Cisco + D3 Morpheus
Create a Powerful SecOps Hub
When combined with the power of the Cisco Security suite, Morpheus acts as a centralized hub for analysis and orchestration across endpoints, networks security, email security, threat intelligence enrichment, and much more.
Expert-Built and Maintained Integrations
D3’s integration team takes the burden of integrations off your hands by building, maintaining, and upgrading the best possible connections between tools. We have done deep research into the capabilities of Cisco tools in order to build 14 powerful integrations, across endpoint security, network security, email security, threat intelligence, and more. Key integrations include:
- Cisco Secure Endpoint. Morpheus ingests events from Secure Endpoint and orchestrates actions including managing file lists and retrieving endpoint and group information.
- Cisco Adaptive Security Appliance. Morpheus users can orchestrate network security actions through Cisco ASA, such as blocking IPs and URLs.
- Cisco Email Security. Morpheus users can defend against phishing attacks by orchestrating actions in Email Security, such as deleting messages, getting details on suspicious messages, and pulling reports.
- Cisco Umbrella Investigate & Enforcement. Morpheus integrates with Umbrella’s Investigate & Enforcement API to ingest numerous threat intelligence fields, including detailed domain information.
Use CAse
Automation-Powered Incident Response
In this use case, Cisco Secure Endpoint (SE) and Adaptive Security Appliance (ASA) are used to enrich, contain, and recover from a security incident. Morpheus can fetch events on a set schedule from Cisco SE, where they are enriched with more data about endpoints, the network, and relevant policies. If the collected information indicates a breach, the Morpheus playbook can then quarantine the infected device and prevent any communication with suspicious targets from the network.
- Once the issue has been addressed and remediated, Morpheus’s recovery phase playbooks will bring devices back online and unblock artifacts, thereby restoring normal operations.
- Eliminate the manual process of gathering contextual data on alerts.
- Incorporate rich data on targeted endpoints, such as their operating system, network activity, groups, and policies.
Use Case
Phishing Analysis and Response
When a potential phishing attempt is detected, Morpheus runs an automated phishing playbook that parses out the elements of the email, including the potentially malicious attached file. The elements can be looked up in SecureX Threat Response and other sources to assess the threat. The attachment can then be uploaded to Threat Grid for detonation and analysis. If it is confirmed as a genuine incident, Morpheus can use Cisco Email Security and Adaptive Security Appliance to delete the message, block the sender, and block the URL.
- Quickly confirm and disrupt active phishing campaigns.
- Automatically group together related alerts to address entire campaigns with a single playbook.
- Leverage Morpheus’s integrations with other email systems to search for other emails from the same sender.
Why Morpheus?
Joint users of Cisco Security tools and D3 Morpheus don’t just get automated endpoint, network, and email security operations; they also get the countless other features that make Morpheus the leading independent SOAR solution, including:
Expert-built codeless integrations across the stack
Tier 1–3 automation, based on deep research into the capabilities of common tools
The Event Pipeline, which reduces alert volume by up to 98%
Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts
Cisco Integrations: Summary
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.
