Smart CDR detects threats in real time and promptly notifies security teams, Pandey stated. “Most competitors stop at threat detection, but we go further, stitching these threats together to describe the attacker’s intent,” Pandey wrote. “Our approach involves generating synthetic attack simulations to train our ML models to detect attacks like ransomware, data exfiltration, crypto-jacking, container escape, and data destruction.”
Lastly, Cisco added the ability to more easily create, manage, and enforce security policies across a multicloud environment via a new feature called Security Graph Query. The feature integrates with the system’s policies engine to let customers enforce security policies directly from the Security Graph Query Builder and Query Library, Pandey stated.
The Security Graph Query Builder lets users build customized queries that combine data and insights from Panoptica’s different security modules, such as cloud security posture visibility, runtime workload protection, and Attack Path Analysis for analyzing potential attack vectors, according to Cisco. The idea is to offer unified view of an organization’s cloud assets, security posture, vulnerabilities, and threats across their entire cloud-native application stack. This lets security teams identify risks, investigate issues, and take appropriate actions, according to Cisco.
“The feature is a comprehensive search and visualization tool that aggregates data across multiple cloud providers, code repositories, APIs, SaaS applications, and Kubernetes clusters,” Pandey stated.
“It utilizes queries crafted for assets and their relationships and security insights such as attack paths, risk findings, and vulnerabilities,” he wrote. “The goal is to streamline policy creation, improve security compliance, and make policy management more efficient and data-driven.”
Pandey listed a few use cases, including: