Cisco Security and Darktrace

The Darktrace ActiveAI Security Platform revolutionizes your Security Operations Center with unmatched visibility, automated investigations, and proactive hardening for cyber resilience. Powered by Self-Learning AI that is tailored to your business, it detects subtle threats missed by traditional tools. It offers comprehensive multi-domain visibility, swiftly identifying known and unknown threats while minimizing disruption with precise autonomous response. The Cyber AI Analyst automates investigations, eliminates alert triage, and allows your team to focus on closing security gaps. Additionally, the platform proactively identifies and prioritizes vulnerabilities and attack paths, enhancing your overall security posture and readiness.

Product Integrations

Cisco Firewalls:

• Cisco ASA
• Cisco ASA with FirePOWER
• Cisco FirePOWER Threat Defense
• Cisco Meraki

The Darktrace ActiveAI Platform embraces a proactive cybersecurity approach, leading to a 92% reduction in containment time. By investigating every relevant alert, targeted autonomous response shuts down known and novel threats without disrupting business operations.

Use Darktrace /NETWORK integrations with Cisco Firewalls to extend Darktrace’s containment actions to the edge. Depending on the firewall, Darktrace will use shun commands, dynamic lists, or the API to perform blocking at the firewall in conjunction with native Darktrace containment.

Cisco XDR Investigate:

In Cisco XDR, we enable Darktrace users to leverage it for threat hunting and investigation features. Use the Darktrace integration to query for security detections of observables including IP, hostname, and Darktrace device ID.

Cisco XDR Automate:

Darktrace /NETWORK - Quarantine Device

This workflow appears in the pivot menu and allows a user to quarantine a device in Darktrace /NETWORK. Note that the quarantine action is configured to expire after 2 days by default. Supported observables: hostname, IP address, MAC address, Darktrace ID

Darktrace /NETWORK - Unquarantine Device

This workflow appears in the pivot menu and allows a user to remove a device from quarantine in Darktrace /NETWORK. Note that this will cancel all active and pending quarantine actions for the device. Supported observables: hostname, IP address, MAC address, Darktrace ID