惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Recorded Future
Recorded Future
C
Cyber Attacks, Cyber Crime and Cyber Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Scott Helme
Scott Helme
Cyberwarzone
Cyberwarzone
C
CERT Recently Published Vulnerability Notes
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Palo Alto Networks Blog
Google Online Security Blog
Google Online Security Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
WordPress大学
WordPress大学
博客园 - 聂微东
L
LINUX DO - 最新话题
月光博客
月光博客
小众软件
小众软件
T
Troy Hunt's Blog
A
Arctic Wolf
量子位
I
Intezer
大猫的无限游戏
大猫的无限游戏
T
Tailwind CSS Blog
S
Schneier on Security
Schneier on Security
Schneier on Security
NISL@THU
NISL@THU
T
Threat Research - Cisco Blogs
TaoSecurity Blog
TaoSecurity Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园_首页
有赞技术团队
有赞技术团队
N
News and Events Feed by Topic
美团技术团队
The Cloudflare Blog
P
Privacy International News Feed
S
Security Affairs
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
G
GRAHAM CLULEY
N
News | PayPal Newsroom
Apple Machine Learning Research
Apple Machine Learning Research
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
L
LINUX DO - 热门话题
V
Vulnerabilities – Threatpost
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
CXSECURITY Database RSS Feed - CXSecurity.com
宝玉的分享
宝玉的分享
Application and Cybersecurity Blog
Application and Cybersecurity Blog
IT之家
IT之家
Hacker News: Ask HN
Hacker News: Ask HN
雷峰网
雷峰网

Security @ Cisco Blogs

We third-party tested our firewall built for AI-scale. The test tools hit their limit first. SharpHound Recon Attack - How AI enhanced the threat hunt Machine Speed, Human Judgement: How AI Changed the SOC in 2026 Elevating Expertise in the SOC Educate at Event Speed: Cisco Live Security Operations Center What Working the Cisco Live SOC Taught Me About AI, Detection, and Response Cable to Cloud - A Product Engineer's Journey Through the Cisco Live AMER 2026 SOC The Experience Dividend: How Better Digital Experience Protects Revenue, Trust, and Growth AIM: Building an Agentic Tier-2 SOC Analyst at Cisco Live AMER 2026 Building the Agentic SOC at Cisco Live Americas 2026 Ten Years in the SOC at RSAC: What We Learned in 2026 Uplevelling Black Hat Threat Hunters Making Workflow Runs Explain Themselves: AI-Powered Run Summaries in Cisco XDR Automate Independent Testing Confirms Secure Email Threat Defense’s Email Security Strength Defenseclaw for On-Prem AI SOC Workflow at Black Hat Asia Cisco Secure Access with MCP Infrastructure at Black Hat Asia 2026 The Essence of Black Hat – Collaboration with Partners Black Hat Asia 2026: A Decade in Singapore Black Hat Asia 2026: Threat Hunters’ Corner Unveiling the Power of Integration: XDR, Splunk, Corelight, Arista and Palo Alto Networks in Action at Black Hat Asia Security in the Post-Mythos Era Cisco SASE with Meraki: Get in the Fast Lane to SASE Extending Zero Trust Across the Agentic AI Workflow Strengthening the Foundation: A Predictable, Customer focused Response to AI-Accelerated Vulnerability Discovery Quantum Resilience Needs a Common Language. Here’s Where to Start. Security at Cisco Live: Going Shields Up for the Agentic Era Identity Elevated: A New Unified Identity Experience in Cisco Cloud Control Security Needs a New Operating Model Cisco Secure Access and Microsoft Purview Integration for Simplified Data Protection Cisco Secure Access and Island Browser Enable Zero Trust Everywhere Finding what lives between the alerts: Announcing Cisco Talos Threat Hunting From Log Flood to Threat Signal: Cisco and Splunk Bring Context to Modern Defense Cisco Secure Access and Microsoft Edge for Business Integration Why Network Segmentation Projects Fail: Four Patterns Cisco’s Risk-Based Vulnerability Disclosure in the Age of AI Enhancing Cisco Secure Email Gateway: Safer Clicks and Cleaner Files AI-generated reporting: Lessons learned from Cisco Talos Incident Response Inside the SOC: AI-powered DNS defense against ransomware From Strategy to Architecture: How Cisco is Building a Quantum-Safe Future AI-Ready, Simpler, and More Secure WAN: Cisco SD-WAN Innovations Designing for What’s Next: Securing AI-Scale Infrastructure Without Compromise Preparing for Post-Quantum Cryptography: The Secure Firewall Roadmap Mobile World Congress 2026: AI-powered Network Security Powering MWC Barcelona – Building a Unified SOC and NOC with Splunk in Record Time AI-powered Network Security at the Mobile World Congress 2026 SNOC Inside the Mobile World Congress 2026 SOC: Detecting Shadow Traffic with Firepower 6100 Data Optimization in Security: A Splunk Architect’s Perspective Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders Zero Trust for Agentic AI: Safeguarding your Digital Workforce The Agent Trust gap: What Our Research Reveals About Agentic AI Security Meet Your Incident Responders
Security Insights: A Threat-First View for the Platform That Enforces Access
Jeff Scheaffer · 2026-04-30 · via Security @ Cisco Blogs

