CSPI's Myricom® Automated Investigative Response (AIR) application continually ingests alert events, targeting user-identified critical assets from Cisco FirePOWER firewalls or NIPS systems, to find alerts that indicate a breach may be occurring. It takes the relevant event data, including the source and/or target address as well as the time stamp to be used to trigger the nVoy Packet Recorder, to generate a matching extract of the conversations between those devices. The extraction is initiated as the FirePOWER detects an intrusion - the resulting extraction file is the trigger to begin the incident response effort. This is made simpler by leveraging these extraction files, which contain the details required to quickly determine the severity and actions required.
These details include:
- What type of assets were involved, such as PII or other critical data
- The scope of which data records were exposed
- The duration of the breach
About Cisco
Cisco (NASDAQ:CSCO) is the worldwide technology leader that has been making the Internet work since 1984. Our people, products, and partners help society securely connect and seize tomorrow's digital opportunity today. Discover more at newsroom.cisco.com and follow us on Twitter at @Cisco.
Myricom is a registered trademark of CSP Inc. All other brand names, product names or trademarks belong to their respective owners. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks.