Cisco just formally announced the launch of its Managed Threat Defense (MTD) Service as part of its managed security practice. The goal is offering real-time, predicative analytics to detect and prevent attacks. This is not a typically offering as Cisco will own the equipment and charge for those assets, operational expenditures and monitoring services. This means customers will not be required to purchase Cisco security products to leverage this service.
The MTD service leverage a Hadoop 2.0 cluster on the customer’s premises by the way of traditional network logs, NetFlow, packet capture and other methods. This means the vast majority of data being monitored stays on-premise rather than sending everything to the Cisco cloud. Cisco references acquisitions of SoureFire, Cognitive and Iron Port along with industry experts on staff as key ingredients for the research and technologies used to provide services such as incident response analysis, escalation, and remediation recommendations.
Cisco summarizes MTD as offering the following features:
Protects against unknown attacks, not seen by anti-virus, by capturing real-time streaming telemetry.
Leverages Hadoop 2.0 to apply predictive analytics to detect anomalous patterns against each customer’s unique network profile and determine suspicious behavior.
Identifies known attacks and vulnerabilities using pattern analysis and investigation against both Cisco-proprietary and community threat intelligence data.
Provides incident tracking and reporting via a subscription-based business model. This approach can lower operational costs and utilizes Cisco’s continued investment in security technology, processes, and talent.
Includes innovative Cisco security technology such as Cisco Advanced Malware Protection (AMP) to detect malware and eliminate unnecessary alerts, Sourcefire FirePOWER for threat detection, and Cisco Cloud Web Security for email and web filtering.
Managed Threat Defense is available as a direct service from Cisco. Partners can also resell this service through Cisco Service Partner Program (CSPP). It is currently available in the United States and Canada, and select locations in APJC including: Australia, New Zealand, Singapore, Hong Kong, Malaysia, and Japan.