In this article, we take a look at how Microsoft and CISCO Security Solutions work together on Cloud Security
Multicloud has become the norm
Increasingly, Multicloud is becoming the de facto standard for customers to build applications for their businesses, customers are looking for options that could improve the security, agility, and performance of the applications which is their center of business today.
Microsoft Cloud Security Event
The Microsoft Security event was held at the Microsoft Singapore office yesterday, and I had an amazing learning experience as a result of attending. The meeting started off with Xuan Hor clearly expressing the purpose and agenda of the meeting which is to discuss cloud security.
Following that is Alex Ershov’s technical session,It is a nice demonstration that Alex gives about Microsoft Sentinel. He talks about the Mitre Attack Framework and how Microsoft Sentinel works with customers to help detect and respond to threats in the most efficient way possible. In his talk, he showed how Microsoft Sentinel provides SIEM (Security information and event management) and SOAR (Security orchestration, automation, and response). We saw the dashboards of how we can do attack detection, threat visibility, proactive hunting, and threat response with Microsoft Sentinel. This is a cool view of attacks from Microsoft Sentinel with reference to the Mitre attack framework.
K.Mohamed Faizal then talked about cloud customers’ complaints and risks. He also emphasized the importance of network security configurations, highlighting the fact that we can view all of the security complaints regarding Microsoft in one window. It was really engaging watching Faizal openly challenge attendees to ask about his findings and share his response. At the end, he explained how Microsoft Defender Cloud can find weak spots in your cloud configuration. This will strengthen your overall security posture, and protect workloads across multiple clouds with Microsoft Defender Cloud. His delivery of sessions in a fun way, encouraging the audience to challenge him in order to gain a deeper understanding of the Microsoft Security Cloud solutions, shows his confidence in his abilities and the depth of his expertise in working with the Microsoft Security Cloud.
My favorite part of the event was winning the quiz from both sessions and receiving the awesome quiz prize from Microsoft. Thank you very much for the wonderful gifts, Microsoft 🙂
I received many questions from participants at yesterday’s Microsoft event regarding the key areas in which Microsoft and CISCO work together. The community was interested in knowing how it would benefit them. It inspired me to write a blog about this topic and share key use cases demonstrating how CISCO and Microsoft collaborate to help customers transition to the cloud in order to help them achieve their business goals.
The CISCO and Microsoft Partnership
CISCO and Microsoft have a long-term strategic partnership that helps cloud customers with connectivity, security, and observability.
A lot of the joint solutions we’ve worked on together have been aimed at solving customer challenges in the fields of cloud networking, securing cloud environments, full stack observability, and hybrid work. The following are some major usecases based on CISCO’s strategic pillars: Connect, Protect, and Consume.
CISCO loves Microsoft not just in February 🙂
Connect: CISCO Cloud OnRamp for Azure Virtual WAN is a modern transit architecture. An example of how CISCO SDWAN can be used with CISCO Cloud OnRamp for Azure Virtual WAN: Building a modern WAN and transit architecture is easy with CISCO Cloud OnRamp for Azure Virtual WAN.
Consume : Consume use case CISCO AppDynamics with Full-stack application performance monitoring for Azure complex, fast-growing applications at scale in the cloud with AppDynamics for Microsoft Azure. It lets you see what’s happening with your .NET or .NET Core applications, Azure services, and serverless functions.
Protect: Microsoft with CISCO Secure Solutions . Here are some Microsoft Security and CISCO Secure Software solutions that integrate well with Microsoft Security.
Microsoft Sentinel and CISCO Secure Solutions
The use cases are based on CISCO Secure Network Analytics and CISCO Secure Firewall as the security platform, respectively.
- CISCO Secure Network Analytics with Microsoft Sentinel : As a leader in the Network Detection and Response (NDR) Gartner quadrant, CISCO Secure Network Analytics (formerly Stealthwatch) transforms the network into a sensor that detects insider threats and identifies anomalous behaviors such as malware, distributed botnets, data exfiltration, etc. With a native integration on Azure Marketplace, Secure Network Analytics can send alerts to Sentinel.
- Secure Firewall with Microsoft Sentinel : CISCO virtual Secure Firewall extend CISCO’s industry-leading security to Microsoft Azure environments. You get consistent policies across physical and cloud environments, central management, and deep visibility for advanced threat detection and protection. The CISCO eStreamer API lets Microsoft Sentinel collect CEF-formatted event data from Secure Firewall.
Microsoft Defender and CISCO Secure Solutions
The use cases are based on CISCO SecureX Threat Response and CISCO Kenna.
- Kenna: Kenna is a software-as-a-service vulnerability and risk intelligence platform that measures risk and prioritizes remediation efforts before cybercriminals can exploit them. A security strategy shouldn’t be without vulnerability management. With Kenna’s integration with Microsoft’s threat and vulnerability management capabilities, customers can take advantage of a risk-based solution that provides high-risk threat predictions and personalized vulnerability prioritization, as well as actionable insights that incorporate data from Microsoft’s threat and vulnerability management solutions.
- SecureX Threat Response: CISCO’s SecureX threat response is built on APIs that you can use to integrate CISCO and third-party security products, automate incident response, and store threat intelligence and security context in one place. An investigation is initiated by SecureX Threat Response, and SecureX Threat Response queries Defender ATP for sightings of supported observables during an investigation, and CTR gets a response from Defender ATP. Here’s the code for Concrete Relay using Microsoft Defender for Endpoint as a third-party Cyber Threat Intelligence provider: https://github.com/CISCOSecurity/tr-05-serverless-microsoft-defender-for-endpoint.
Cloud-native security platform Panoptica protects containers, Kubernetes, APIs, and serverless functions. With Panoptica, you don’t have to be a Kubernetes expert.
It makes it easy to secure cloud-native applications, from build pipelines to workload runtimes on Azure Cloud and others.
Panoptica helps you protect your apps from security attacks by taking policy-driven action rather than just seeing what’s happening and prioritizing it. Panoptica simplifies cloud-native application security by automating security throughout the entire application development process for DevSecOps, Platform, and DevOps teams. Azure customers can get the product exclusively on the Azure Marketplace.