Cisco + D3 Smart SOAR
Create a Powerful SecOps Hub
When combined with the power of the Cisco Security suite, Smart SOAR acts as a centralized hub for analysis and orchestration across endpoints, networks security, email security, threat intelligence enrichment, and much more.
Expert-Built and Maintained Integrations
D3’s integration team takes the burden of integrations off your hands by building, maintaining, and upgrading the best possible connections between tools. We have done deep research into the capabilities of Cisco tools in order to build 14 powerful integrations, across endpoint security, network security, email security, threat intelligence, and more. Key integrations include:
- Cisco Secure Endpoint. Smart SOAR ingests events from Secure Endpoint and orchestrates actions including managing file lists and retrieving endpoint and group information.
- Cisco Adaptive Security Appliance. Smart SOAR users can orchestrate network security actions through Cisco ASA, such as blocking IPs and URLs.
- Cisco Email Security. Smart SOAR users can defend against phishing attacks by orchestrating actions in Email Security, such as deleting messages, getting details on suspicious messages, and pulling reports.
- Cisco Umbrella Investigate & Enforcement. Smart SOAR integrates with Umbrella’s Investigate & Enforcement API to ingest numerous threat intelligence fields, including detailed domain information.
Use CAse
Automation-Powered Incident Response
In this use case, Cisco Secure Endpoint (SE) and Adaptive Security Appliance (ASA) are used to enrich, contain, and recover from a security incident. Smart SOAR can fetch events on a set schedule from Cisco SE, where they are enriched with more data about endpoints, the network, and relevant policies. If the collected information indicates a breach, the Smart SOAR playbook can then quarantine the infected device and prevent any communication with suspicious targets from the network.
- Once the issue has been addressed and remediated, Smart SOAR’s recovery phase playbooks will bring devices back online and unblock artifacts, thereby restoring normal operations.
- Eliminate the manual process of gathering contextual data on alerts.
- Incorporate rich data on targeted endpoints, such as their operating system, network activity, groups, and policies.
Use Case
Phishing Analysis and Response
When a potential phishing attempt is detected, Smart SOAR runs an automated phishing playbook that parses out the elements of the email, including the potentially malicious attached file. The elements can be looked up in SecureX Threat Response and other sources to assess the threat. The attachment can then be uploaded to Threat Grid for detonation and analysis. If it is confirmed as a genuine incident, Smart SOAR can use Cisco Email Security and Adaptive Security Appliance to delete the message, block the sender, and block the URL.
- Quickly confirm and disrupt active phishing campaigns.
- Automatically group together related alerts to address entire campaigns with a single playbook.
- Leverage Smart SOAR’s integrations with other email systems to search for other emails from the same sender.
Why Smart SOAR?
Joint users of Cisco Security tools and D3 Smart SOAR don’t just get automated endpoint, network, and email security operations; they also get the countless other features that make Smart SOAR the leading independent SOAR solution, including:
Expert-built codeless integrations across the stack
Tier 1–3 automation, based on deep research into the capabilities of common tools
The Event Pipeline, which reduces alert volume by up to 98%
Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts
Cisco Integrations: Summary
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.
