Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5703
Views
0
Helpful
1
Replies

Troubles convienceing hosting provider to allow Cisco Threat Awarness

Go to solution
John Palmason
Level 4
Level 4

‎06-03-2016 11:21 AM - edited ‎02-20-2020 09:15 PM

I am current SNTC user and I am interested in trying this new tool on a minor ip block that we don't use for production traffic.  The problem I am having is getting my hosting company to agree to allow this service.  I have been asked to fill  out a Vulnerability Assessment form with our provider  which I don't believe is needed because CTAS isn't going to scan my ip blocks that I know of? With my limited understanding of what CTAS is doing I am finding hard to explain to my hosting company what this service is actually going to do. 

I have looked over the FAQ, the quick start guide and other Cisco website and I can't seem to find how this actually work.  I have send of the request to register the IP via SNTC but I am really not sure what I am asking for. 

Registering a Network Resource

 From the Threat Awareness Service dashboard, click on Settings to see a list of network resources that are already registered, with the corresponding status.

  • Pending: A network resource with this status will not be included in the processing of the Threat Feeds.  This status indicates the network resource is registered, but not yet authorized.
  • Confirmed: A network resource with this status will it be included in the processing of Threat Feeds. This status indicates the network resource is authorized.

 The system requires authorization before a user can view the threat data. Information about the network resource is already available in Cisco’s threat databases; this authorization is to confirm that the user has permission to view the data.

 Taken from this document:

 https://supportforums.cisco.com/sites/default/files/ctas_quick_start.pdf

Anybody from the SNTC or CTAS systems reading the board please let me know if you have any suggestions to help me get my hosting provider to allow this tool.

John P

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Edan Mudachi
Cisco Employee
Cisco Employee

‎06-03-2016 11:55 AM

Hi John,

CTAS identifies IP addresses based on public whois information. CTAS does not collect any information specific to your network, all information propagated is based on external public information.

The service is not a mitigation tool, CTAS will assess your resources and will observe and report what potential vulnerabilities you may be susceptible to. I would encourage you to utilize a single test IP or domain to assess so you can see the results for yourself.

I hope this provides the answer your hosting company is looking for, and if you have any further questions please don't hesitate to ask here.

Sincerely,

Edan Mudachi

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Edan Mudachi
Cisco Employee
Cisco Employee

‎06-03-2016 11:55 AM

Hi John,

CTAS identifies IP addresses based on public whois information. CTAS does not collect any information specific to your network, all information propagated is based on external public information.

The service is not a mitigation tool, CTAS will assess your resources and will observe and report what potential vulnerabilities you may be susceptible to. I would encourage you to utilize a single test IP or domain to assess so you can see the results for yourself.

I hope this provides the answer your hosting company is looking for, and if you have any further questions please don't hesitate to ask here.

Sincerely,

Edan Mudachi

0 Helpful
Customers Also Viewed These Support Documents