cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Register for SecureX webinars to learn about our newest integrations and features.

5142
Views
0
Helpful
1
Replies
John Palmason
Enthusiast

Troubles convienceing hosting provider to allow Cisco Threat Awarness

I am current SNTC user and I am interested in trying this new tool on a minor ip block that we don't use for production traffic.  The problem I am having is getting my hosting company to agree to allow this service.  I have been asked to fill  out a Vulnerability Assessment form with our provider  which I don't believe is needed because CTAS isn't going to scan my ip blocks that I know of? With my limited understanding of what CTAS is doing I am finding hard to explain to my hosting company what this service is actually going to do. 

I have looked over the FAQ, the quick start guide and other Cisco website and I can't seem to find how this actually work.  I have send of the request to register the IP via SNTC but I am really not sure what I am asking for. 

Registering a Network Resource

 From the Threat Awareness Service dashboard, click on Settings to see a list of network resources that are already registered, with the corresponding status.

  • Pending: A network resource with this status will not be included in the processing of the Threat Feeds.  This status indicates the network resource is registered, but not yet authorized.
  • Confirmed: A network resource with this status will it be included in the processing of Threat Feeds. This status indicates the network resource is authorized.

 The system requires authorization before a user can view the threat data. Information about the network resource is already available in Cisco’s threat databases; this authorization is to confirm that the user has permission to view the data.

 Taken from this document:

 https://supportforums.cisco.com/sites/default/files/ctas_quick_start.pdf

Anybody from the SNTC or CTAS systems reading the board please let me know if you have any suggestions to help me get my hosting provider to allow this tool.

John P

1 ACCEPTED SOLUTION

Accepted Solutions
Edan Mudachi
Cisco Employee

Hi John,

CTAS identifies IP addresses based on public whois information. CTAS does not collect any information specific to your network, all information propagated is based on external public information.

The service is not a mitigation tool, CTAS will assess your resources and will observe and report what potential vulnerabilities you may be susceptible to. I would encourage you to utilize a single test IP or domain to assess so you can see the results for yourself.

I hope this provides the answer your hosting company is looking for, and if you have any further questions please don't hesitate to ask here.

Sincerely,

Edan Mudachi

View solution in original post

1 REPLY 1
Edan Mudachi
Cisco Employee

Hi John,

CTAS identifies IP addresses based on public whois information. CTAS does not collect any information specific to your network, all information propagated is based on external public information.

The service is not a mitigation tool, CTAS will assess your resources and will observe and report what potential vulnerabilities you may be susceptible to. I would encourage you to utilize a single test IP or domain to assess so you can see the results for yourself.

I hope this provides the answer your hosting company is looking for, and if you have any further questions please don't hesitate to ask here.

Sincerely,

Edan Mudachi

Create
Recognize Your Peers
Content for Community-Ad
Additional Cisco Threat Response Resources


August's Community Spotlight Awards