1
00:00:07,060 --> 00:00:08,350
- [Instructor] Security
threat intelligence

2
00:00:08,350 --> 00:00:10,090
is extremely useful,

3
00:00:10,090 --> 00:00:13,424
one, correlating events,
and to gain an insight

4
00:00:13,424 --> 00:00:17,110
of what known threats are
actually in your network.

5
00:00:17,110 --> 00:00:20,860
And more importantly, DNS intelligence

6
00:00:20,860 --> 00:00:24,290
and URL reputation is actually used

7
00:00:24,290 --> 00:00:26,490
in many security solutions

8
00:00:26,490 --> 00:00:29,570
including the Cisco Firepower appliances,

9
00:00:29,570 --> 00:00:32,820
FTD or the Firepower
Threat Defense solution

10
00:00:32,820 --> 00:00:37,380
from Cisco Web Security
appliances or WSAs.

11
00:00:37,380 --> 00:00:39,220
email security appliances

12
00:00:39,220 --> 00:00:43,700
and even cloud services
like the Cisco CWS, right,

13
00:00:43,700 --> 00:00:46,720
Cisco Website Security.

14
00:00:46,720 --> 00:00:49,950
Now, for instance, you can
correlate security events based

15
00:00:49,950 --> 00:00:53,240
on threat intelligence to
identify communications

16
00:00:53,240 --> 00:00:56,510
to non-malicious command
and control servers

17
00:00:56,510 --> 00:00:59,300
based on DNS information.

18
00:00:59,300 --> 00:01:00,930
Here, I'm actually showing

19
00:01:00,930 --> 00:01:04,040
a different security
threat intelligent events

20
00:01:04,040 --> 00:01:09,040
in the Cisco FMC or the
Firepower Management Center.

21
00:01:09,500 --> 00:01:11,848
You can see that a host
is actually communicating

22
00:01:11,848 --> 00:01:15,970
to a known command and
control server based

23
00:01:15,970 --> 00:01:18,680
on DNS threat intelligence data.

24
00:01:18,680 --> 00:01:21,013
And again, you can actually use, you know,

25
00:01:21,013 --> 00:01:24,620
this threat intelligence
and DNS information

26
00:01:24,620 --> 00:01:28,380
with many other security events

27
00:01:28,380 --> 00:01:30,563
and also things like NetFlow.