Accelerate Detection of Security Incidents with Cisco Umbrella and AlienApp Integration29 Jul 2019
The AlienApp™ for Cisco Umbrella delivers advanced security orchestration capabilities between AlienVault® USM Anywhere™ and Cisco Umbrella (formerly OpenDNS).
With the pre-built orchestration between these two products, you can close the loop between threat detection and response, without any of the heavy lifting typically required to integrate multiple security IT tools.
AlienApp automatically blocks malicious domains in Cisco Umbrella whenever they are detected in USM Anywhere. Besides, it reduces the time between detection and incident response through security automation.
AlienApp for Cisco Umbrella helps you to:
- Shorten the time from threat detection to threat response with automation
- Save time, money, and headaches in integrating multiple IT security tools
- Gain more visibility of your internet traffic by monitoring Cisco Umbrella logs directly within USM Anywhere
- Automate or trigger response actions within USM Anywhere to block malicious domains in Cisco Umbrella
How It Works:
- USM Anywhere collects, enriches, and analyzes inbound and outbound network traffic log data from Cisco Umbrella.
- USM Anywhere detects any malicious inbound or outbound network traffic, such as a phishing email or malware communicating to a C2 server. When a threat is detected, USM Anywhere raises an alarm.
- Keying off the alarm, you can define an automated orchestration rule to send the malicious domain data to Cisco Umbrella. You can also manually trigger the action from the alarm.
- Cisco Umbrella uses this threat data to block any further communications between your employees and assets to that malicious domain.
For more information, please, watch the video by the link.
If you have questions about AT&T Cybersecurity solutions, please, write us at firstname.lastname@example.org.