Since its release, Cisco SecureX has helped over 10,000 customers gain better visibility into their infrastructure. As the number of devices in many customer environments continues to increase, so does the number of products with information about those devices. Between mobile device managers (MDM), posture agents, and other security products, a wealth of data is being collected but is not necessarily being shared or, more importantly, correlated. With the new device insights feature in Cisco SecureX, now available for all SecureX customers, we’re changing that.
Introducing Device Insights
Device insights, which are now generally available, extend our open, platform approach to SecureX by allowing you to discover, normalize, and consolidate information about the devices in your environment. But this isn’t just another dashboard pulling data from multiple sources. Device insights fetch data from sources you might expect, like your mobile device manager, but also leverages the wealth of data available in your Cisco Secure products such as Cisco Secure Endpoint, Orbital, Duo, and Umbrella. Combining these sources of data allows you to discover devices that may be sneaking through gaps in your normal device management controls and gain a comprehensive view of each device’s security posture and management status. With device insights, you’ll be able to answer these all-important questions:
- What types of devices are connected to our environment?
- What users have been accessing those devices?
- Where are those devices located?
- What vulnerabilities are associated with each device?
- Which security agents are installed?
- Is the security software is up to date?
- What context do we have from technologies beyond the endpoint?
Supported Data Sources
Now, you might ask: what types of data can I bring into device insights? When we created SecureX, we built a flexible architecture based on modules that anyone can create. Device insights extend this architecture by adding a new capability to our module framework. Here’s a look at what data sources will be supported at launch:
Bringing Everything Together
Once you’ve enabled your data sources, device insights will periodically retrieve data from each source and get to work. Some sources can also publish data in real-time to device insights using webhooks. We normalize all of the data and then correlate it between sources so you have one view into each of your devices, not a mess of duplicate information. This results in a single, unified dashboard with easy filtering, a high-level view into your environment, and a customizable table of devices (which you can export too!). To see more information about a device, just click on one and you’ll see everything device insights know, including which source provided which data.
Getting Started
To get started with device insights, simply log into Cisco SecureX and click the new Insights tab! For more information about device insights, check out these resources:
Source: blogs.cisco.com Credit@ Matt Vander Horst