CSPi announced that it is now part of the Cisco Technology Alliance Ecosystem.

As a member of this Cisco partner community, CSPi has created an integrated cost-effective solution that automates breach detection. CSPi has harnessed the strengths of Cisco's FirePower firewalls and CSPI's Myricom nVoy security products to automate two critical elements of the breach investigative response process: cyber threat verification and full forensic data extraction. By having this data on hand, automatically, at the earliest stages of a breach the investigative response activities can typically be wrapped up within a few hours of total duration instead of the tens to hundreds of hours that is normal today.

CSPI's Myricom Automated Investigative Response (AIR) application continually ingests alert events, targeting user-identified critical assets from Cisco FirePower firewalls or NIPS systems, to find alerts that indicate a breach may be occurring. It takes the relevant event data, including the source and/or target address as well as the time stamp to be used to trigger the nVoy Packet Recorder, to generate a matching extract of the conversations between those devices. The extraction is initiated as the FirePOWER detects an intrusion - the resulting extraction file is the trigger to begin the incident response effort. This is made simpler by leveraging these extraction files, which contain the details required to quickly determine the severity and actions required. 

These details include:

• What type of assets were involved, such as PII or other critical data
• The scope of which data records were exposed
• The duration of the breach

"Today's security teams can experience a tremendous amount of event data generated from their IDS or firewalls. What they lack is something to focus their efforts and automatically generate the detailed files that contain information needed to research the full impact of the damage - if any," said Gary Southwell, general manager, CSPi. "With the nVoy AIR application automatically triggering the extraction of the breach related capture files, a highly focused breach investigation can begin immediately and potentially reduce incident investigation for compliance purposes to a single day - or even down to a few hours. Going one step further, the nVoy solution is continually running, 365x7, improving the monitoring coverage, especially after-hours."