Cisco Secure Access Integration

Cisco Secure Access is Cisco's cloud security product, enforcing security via DNS, Secure Web Gateway (SWG), Firewall as a Service (FWaaS) and Intrusion Prevention System (IPS), Zero Trust Network Access (ZTNA), Cloud Access Security Broker (CASB), and Data Loss Prevention (DLP). Cisco Secure Access automatically uncovers attacker infrastructure staged for current and emerging threats and proactively blocks malicious requests before they reach a customer’s network or endpoints. When integrated with Cisco XDR, customers can stop phishing and malware infections earlier, identify already-infected devices faster, and prevent data exfiltration. The integration provides complete visibility into internet activity across all users in all covered locations. The following Cisco Secure Access functions are supported and linked via an API key generated in the Cisco Secure Access Platform:

  • Investigate: Provides a view into global threat data via a browser or API. This allows Cisco XDR to use that API to add threat intelligence from Cisco Secure Access Investigate to perform automated enrichment for IPs and domains that are being investigated.

  • Reports: Provides details associated with sightings of domain observables that are being investigated, API usage, and cloud-based applications and services.

  • Deployments: Provides Cisco XDR with a view into your networks and network entities data.

  • Policies: Enables Cisco XDR to add and manage Secure Access policies, which include destination lists and private resource groups.