Cognitive Threat Analytics









                                                                                                        Cisco

                                    Web Access Logs (input telemetry)                         Cognitive Threat

                                                                                              Analytics (CTA)




                                                                                                              Breach Detection &
                                                                                                              Advanced Threat Visibility




                 Web Security   Cisco WSA (Web Security Appliance)                        Incident                   CTA  Confirmed Threats
                 Gateways                                                                 Response
          HQ                                   Under: WSA-AMP-LIC=                 HQ
                                               Info sent over SCP                                                    CTA  Detected Threats
                                                                                                                     CTA  STIX / TAXII API

                               Blue Coat Proxy SG (external telemetry)                                               SIEMs:
                                               CTA a-la-carte                                                        Splunk, ArcSight,
                                               Info sent over HTTPS
                                                                                                      Threat Alerts  Q1 Radar, ...



      © 2016 Engage ESM All Rights Reserved                                                                                             95