Security Videos

Ingest logs into Splunk Cloud via Umbrella API using Cisco Secure Access App for Splunk ... View more

A high-level overview of Cisco XDR's integrated security operations capabilities and what it means for your organization ... View more

The Encrypted Visibility Engine (EVE) is a technology within Cisco Secure Firewall that providing insights into encrypted traffic—specifically TLS/SSL sessions—without the need for decryption. By inspecting the metadata within the cleartext TLS "Client Hello" packet (the initial packet sent by a client to a server), EVE uses machine learning to identify the specific process or application generating the flow. This technology is trained on over one billion fingerprints and 10,000 malware samples daily to maintain high accuracy in identifying over 5,000 different client processes. https://cdam-vp.cisco.com/cdamplayer/vid/index.html?id=08387cb84a287a0477e6d976eaeaf35d17f3b3c7 Business benefits: Cost avoidance and hardware efficiency: Full TLS decryption introduces a massive 6x to 12x performance penalty on network hardware. EVE provides deep visibility with negligible performance impact, meaning organizations avoid costly hardware upgrades just to maintain network throughput. Strict privacy and compliance: Because the actual data packets are never decrypted or stored, sensitive employee and customer data remains entirely private. This ensures seamless compliance with strict regulatory frameworks like GDPR and HIPAA. Maximizing infrastructure value: Unlocking this advanced capability requires no new licensing or appliances—it is built into the firewall software (v7.2+). This drives immediate, measurable value and successful adoption of the broader security ecosystem simply by turning the feature on. Operational continuity: By reducing the pressure on resource-heavy functions, EVE helps businesses scale their security infrastructure more effectively without necessarily requiring immediate hardware upgrades for high-volume encrypted traffic.   Security operations benefits: Visibility into hidden threats: With over 85% of modern attacks now utilizing encrypted channels to evade detection, traditional firewalls are often blind to threats. EVE provides a "story about the attack" by identifying malicious fingerprints even when the traffic remains encrypted. Enhanced policy enforcement: Security teams can create specific Access Control rules to allow or block applications (such as Tor or Wget) based on the process name identified by EVE (capable of identifying over 5,000 distinct client processes). Future-proofing for modern protocols: Traditional inspection struggles heavily with newer, faster protocols like QUIC and HTTP/3 (which make up a huge portion of traffic from Google and YouTube). EVE natively inspects these handshakes, meaning SecOps doesn't have to force insecure protocol downgrades to keep the network safe. Automated malware blocking: Starting in version 7.4, administrators can configure the firewall to automatically block encrypted traffic that exceeds a specific "Threat Confidence Score," effectively stopping malware communications before they can exfiltrate data. Enriched intelligence: EVE improves the accuracy of the Firewall Management Center’s (FMC) host database by providing better operating system identification. This leads to more precise Snort Recommendations, ensuring that intrusion prevention rules are perfectly tuned to the specific devices on the network Faster incident response: All EVE intelligence is fed into a unified dashboard. Instead of digging through fragmented logs, analysts immediately see the process name, the threat score, and the connection event in one place, drastically accelerating investigation times. ... View more

Learn how Cisco Multicloud Defense helps you simplify and secure your complex multicloud landscape. This overview covers the critical components and use cases you need to know to maximize your security posture and operational benefits Cisco Multicloud Defense is an integral component of Cisco’s Hybrid Mesh Firewall architecture, designed to provide comprehensive security across diverse cloud environments, including Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. As organizations increasingly adopt multicloud strategies, securing workloads and data across multiple cloud platforms becomes critical. Cisco Multicloud Defense addresses this challenge by extending consistent security policies and threat protection to cloud environments, ensuring seamless security enforcement as part of a unified cloud edge use case. In this overview, we will explore the core principles of the solution and examine its primary use cases. https://cdam-vp.cisco.com/cdamplayer/vid/index.html?id=4dd28b2baade9da0ccac8a9ca551a024f64811ce Explore more on: Cisco Multicloud Defense Cisco Multicloud Defense - Resources Cisco Multicloud Defense – User Guide ... View more

In this video, we explore how the Cisco Cloud Protection Suite empowers your organization to elevate its security posture across modern, distributed environments. We will examine the core components, essential use cases, and the key benefits of deploying this suite to safeguard your cloud-native infrastructure. The Cisco Cloud Protection Suite is a comprehensive and unified security solution specifically designed to protect cloud-native applications and distributed infrastructure. Its primary goal is to simplify security in complex, multicloud environments by providing a consistent defense against modern threats. https://cdam-vp.cisco.com/cdamplayer/vid/index.html?id=4dc75e605eb83604de0afbc330464a5abd3939c6 Explore more on: Cisco Cloud Protection Suite Cisco Cloud Protection Suite- Resources ... View more