惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog RSS Feed
Spread Privacy
Spread Privacy
T
Threatpost
C
Cisco Blogs
P
Palo Alto Networks Blog
AI
AI
Cyberwarzone
Cyberwarzone
NISL@THU
NISL@THU
P
Privacy & Cybersecurity Law Blog
G
GRAHAM CLULEY
Simon Willison's Weblog
Simon Willison's Weblog
T
Tor Project blog
Latest news
Latest news
AWS News Blog
AWS News Blog
D
Docker
S
SegmentFault 最新的问题
博客园 - 聂微东
WordPress大学
WordPress大学
Vercel News
Vercel News
S
Securelist
爱范儿
爱范儿
J
Java Code Geeks
Know Your Adversary
Know Your Adversary
S
Schneier on Security
Hugging Face - Blog
Hugging Face - Blog
F
Fortinet All Blogs
Last Week in AI
Last Week in AI
D
DataBreaches.Net
宝玉的分享
宝玉的分享
D
Darknet – Hacking Tools, Hacker News & Cyber Security
MongoDB | Blog
MongoDB | Blog
Engineering at Meta
Engineering at Meta
K
Kaspersky official blog
美团技术团队
博客园 - 叶小钗
阮一峰的网络日志
阮一峰的网络日志
量子位
博客园_首页
Attack and Defense Labs
Attack and Defense Labs
S
Secure Thoughts
Google Online Security Blog
Google Online Security Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
腾讯CDC
T
Threat Research - Cisco Blogs
雷峰网
雷峰网
有赞技术团队
有赞技术团队
www.infosecurity-magazine.com
www.infosecurity-magazine.com
P
Privacy International News Feed
S
Security Affairs

Security @ Cisco Blogs

We third-party tested our firewall built for AI-scale. The test tools hit their limit first. SharpHound Recon Attack - How AI enhanced the threat hunt Machine Speed, Human Judgement: How AI Changed the SOC in 2026 Elevating Expertise in the SOC Educate at Event Speed: Cisco Live Security Operations Center What Working the Cisco Live SOC Taught Me About AI, Detection, and Response Cable to Cloud - A Product Engineer's Journey Through the Cisco Live AMER 2026 SOC The Experience Dividend: How Better Digital Experience Protects Revenue, Trust, and Growth AIM: Building an Agentic Tier-2 SOC Analyst at Cisco Live AMER 2026 Building the Agentic SOC at Cisco Live Americas 2026 Ten Years in the SOC at RSAC: What We Learned in 2026 Uplevelling Black Hat Threat Hunters Making Workflow Runs Explain Themselves: AI-Powered Run Summaries in Cisco XDR Automate Independent Testing Confirms Secure Email Threat Defense’s Email Security Strength Defenseclaw for On-Prem AI SOC Workflow at Black Hat Asia Cisco Secure Access with MCP Infrastructure at Black Hat Asia 2026 The Essence of Black Hat – Collaboration with Partners Black Hat Asia 2026: A Decade in Singapore Black Hat Asia 2026: Threat Hunters’ Corner Unveiling the Power of Integration: XDR, Splunk, Corelight, Arista and Palo Alto Networks in Action at Black Hat Asia Security in the Post-Mythos Era Cisco SASE with Meraki: Get in the Fast Lane to SASE Extending Zero Trust Across the Agentic AI Workflow Strengthening the Foundation: A Predictable, Customer focused Response to AI-Accelerated Vulnerability Discovery Quantum Resilience Needs a Common Language. Here’s Where to Start. Security at Cisco Live: Going Shields Up for the Agentic Era Identity Elevated: A New Unified Identity Experience in Cisco Cloud Control Security Needs a New Operating Model Cisco Secure Access and Microsoft Purview Integration for Simplified Data Protection Cisco Secure Access and Island Browser Enable Zero Trust Everywhere Finding what lives between the alerts: Announcing Cisco Talos Threat Hunting From Log Flood to Threat Signal: Cisco and Splunk Bring Context to Modern Defense Cisco Secure Access and Microsoft Edge for Business Integration Why Network Segmentation Projects Fail: Four Patterns Cisco’s Risk-Based Vulnerability Disclosure in the Age of AI Enhancing Cisco Secure Email Gateway: Safer Clicks and Cleaner Files AI-generated reporting: Lessons learned from Cisco Talos Incident Response Inside the SOC: AI-powered DNS defense against ransomware From Strategy to Architecture: How Cisco is Building a Quantum-Safe Future AI-Ready, Simpler, and More Secure WAN: Cisco SD-WAN Innovations Designing for What’s Next: Securing AI-Scale Infrastructure Without Compromise Preparing for Post-Quantum Cryptography: The Secure Firewall Roadmap Mobile World Congress 2026: AI-powered Network Security Powering MWC Barcelona – Building a Unified SOC and NOC with Splunk in Record Time AI-powered Network Security at the Mobile World Congress 2026 SNOC Inside the Mobile World Congress 2026 SOC: Detecting Shadow Traffic with Firepower 6100 Data Optimization in Security: A Splunk Architect’s Perspective Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders Zero Trust for Agentic AI: Safeguarding your Digital Workforce The Agent Trust gap: What Our Research Reveals About Agentic AI Security Meet Your Incident Responders
Security Insights: A Threat-First View for the Platform That Enforces Access
Jeff Scheaffer · 2026-04-30 · via Security @ Cisco Blogs

