Safety groups have spent years dwelling with dashboards constructed for the individuals who put in the community. Tunnels, connectors, throughput, coverage sync standing — helpful indicators in case your job is protecting infrastructure alive. Much less helpful when a CISO asks why a person was exfiltrating knowledge at 2 a.m. or which GenAI instruments are touching your IP.
SASE platforms solved the enforcement downside. Site visitors flows via a single management airplane. Insurance policies span web and personal entry. The structure is correct. The operational expertise has not saved tempo.
The Lacking Floor: Safety Context
Ask a SOC analyst what they want from a safety platform and also you get constant solutions. Begin with a person, see every little thing about them. Lead with threats, not tunnel counts. Make the dashboard clickable — each quantity ought to open an investigation, not simply show a statistic.
What they describe isn’t a brand new product. It’s a totally different body on the one they already use.
Cisco Safe Entry now consists of Safety Insights: a safety analytics dashboard that surfaces the place danger is concentrated, helps groups establish rising threats and coverage gaps, and provides safety management the pattern knowledge to report on posture and measure the impression of initiatives over time.
Menace Overview: The SOC Touchdown Web page
A safety admin begins their shift. Earlier than navigating wherever, they want one reply: is one thing harmful occurring proper now?
The Menace Overview is designed to reply that rapidly. Standing playing cards floor the important thing metrics at a look — the macro layer that indicators whether or not one thing calls for fast consideration.
Beneath the standing playing cards, a Sankey chart maps visitors flows throughout safety controls — and that is the place the dashboard earns its preserve.
The plain learn is which threats are being blocked. The extra vital learn is what’s getting via. The Sankey makes allowed threats seen at a look — visitors that’s reaching locations it mustn’t, as a result of a coverage has not but been written to cease it. An analyst watching that chart can see the hole earlier than it turns into an incident and adapt coverage straight in response.
The Sankey additionally reveals what isn’t there. Controls that aren’t deployed, or not inspecting sure visitors classes, seem as gaps within the stream. Safety groups can see which protecting measures are in place and which aren’t — with out pulling a configuration report or working a separate audit. That form of protection visibility used to require a devoted instrument. Right here it is a single chart on the touchdown web page.
Aggregated Indicators That Inform You The place to Look
Safety Insights doesn’t attempt to exchange an investigation workflow. It tells you the place to begin one.
Each part surfaces ranked, aggregated analytics oriented across the questions safety groups truly ask. Who’re the riskiest customers proper now? Which customers have probably the most DLP violations? Which sources are accumulating probably the most menace occasions? Which GenAI purposes are energetic within the group and that are producing guardrail violations?
These will not be particular person person profiles. They’re the ranked indicators that direct consideration — the highest of a listing that tells an analyst which thread to drag. A safety group high DLP violators by channel can see instantly whether or not the issue is concentrated in e-mail, internet visitors, SaaS APIs, or endpoint exercise. That narrows a day’s price of investigation into a place to begin.
The identical sample holds throughout each view. Prime malware detections by household. Prime intrusion makes an attempt by signature. Prime dangerous locations by entry quantity. Prime guidelines blocked by coverage. The aggregation is the perception — not uncooked log quantity, however ranked, weighted indicators that mirror the place danger is truly concentrated within the atmosphere.
AI Visibility And not using a Separate Product
GenAI adoption in enterprise environments has outpaced governance in all places. Instruments are getting used earlier than insurance policies exist. Delicate knowledge is coming into prompts with out classification.
Safe Entry addresses this via the AI view, which tracks GenAI software utilization and guardrail violations alongside the remainder of safety operations. The important thing widgets present which GenAI purposes are energetic, how utilization tendencies, and the place guardrail violations are accumulating — damaged down by violation kind and coverage rule.
That is a part of the CASB functionality that Cisco consists of in the platform. Understanding SaaS danger, governing AI instruments, and inspecting knowledge flows into GenAI purposes will not be add-on licenses. They’re a part of the safety story, seen in the identical place the place the analyst opinions threats and posture.
One Platform, One Investigation Workflow
Safety Insights brings collectively indicators which have traditionally lived in separate merchandise or separate tabs: UEBA belief ranges, DLP violations, posture test outcomes, CASB app danger, Talos-backed menace knowledge, and coverage enforcement outcomes. The worth isn’t any one in every of these indicators in isolation. It’s the means to maneuver between them with out switching instruments — and to see, in a single place, each what your controls are catching and what they aren’t.
Safety Insights provides analysts the indicators to begin an investigation, safety managers the view to shut coverage gaps, and management the tendencies to report on posture over time — all from inside a single SASE platform.
To see Safety Insights, request a demo at cisco.com/go/secure-access.
We’d love to listen to what you suppose! Ask a query and keep linked with Cisco Safety on social media.
Cisco Safety Social Media
