- Providing visibility – eyeCon ingests machine data and raw logs from applications, assets, user, security alerts, and threat intel feeds and performs advanced behavioral analytics to find true indications that a breach has occurred while eliminating false positives and identifying possible vectors of threat progression.
- Providing context – Analytics engines thrive on data, as much as you have, but reliable breach analytics requires context about the environment it is analyzing. Enriching inbound data with attributes about criticality of systems, applications, privileged users, threat intelligence data is essential to achieving reliable breach analytics. Trusting the analytics when a breach has been detected is the fundamental precursor to taking action on the breach with tactical operational actions.
- Incident Handling – With the integration to pxGrid, once eyeCon identifies a valid breach the SOC analyst can elect to communicate the relevant information through the Cisco ISE API for Cisco’s Adaptive Network Control function to effectively quarantine the suspicious behavior directly without requiring local configuration changes on affected Cisco devices.
Together HAWK eyeCon and Cisco pxGrid offer customers the reliability of advanced Breach Analytics to confidently and automatically respond to real threat actors and enable Rapid Threat Containment. The benefits of this partnership are:
- Identification of threat actors in real-time
- Deliver actionable intelligence to quarantine suspicious behavior
- Reduce the overall threat window…without having to be a data scientist
Learn more about Cisco's pxGrid Ecosystem Partners