Cisco Security and ThreatConnect TIP

How ThreatConnect TIP and Cisco Security work together

ThreatConnect’s Threat Intelligence Platform automatically provides Secure Firewall deployments with real time intelligence for alerting and blocking new threats.

ThreatConnect’s Threat Intelligence Platform (TIP) can centralize the aggregation and management of threat data no matter the source. The data is collected whether it’s Open Source data from OSINT Feeds, Blogs, or RSS Feeds; or indicators being sent from a threat intel feed provided by an ISAC or Premium Provider. Robust integrations with tools like your SIEM, EDR, and firewall pull internally generated logs into ThreatConnect for further enrichment. You’re provided with a place to organize and prioritize the data so you can then use it to drive actions inside and outside of the Platform.

ThreatConnect correlates cyber threat intelligence from Malware Analytics with multi-source, validated threat intelligence. Enables you to send threat intelligence to other parts of your security infrastructure. Automatically associates all of the data from Malware Analytics so you can easily pivot on it in ThreatConnect. Validate potential threat with Umbrella Investigate and mitigate confirmed threat with Umbrella.

Product Integrations

  • Secure Firewall: ThreatConnect TIP can send threat information to Secure Firewall through its Threat Intelligence Director (TID) so that new and complex threats can be defended against quickly and automatically.
  • Secure Malware Analytics: ThreatConnect integration correlates cyber threat intelligence from Cisco Malware Analytics with multi-source, validated threat intelligence. Enables you to send threat intelligence to other parts of your security infrastructure. Automatically associates all the data from Cisco Malware Analytics so you can easily pivot on it in ThreatConnect.
  • Umbrella: The Cisco Umbrella integration allows Host and URL Indicators in ThreatConnect to be added and removed from the Cisco Umbrella Platform over the Cisco Umbrella Enforcement API. Cisco Umbrella Investigate provides the most complete view of the relationships and evolution of Internet domains, IP addresses, and autonomous systems to pinpoint attackers’ infrastructures and predict future threats.

Useful links

Security Suites