basis.
It can be bought either through Cisco partners or direct from the company.
Cisco didn’t immediately have pricing, but in an interview Ahmed Etman, general manager of Cisco Canada’s security division, said the UCS server(s) and software that are installed on-prem will depend on the size of the customers environment and its needs.
Cisco said the solution
- includes its Advanced Malware Protection (AMP) to detect malware and eliminate unnecessary alerts, Sourcefire’s FirePOWER for threat detection, and Cisco Cloud Web Security for email and web filtering;
- protects against unknown attacks, not seen by anti-virus, by capturing real-time streaming telemetry;
- leverages Hadoop 2.0 to apply predictive analytics to detect anomalous patterns against each customer’s unique network profile and determine suspicious behavior;
- identifies known attacks and vulnerabilities using pattern analysis and investigation against both Cisco-proprietary and community threat intelligence data;
- provides incident tracking and reporting via a subscription-based business model. This approach can lower operational costs, the company says.
Every customer gets a portal through which administrators can see monitoring data. If Cisco’s monitors spot something unusual, administrators are notified through the customer’s existing incident response system.
“As data continues to move to the cloud, more people are accessing data via mobile devices, in addition to sharing data through social channels. Consequently, security has become our customers’ number one concern,” Bryan Palma, senior vice-president of Cisco Security Solutions. “Managed Threat Defense lessens the worry associated with protecting against a breach and allows Cisco (Nasdaq: CSCO) and its partners to add value where customers need it most.”
The bot threat
Some of the most serious threats networks face today are "bots," remotely controlled robotic programs that strike in many different ways and deliver destructive payloads, self propagating to infect more and more systems and eventually forming a "botnet."