Multicloud Defense in Panoptica
Panoptica's integration with Cisco Multicloud Defense enables you to gain visibility into your virtual gateways in Panoptica’s Asset Inventory, Security Graph, and Attack Path Analysis. Displaying this information in Panoptica provides a better understand of where your resources are deployed, and which workloads are being protected.
Inventory
Once Cisco Multicloud Defense is integrated with Panoptica, you'll be able to view your MCD gateway in Panoptica's Asset Inventory, as well as workloads behind that gateway. You'll also gain visibility into your Multicloud Defense Gateway rulesets and rules, which are displayed as properties on the Asset Details page.
Go to the Inventory tab under Posture Management in the Panoptica console UI to start discovering your MCD assets in Panoptica.
Use the Filter to search for the assets in your environment. "Cisco Multicloud Defense Gateway" is one of hundreds of Native Types listed in Panoptica's filters. Click the Filter button to pop up the Filters drawer, and type "multi" into the Search bar to narrow down the choices. Using "multi" as your search term also displays the "Protected by Cisco Multicloud Defense" filter under Labels.
After filtering for Cisco Multicloud Defense Gateway assets, you can drill down and explore the information Panoptica has discovered. The four widgets on the Inventory dashboard provide snapshot insights into the MCD gateways in your environment. Expand the Cisco Multicloud Defense Gateway native type in the table below to view the list of assets.
In addition to identifying the gateway itself, Panoptica also automatically labels any workload assets located behind a Cisco Multicloud Defense gateway. Search for the "Protected by Cisco Multicloud Defense" label to display all of these assets.
Asset Details
When viewing a list of Cisco Multicloud Defense gateways in Panoptica's Asset Inventory table, click on any line to pop up additional details about that asset.
The Asset Details tab of an MCD gateway lists the Rulesets and Rules, which Panoptica copies from your Cisco Multicloud Defense configuration.
Similarly, when you filter by Label = "Protected by Cisco Multicloud Defense" to view a list of assets located behind the MCD gateway, click on any line in Panoptica's Asset Inventory table to pop up additional details about that asset.
Any asset located behind a Cisco Multicloud Defense gateway is identified as such by an MCD icon beside it in the graph view.
Security Graph
Any asset found in the Asset Inventory can also be included in a Security Graph query. Browse to the Security Graph tab under Posture Management in the Panoptica console UI to start building queries that include your MCD assets.
For example, click the Asset or Security Insights button and type "multi" into the search bar on the default Assets tab. Entering "multi" will narrow your filter list to just Cisco Multicloud Defense Gateway. Once that's selected, you can continue to build a custom query around that asset.
Attack Path
An attack path is the flow of interconnected assets, accounts, identities, and/or permissions that an attacker can use to exploit a cloud environment. Any Cisco Multicloud Defense assets that appear in an attack path – including MCD gateways as well as assets behind those gateways – are indicated as such in the graphical view of Panoptica's Attack Path Analysis module.
Expand the Correlated Risks section to find another MCD Gateway indicator in the Network Exposure section.
Click the MCD Gateway icon to view a list of all the gateways related to this attack path.
To explore that relationship, click the MCD gateway name in the Assets table to open an Asset Details view in a new browser tab, as described in the Inventory section above. The Asset Details page displays all the rules/rulesets on that MCD gateway, providing visibility into what protections you have in place, or not. This insight could enable you to resolve the attack path by adding or modifying the gateway rules in Cisco's Multicloud Defense.
Updated 4 months ago