One Pager

Cisco Public

Enhancing SecureX Using Threat

Intelligence Integrations
From its inception, one of the key functions of SecureX is the ability to aggregate and
contextualize local security data and global threat intelligence.
The goal of this feature is to create layers of threat intelligence that provide context along with better visibility for faster and more efficient threat detection.

For all users, SecureX by default includes access to the following Cisco Secure threat intelligence sources:

AMP File Reputation SecureX Global Threat Intelligence Talos Intelligence database
Composed of reputation ratings for billions of file (formerly AMP Global Intelligence)
hashes, collected from multiple sources including Talos, Curated from several internal and open-source threat Populated with threat information discovered by the
Cisco Secure Malware Analytics (formerly Threat Grid), intelligence sources global Talos research team’s advanced, and often
and Secure Endpoint custom, tooling

We recognize that there “Dwell time overall has dropped significantly because
are a vast number of the integrations and the ribbon allow me to zero in on
threat intelligence something and then compile and distribute that information
sources beyond those.
There’s no shortage of research organizations
much faster and way more effectively, so others can see
providing their own intelligence and Cisco has what I’m seeing. They can see the file in question, the
partnered with some of the best. We believe that
enhancing threat intelligence, wherever possible, machine in question, who was talked to, the suspicious IP
builds a platform that provides more accurate
and more actionable insights. it went to, the alerts that are going, and why we need to
look into it.”1

Integrations between an organization’s own security tools

and SecureX enables them to aggregate and share threat
intelligence across Cisco Security products and their
other vendors.
These additional threat resources provide greater context, which enables faster and more efficient threat detection.
Introducing a variety of intelligence to your security platform results in a more robust security posture.
Interviewees indicated that containing a threat faster could substantially reduce an incident’s damage and cost.
The CISO at a healthcare organization explained:

“Our taking remedial action in 15 minutes instead of several

hours could prevent a threat actor from gaining a foothold
and causing millions in damage from a single incident. With
ransomware, for instance, the big part is reducing the
exposure; if only a little bit of data is involved, the ransom
requested would be less.”1

Including multiple threat “By aggregating and correlating data across many individual
intelligence resources security tools, SecureX provided context and streamlined
within SecureX increases security analysts’ efforts to understand and address
a team’s ability
to correlate data, ensure the severity of potential threats
security threats, including determinations of root cause,
based on numerous data points, and provides broader first-seen/last-seen, threat impact, threat scope, attack
visibility across an organization, including indicators of
threat trajectory. trends, and containment verification. Since SecureX
presented these elements within the “ribbon”—a common
investigative workflow—analysts did not have to break
rhythm to log in to separate tools.”1

Currently, there are over 50 SecureX integrations

available—many for free!
Cisco does not charge for the integrations; you just paste in your API key(s) from you other security tools.
The more insight that is brought into your SecureX platform through these invaluable third-party integration
partners, the more powerful your threat hunting becomes. To ensure you’re optimizing SecureX for your
environment, Cisco CX services will build any necessary integration that may not currently be a part of
the existing integrations that are offered.

There’s compelling evidence to support the value of SecureX and threat intelligence integrations
in Forrester’s TEI study of Cisco SecureX.
The report found that switching to an integrated approach helped a composite organization achieve incredible results, over three years:

$538K
Net present value
90%
Reduction in analyst effort per incident
45-50%
Decreased risk and cost of a data breach

Explore the list of free threat intelligence integrations below:

Supported types
Technology Website Core value
of observables

APIvoid apivoid.com/about Database of 17 API services, mostly focused on threat analysis and threat intelligence. • IP • Domain

Abuse IPdb abuseipdb.com Check the report history of any IP address to see if anyone else has reported malicious activities. • IP • IPv6

• Domain • SHA256
Open Threat Intelligence Community. OTX provides access to a global community of threat researchers
• Email • IP
AlienVault OTX otx.alienvault.com and security professionals, with more than 100,000 participants in 140 countries, who contribute over
• MD5 • IPv6
19 million threat indicators daily.
• SHA1 • URL

CyberCrime Tracker cybercrime-tracker.net Old school threat intelligence sharing. • IP • URL

transparencyreport.google.com/ Safe Browsing is a service that Google's security team built to identify unsafe websites across the web
Google SafeBrowsing • URL • Domain
safe-browsing/overview and notify users and website owners of potential harm.

• IP • MD5
IBM's threat intelligence community. Check for IOCs, keywords, malware intelligence, or even Collections
IBM X-Force Exchange exchange.xforce.ibmcloud.com • IPv6 • SHA1
that other users have contributed.
• Domain • SHA256

Bring together known community threat intelligence into one place and vet that data to reduce noise and
• IP • Domain
Pulsedive pulsedive.com/about help make determinations. Correlate observed IOCs not only by ASN or country, but by more complex
• IPv6 • URL
characteristics like HTTP headers and PTR records.

Shodan shodan.io Shodan is the world's first search engine for Internet-connected devices. • IP • Domain

Search in a database of millions of public observables to get an up-to-date and pertinent aggregated • IP • Domain
ThreatScore console.threatscore.cyberprotect.cloud
threat level. • IPv6

• IP • Domain
urlscan.io urlscan.io Open-source threat intelligence on urls, domains and IPs.
• IPv6 • URL

• IP • SHA1
• IPv6 • SHA256
VirusTotal virustotal.com/gui/home/search Google owned threat intelligence database, from the results of antivirus scanning.
• Domain • URL
• MD5

What next steps can you take to enhance your existing SecureX capabilities?

Discover more about our integrations Take a look at our Technical Alliance Read the full Forrester report.
and partners and why threat response Partners and see how easy it is to
integrations matter. enhance your SecureX capabilities.

1 The Total Economic Impact™ (TEI) of Cisco SecureX: a Forrester Report

© 2022 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of
Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/
trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not
imply a partnership relationship between Cisco and any other company. 756599725 | 02/22