cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2540
Views
10
Helpful
1
Replies

ETA, Cognitive Intelligence, SLIC Inter-dependencies

reheindel
Level 1
Level 1

I apologize if this has been asked/answered - but I am looking for answers on the inter-dependencies of ETA/Cognitive Intelligence, and most specifically the SLIC feed.

 

We are purchasing new flow sensors with anticipation of taking advantage of the ETA capabilities in 7.1 for internet traffic

 

We had NOT planned on purchasing the SLIC feed license

 

Can I still expect to get the benefits of ETA/Cognitive Intelligence without the SLIC feeds?

 

Thanks in advance for the assistance!

 

Bob

1 Accepted Solution

Accepted Solutions

brford
Cisco Employee
Cisco Employee

 

The short answer is Yes.

 

The Threat Intel Feed (also known as SLIC Feed) is an IP Blacklist that lives on and is updated at your SMC.  The big advantage of SLIC is that it is fast.  If an external IP matches an IP on the Threat Feed list then there is an alarm.

 

Cognitive Threat Analytics requires that data about a connection involving an external IP be sent to the cloud for analysis and risk scoring.  Cognitive Intelligence takes longer but is able to identify threats based on their communications and behavior characteristics rather than on just matching an IP address.

 

Cognitive returns a risk score which is valuable in that it helps you triage your work; looking at the highest risk connections first and then working through a list to lower risk connections.

 

 

Brian Ford | brford@cisco.com | brford@yahoo.com | 51 75 61 6c 69 74 79 20 6d 65 61 6e 73 20 64 6f 69 6e 67 20 69 74 20 72 69 67 68 74 20 77 68 65 6e 20 6e 6f 20 6f 6e 65 20 69 73 20 6c 6f 6f 6b 69 6e 67 2e | Email me when you figure this out.

View solution in original post

1 Reply 1

brford
Cisco Employee
Cisco Employee

 

The short answer is Yes.

 

The Threat Intel Feed (also known as SLIC Feed) is an IP Blacklist that lives on and is updated at your SMC.  The big advantage of SLIC is that it is fast.  If an external IP matches an IP on the Threat Feed list then there is an alarm.

 

Cognitive Threat Analytics requires that data about a connection involving an external IP be sent to the cloud for analysis and risk scoring.  Cognitive Intelligence takes longer but is able to identify threats based on their communications and behavior characteristics rather than on just matching an IP address.

 

Cognitive returns a risk score which is valuable in that it helps you triage your work; looking at the highest risk connections first and then working through a list to lower risk connections.

 

 

Brian Ford | brford@cisco.com | brford@yahoo.com | 51 75 61 6c 69 74 79 20 6d 65 61 6e 73 20 64 6f 69 6e 67 20 69 74 20 72 69 67 68 74 20 77 68 65 6e 20 6e 6f 20 6f 6e 65 20 69 73 20 6c 6f 6f 6b 69 6e 67 2e | Email me when you figure this out.