Customize Your Cisco Security Solutions via APIs - Cisco Certifications

Cisco Umbrella APIs help you create awesome programs

Dear reader. This is the first in a series of blogs where I will discuss Cisco Security solutions and their respective API’s. The goal of these blogs is to enable you to leverage the most out of the various Cisco Security solutions and customize them according to your needs. This first blog in the series is about Cisco Umbrella and how its API’s can be used to create awesome programs. We’ve even produced a series of videos that will allow you to get hands-on with those API’s.

Stay tuned for more blogs in this series about AMP, Firepower and more API’s!

Extend Cisco Threat Response to any HTML based page in Chrome!

Cisco Umbrella is a unique platform which offers both real time Threat Intelligence, as well as the capabilities to mitigate attacks across an organization in a split second. Umbrella combines many sources of data (among which the daily 175B DNS requests sent to the platform) to detect and predict malicious actors on the Internet. On top of that you can leverage Umbrella to block domains instantly for all on-premise and off-premise devices. The Umbrella Investigate and Enforcement API offer these functionalities respectively, enabling developers to take full advantage of these unique capabilities from their own customized programs. To be more precise: developers can now have access to a very rich Threat Intelligence source, while at the same time block domains for their users, both on and off network.

A good example of the use of these Umbrella API’s in action, is Cisco Threat Response (CTR) and the CTR Chrome Plugin (now in beta, try it out!). The Plugin uses both the Enforcement and the Investigate API. It lets users research any observable (e.g. Domain, IP-address, File-Hash, URL, etc.), on any HTML-based webpage, in Chrome by selecting the text and right-clicking on it. Check out the screenshots and descriptions below to understand how it works:

First you select the text (this can also be multiple observables or an entire block of raw text, the built-in parser will take care of the rest), and right click. Then you click on the browser plugin Cisco Threat Response:

After that the well-known pivot menu from Cisco Threat Response pops up natively in your browser window. The Chrome Plugin uses the CTR API (the “Inspect” API endpoint) in the background to parse out the observables from the selected text. This CTR “Inspect” API endpoint takes raw text as input and can parse out and classify observables, like IP-addresses, file-hashes and domains, and return this is JSON format. This makes it very easy to integrate CTR with any other solution, as the data does not have to be in a certain format. As mentioned, the Chrome Plugin allows you to select 1 observable, but you can also select an entire block of raw text and the CTR “Inspect” API endpoint takes care of the rest. As you can see in the screenshot below, the Judgement of this observable can be viewed directly: “Malicious Domain”. This has been queried using the Umbrella Investigate API. Next you are able to directly block the domain, without ever leaving the page you were visiting (in this case the Talos Threat Roundup of November). The domain is blocked using the Umbrella Enforcement API (“Block this Domain”).

When you would click on “Investigate this Domain” you would cross-launch into CTR and all of the configured modules will be queried for the Observable(s). For example, the Umbrella Reporting API (available with all Umbrella packages) will then also pull in Umbrella events to the Cisco Threat Response dashboard (if there are any sightings of the Observable).

Our experts say about Cisco Certification Exams

Security Vigilance Never Rests: Moving to Active Threat Detection

Few things are as dynamic as cybersecurity. Modern networks have become increasingly sophisticated and complex. Today’s network extends to myriad devices fueled by a mobile workforce and more organizations are shifting workloads to the cloud as they move towards a more digitized future. A diversifying and expanding network has many advantages, but it also increases points of vulnerability, while simultaneously making it more difficult to see what’s happening across the network.

Security threats have also evolved rapidly in terms of scale and sophistication. Threats may come in the form of ransomware attacks or attackers might find their way into a network via credentials compromised during a successful phishing expedition. Regardless of the attack method, attackers are successfully penetrating your network, where they often persist for weeks or even years. Organizations need security practices that pinpoint advanced threats early in the attack lifecycle, before they are able to steal valuable assets and do lasting brand damage.

Completing the Modern Active Threat Detection Equation

Network Analysis and Visibility (NAV) is a critical aspect of any security program. With better insight into what people and devices are doing on the network, organizations can answer challenging security questions, specifically those related to data access and user behavior. Bottom line: if you want to get a better understanding of your digital business and how it behaves, you first need to acquire sufficient telemetry data. Fortunately, your network, including routers, switches, and firewalls, can provide the rich telemetry you need to obtain a better understanding of all of the activity that goes on across your network. However, effective NAV is just one part of the threat detection equation.

Once you have the telemetry, you need a scalable approach to detecting abnormal activity. Because attackers use multiple methods to expand their penetration of your network, you must employ multiple analytical techniques to detect these threat behaviors early and ensure that they are eradicated completely. This is the role of security analytics tools, which detect and identify behaviors that are indicative of malicious activity. They do this by integrating a variety of telemetry sources using techniques such as behavior modeling and machine learning. All this should be supplemented by global threat intelligence that is aware of malicious campaigns and maps the suspicious behavior to an identified threat for increased fidelity of detection.

Historically, active threat hunting inside the network was only affordable only by the largest organizations and even then, relatively simple algorithms generated the human effort intensive task of following up on many false positives. By utilizing the best of NAV and modern security analytics in tandem, all organizations can adopt an active threat detection practice that seeks out malicious behavior operating inside their perimeter, so security teams large and small can focus on critical threats, and take quick and effective action.

Security Analytics and Cisco Stealthwatch

However, not all security analytics tools are created equal. Cisco Stealthwatch collects and analyzes massive volumes of data giving even the largest, most complex networks comprehensive internal visibility and protection. It then employs three core analytics approaches that work together to catch threats at the earliest point in the attacker’s activities.

• Using behavioral analytics, Stealthwatch closely monitors the activity of every device on the network and is able to create a baseline of normal behavior. Additionally, it also has a deep understanding of known bad behaviors and can apply close to 100 different security events or heuristics that look at various types of traffic behavior.
• Stealthwatch also applies machine learning to hunt for advanced threats and potential malicious communications. Massive amounts of data are processed in near real time to discover critical incidents, which in turn, provides your SOC with clear courses of action to quickly remediate key threats and better avoid false alarms.
• A global threat intelligence feed powered by Cisco Talos correlates suspicious activity in the local network environment with data on thousands of known command-and-control servers and campaigns to provide high-fidelity detection and faster threat response.

Effective active threat detection is not achieved by applying just one technique. By utilizing NAV tools alongside comprehensive network telemetry, behavioral modeling, machine learning, and top tier global threat intelligence, you can stop threats early and ensure the overall safety and security of your organization’s assets.

You Can Easily Get CCNP Certification Exam Dumps Guide Here