Security teams have spent years living with dashboards built for the people who installed the network. Tunnels, connectors, throughput, policy sync status — useful signals if your job is keeping infrastructure alive. Less useful when a CISO asks why a user was exfiltrating data at 2 a.m. or which GenAI tools are touching your IP.

SASE platforms solved the enforcement problem. Traffic flows through a single control plane. Policies span internet and private access. The architecture is right. The operational experience has not kept pace.

The Missing Surface: Security Context

Ask a SOC analyst what they need from a security platform and you get consistent answers. Start with a user, see everything about them. Lead with threats, not tunnel counts. Make the dashboard clickable — every number should open an investigation, not just display a statistic.

What they describe is not a new product. It is a different frame on the one they already use.

Cisco Secure Access now includes Security Insights: a security analytics dashboard that surfaces where risk is concentrated, helps teams identify emerging threats and policy gaps, and gives security leadership the trend data to report on posture and measure the impact of initiatives over time.

Threat Overview: The SOC Landing Page

A security admin starts their shift. Before navigating anywhere, they need one answer: is something dangerous happening right now?

The Threat Overview is designed to answer that quickly. Status cards surface the key metrics at a glance — the macro layer that signals whether something demands immediate attention.

Below the status cards, a Sankey chart maps traffic flows across security controls — and this is where the dashboard earns its keep.

The obvious read is which threats are being blocked. The more important read is what is getting through. The Sankey makes allowed threats visible at a glance — traffic that is reaching destinations it should not, because a policy has not yet been written to stop it. An analyst watching that chart can see the gap before it becomes an incident and adapt policy directly in response.

The Sankey also shows what is not there. Controls that are not deployed, or not inspecting certain traffic categories, appear as gaps in the flow. Security teams can see which protective measures are in place and which are not — without pulling a configuration report or running a separate audit. That kind of coverage visibility used to require a dedicated tool. Here it is a single chart on the landing page.

Security Insights

Aggregated Signals That Tell You Where to Look

Security Insights does not try to replace an investigation workflow. It tells you where to start one.

Every section surfaces ranked, aggregated analytics oriented around the questions security teams actually ask. Who are the riskiest users right now? Which users have the most DLP violations? Which resources are accumulating the most threat events? Which GenAI applications are active in the organization and which are producing guardrail violations?

These are not individual user profiles. They are the ranked signals that direct attention — the top of a list that tells an analyst which thread to pull. A security team looking at top DLP violators by channel can see immediately whether the problem is concentrated in email, web traffic, SaaS APIs, or endpoint activity. That narrows a day’s worth of investigation into a starting point.

The same pattern holds across every view. Top malware detections by family. Top intrusion attempts by signature. Top risky destinations by access volume. Top rules blocked by policy. The aggregation is the insight — not raw log volume, but ranked, weighted signals that reflect where risk is actually concentrated in the environment. 

AI Visibility Without a Separate Product 

GenAI adoption in enterprise environments has outpaced governance everywhere. Tools are being used before policies exist. Sensitive data is entering prompts without classification.

Secure Access addresses this through the AI view, which tracks GenAI application usage and guardrail violations alongside the rest of security operations. The key widgets show which GenAI applications are active, how usage trends, and where guardrail violations are accumulating — broken down by violation type and policy rule.

This is part of the CASB capability that Cisco includes in the platform. Understanding SaaS risk, governing AI tools, and inspecting data flows into GenAI applications are not add-on licenses. They are part of the security story, visible in the same place where the analyst reviews threats and posture.

One Platform, One Investigation Workflow

Security Insights brings together signals that have historically lived in separate products or separate tabs: UEBA trust levels, DLP violations, posture check results, CASB app risk, Talos-backed threat data, and policy enforcement outcomes. The value is not any one of these signals in isolation. It is the ability to move between them without switching tools — and to see, in one place, both what your controls are catching and what they are not.

Security Insights gives analysts the signals to start an investigation, security managers the view to close policy gaps, and leadership the trends to report on posture over time — all from within a single SASE platform.

To see Security Insights, request a demo at cisco.com/go/secure-access.


We’d love to hear what you think! Ask a question and stay connected with Cisco Security on social media.

Cisco Security Social Media

LinkedIn
Facebook
Instagram