Cisco Security and Google Cloud Security

Google Security Operations SIEM (formerly Chronicle) is a cloud service, built as a specialized layer on top of core Google infrastructure, designed so that enterprises can privately retain, analyze and search the massive amounts of security and network telemetry they generate today. Chronicle normalizes, indexes, correlates, and analyzes the data - against itself and against third party and curated threat signals - to provide instant analysis and context regarding any risky activity.

Google Security Operations SOAR (formerly Siemplify) is a platform designed to help organizations detect, investigate, and respond to security threats in real-time. The platform is powered by Google Cloud's infrastructure and leverages the machine learning capabilities of Google to automate and streamline security workflows.

Product Integrations

Cisco XDR

• Data Ingestion: Google SecOps SIEM can ingest a variety of telemetry types through the Chronicle Forwarder, an ingestion API, other cloud services like Amazon S3 Bucket and via integrations with 3rd party cloud APIs to facilitate ingestion of logs.
• Data Analysis: The analytical capabilities of Google SecOps SIEM are delivered to security professionals as a simple, browser-based application. Many of these capabilities are also accessible programmatically via read APIs and can be triggered from other security tools.
• Security & Compliance: As a specialized, private layer built over core Google infrastructure, Google SecOps SIEM inherits compute and storage capabilities as well the security design and capabilities of that infrastructure.

Secure Firewall

Google SecOps SIEM can parse Secure Firewalls three main syslog event types collected directly from the Secure Firewall appliance.

Secure Endpoint

Google SecOps SOAR and Cisco Secure Endpoint work together to provide security operations teams around the world with stronger prevention, detection and response capabilities. By utilizing the Secure Endpoint integration in Siemplify, Security teams are able to easily provide context to any and all alerts, enable quicker triage and decision making, and facilitate higher level investigation and response capabilities.

Identity Services Engine

Google SecOps SOAR, through its integration with Cisco Identity Services Engine (ISE), delivers the vital context needed to build a full threat storyline as well as respond to and contain incidents more decisively.

Umbrella

Google SecOps SOAR enables security operations teams to investigate, analyze and respond to threats faster and with less effort. By integrating with Cisco Umbrella, security operations teams can more quickly apply robust threat intelligence and analyze malware to conduct more efficient investigations and make better response and remediation decisions.