Introduction: Cisco Catalyst SD-WAN is Integrated with Microsoft Sentinel

The momentum of the Cisco and Microsoft collaboration only continues to increase. We are bringing together our ability to innovate and to help our mutual customers achieve even higher levels of success. Together, we are delivering exceptional application experiences in networking, security, collaboration, and more.

Today, I’m excited to share that Cisco Catalyst SD-WAN—formerly Viptela—has been  integrated with Microsoft Sentinel and is available to our customers and partners in Microsoft Sentinel Content hub through the Microsoft Commercial Marketplace. Cisco is already a member of the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors and managed security service providers that have integrated their security solutions with Microsoft.

Integrating Cisco Catalyst SD-WAN with Microsoft Sentinel

Back in 2021, Cisco was an early integrator of SD-WAN with Microsoft Azure Virtual WAN,  creating hybrid WAN architecture that delivers a modern transit architecture to support Azure connectivity. This integration enables users to seamlessly extend their SD-WAN overlay into Azure to improve cloud connectivity from remote offices. Essentially, Cisco made it easy to connect SD-WAN to Azure.

Now, with the integration of Cisco Catalyst SD-WAN and Microsoft Sentinel, we are enhancing the protection of our customers’ networks by leveraging the security stack running on SD-WAN fabric to improve visibility and threat-hunting capabilities provided by Sentinel.

Microsoft Sentinel is a scalable, cloud-native solution that delivers intelligent security analytics and threat intelligence across the enterprise to provide:

  • Security information and event management (SIEM)
  • Security orchestration, automation, and response (SOAR)

With Microsoft Sentinel, users have a single console that supports attack detection, threat visibility, proactive hunting, and threat response.

But for Microsoft Sentinel to more completely deliver on its promise of seeing and stopping threats, it must access network and security data traveling over the WAN. This is where Cisco Catalyst SD-WAN comes in.

Cisco Catalyst SD-WAN offers a highly secure, cloud-scale architecture that is open, programmable, and scalable. Through the Cisco Catalyst SD-WAN Manager—formerly known as vManage—console, users can quickly establish an SD-WAN overlay fabric and use it to connect data centers, branches, campuses, and colocation facilities. In addition, they can leverage the same console to apply granular advanced security inspection profiles that improve network speed, security, visibility, and efficiency.

Integrating Cisco Catalyst SD-WAN with Microsoft Sentinel gives enterprises a comprehensive security solution. Along with MITRE ATT&CK coverage, organizations benefit from intelligent security analytics, threat intelligence integration, security orchestration and automation, automated response playbooks, enhanced visibility into user behavior, and seamless integration with the broader security ecosystem. These capabilities strengthen organizations’ security posture, allowing them to effectively detect, respond to, and mitigate a wide range of security threats.

Through the Cisco Catalyst SD-WAN and Microsoft Sentinel integration, your security operations center (SOC) team can gain visibility into what’s happening on your network, offering comprehensive security analytics and incident response capabilities, as well as equipping enterprises to effectively combat the sophisticated incursion techniques described in the MITRE ATT&CK framework.

The integration starts by showcasing vital network information, such as critical intrusion events and malicious activities. Cisco Catalyst SD-WAN next-generation firewall (NGFW) intercepts and block these activities. It then forwards logs and security events to Sentinel, supporting end-to-end visibility. Comprehensive incident reports can then be generated when threats are detected by the embedded Cisco Catalyst SD-WAN security stack. Your security team can then read these incident reports and use the information to protect your network.

“Our integration with Microsoft Sentinel empowers organizations to take proactive measures in securing their networks. By combining Cisco’s expertise in networking and security with Microsoft Sentinel’s enhanced threat hunting, analytics, incident response, and automation capabilities, we provide businesses with the tools they need to stay one step ahead of emerging threats and ensure the integrity of their network infrastructure.”
JP Shukla, Director, Product Management, Cisco

Cisco Catalyst SD-WAN is a member of the Microsoft Intelligent Security Association

The Microsoft Intelligent Security Association (MISA) is an ecosystem of independent software vendors and managed security service providers that have integrated their security solutions with Microsoft Sentinel to better defend against increasingly sophisticated and fast-moving threats. Membership is on an invitation-only basis.

Cisco Catalyst SD-WAN is honored to have been nominated for MISA membership.

Strengthening security for Azure and Microsoft 365 customers

If your business relies on Azure and/or Microsoft 365, look to Microsoft Sentinel to help uncover sophisticated threats and respond decisively to cyberattacks.

If you need to connect campus locations, data centers, branches, and other sites faster and more reliably and efficiently and to empower network IT to manage connectivity across WAN and cloud platforms—such as Azure—from a single dashboard, look to Cisco Catalyst SD-WAN.

And now you can benefit from the Cisco and Microsoft collaboration to gain even better protection against cybercriminals, through the Cisco Catalyst SD-WAN and Microsoft Sentinel integration.

Author:

Amy Bahlo

Global Partner Executive for Microsoft
Global & Strategic Partner Organization\

Source: https://blogs.cisco.com/partner/cisco-catalyst-sd-wan-is-integrated-with-microsoft-sentinel