Security teams have spent years living with dashboards built for the people who installed the network. Tunnels, connectors, throughput, policy sync status — useful signals if your job is keeping infrastructure alive. Less useful when a CISO asks why a user was exfiltrating data at 2 a.m. or which GenAI tools are touching your IP.

SASE platforms solved the enforcement problem. Traffic flows through a single control plane. Policies span internet and private access. The architecture is right. The operational experience has not kept pace.

The Missing Surface: Security Context

Ask a SOC analyst what they need from a security platform and you get consistent answers. Start with a user, see everything about them. Lead with threats, not tunnel counts. Make the dashboard clickable — every number should open an investigation, not just display a statistic.

What they describe is not a new product. It is a different frame on the one they already use.

Cisco Secure Access now includes Security Insights: a security analytics dashboard that surfaces where risk is concentrated, helps teams identify emerging threats and policy gaps, and gives security leadership the trend data to report on posture and measure the impact of initiatives over time.

Threat Overview: The SOC Landing Page

A security admin starts their shift. Before navigating anywhere, they need one answer: is something dangerous happening right now?

The Threat Overview is designed to answer that quickly. Status cards surface the key metrics at a glance — the macro layer that signals whether something demands immediate attention.

Below the status cards, a Sankey chart maps traffic flows across security controls — and this is where the dashboard earns its keep.

The obvious read is which threats are being blocked. The more important read is what is getting through. The Sankey makes allowed threats visible at a glance — traffic that is reaching destinations it should not, because a policy has not yet been written to stop it. An analyst watching that chart can see the gap before it becomes an incident and adapt policy directly in response.

The Sankey also shows what is not there. Controls that are not deployed, or not inspecting certain traffic categories, appear as gaps in the flow. Security teams can see which protective measures are in place and which are not — without pulling a configuration report or running a separate audit. That kind of coverage visibility used to require a dedicated tool. Here it is a single chart on the landing page.

Security Insights

Aggregated Signals That Tell You Where to Look

Security Insights does not try to replace an investigation workflow. It tells you where to start one.

Every section surfaces ranked, aggregated analytics oriented around the questions security teams actually ask. Who are the riskiest users right now? Which users have the most DLP violations? Which resources are accumulating the most threat events? Which GenAI applications are active in the organization and which are producing guardrail violations?

These are not individual user profiles. They are the ranked signals that direct attention — the top of a list that tells an analyst which thread to pull. A security team looking at top DLP violators by channel can see immediately whether the problem is concentrated in email, web traffic, SaaS APIs, or endpoint activity. That narrows a day’s worth of investigation into a starting point.

The same pattern holds across every view. Top malware detections by family. Top intrusion attempts by signature. Top risky destinations by access volume. Top rules blocked by policy. The aggregation is the insight — not raw log volume, but ranked, weighted signals that reflect where risk is actually concentrated in the environment. 

AI Visibility Without a Separate Product 

GenAI adoption in enterprise environments has outpaced governance everywhere. Tools are being used before policies exist. Sensitive data is entering prompts without classification.

Secure Access addresses this through the AI view, which tracks GenAI application usage and guardrail violations alongside the rest of security operations. The key widgets show which GenAI applications are active, how usage trends, and where guardrail violations are accumulating — broken down by violation type and policy rule.

This is part of the CASB capability that Cisco includes in the platform. Understanding SaaS risk, governing AI tools, and inspecting data flows into GenAI applications are not add-on licenses. They are part of the security story, visible in the same place where the analyst reviews threats and posture.

One Platform, One Investigation Workflow

Security Insights brings together signals that have historically lived in separate products or separate tabs: UEBA trust levels, DLP violations, posture check results, CASB app risk, Talos-backed threat data, and policy enforcement outcomes. The value is not any one of these signals in isolation. It is the ability to move between them without switching tools — and to see, in one place, both what your controls are catching and what they are not.

Security Insights gives analysts the signals to start an investigation, security managers the view to close policy gaps, and leadership the trends to report on posture over time — all from within a single SASE platform.

To see Security Insights, request a demo at cisco.com/go/secure-access.


We’d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social Media

LinkedIn
Facebook
Instagram