Cybersecurity is a continuously evolving landscape. We constantly see new threats, and threat vectors, come and go; which puts a tremendous strain on the InfoSec teams that have to protect organizations and businesses from these threats. This year we saw the reemergence of old vectors: from ransomware & trojans, to supply chain attacks. At the same time companies saw security resources in their organizations dwindle, leaving defenders to cope up with the onslaught of attacks. To help cut through all the noise, we see cybersecurity companies produce newer security tools to help sift through the noise and pinpoint actionable alerts. While these tools are impressive individually, a powerful tool that one cannot wield is useless. Only by integrating these tools into your larger security reporting and analytics infrastructure, and by leveraging actionable responses, can one reduce the threat risk to an organization.
We here in the Cisco Secure Technical Alliance (CSTA) live by that principle. Our ever-growing ecosystem is in its eight-year, facilitating open, multivendor product integrations; which improve security effectiveness and help solve unique customer security challenges, through automation and operational simplicity. Cisco Secure products are adopting an API-first approach to allow more integrations, both internal within Cisco and with third-party products. Due to this API approach, security practitioners are able to build new solutions in a shorter period of time; using already existing components instead of creating a code for new ones from scratch.
Rounding up our Cisco fiscal year 2021, we added a whole bunch of integrations into our program. Today we are excited to welcome 26 net new industry partners with 48 new product integrations to the CSTA program. With the addition of Kenna Security into our program we now have over 250 technology partners and over 400 integrations for our mutual customers to utilize. This exponential growth, from when we began this journey not so long ago, shows why our customers care about security product integrations and the intangible benefits they bring.
Here’s a quick summary of what’s new:
New Cisco Secure Endpoint integration (Formerly known as AMP for Endpoints)
Using the Cisco Secure Endpoint APIs, partner integrations provide analysts with rich threat information and actions on endpoint events; like retrieving endpoint information, hunting indicators on endpoints, searching events, etc. An integration with Cigent Technology is now available for Secure Endpoint customers to integrate with. This integration collects all Secure Endpoint event data via the streaming API, for correlation or other uses.
New Cisco Cloud Security Integrations
Cisco Cloud Security leverages robust APIs from Umbrella and Investigate to provide threat protection amplification to technology partners. New integrations were added to a growing ecosystem. There is a new Cloud Security app for Splunk that integrates cloud security data with event data from Splunk. ArticWolf, BlueCat and Varonis ingest Umbrella data to enrich data being analyzed. The integration with Torq and Umbrella provides automation and remediation and response.
Cisco Secure Firewall integrations
Cisco Secure Firewall has several new partner integrations. CyberArk reduces VPN risk with MFA enforcement on any VPN client that supports RADIUS; including Cisco Secure Firewall. HashiCorp (Terraform) provides infrastructure automation and now supports Secure Firewall ASA. Graylog, a centralized log management solution built to open standards, has connectors for Secure Firewall. The Secure Firewall app for Splunkhas been updated. Qmulos’s next-gen compliance product now supports Secure Firewall and Nutanix AHV now has support for both Secure Firewall and Secure Firewall Threat Defense.
New Cisco ISE Ecosystem Partners
Cisco ISE has a mature ecosystem of technology partners and adds a few more integrations to its fold. Certego, ExtraHop and Link Shadow integrated with ISE, to take Adaptive Network Containment (ANC) actions. DF Labs, Splunk Phantom and Threat Connect are all SOARs, that integrate with ISE to take automation orchestration actions. Cyber Observer, which provides continuous controls monitoring, now supports ISE as well.
Cisco Secure Endpoint for iOS (formerly Cisco Security Connector)
Cisco Secure Endpoint for iOS provides organizations with the visibility and control they need, to confidently accelerate deployment of mobile devices running Apple iOS. CSC is the only Apple approved security application for supervised iOS devices and integrates with best-in-class MDM/EMM platforms. CSC now adds support for Clomo MDM. Cisco Meraki System Manager, with Secure Endpoint for iOS, is now the official MDM of the Black Hat global conferences.
Cisco SecureX threat response Integrations
Cisco SecureX threat response automates integrations across select Cisco Security products and accelerates key security operations functions: detection, investigation, and remediation. It also has support for 3rd Party products through its API. Since our last announcement in Summer 2020, SecureX Threat Response adds 16 new integrations including Akamai Network Lists, alphaMountain.ai, Amazon GuardDuty, Bastille Networks, Cybersixgill Darkfeed, Devo, Graylog, IBM QRadar, IBM X-Force Exchange, MISP, Palo Alto Networks AutoFocus, Recorded Future, Splunk CIM , CESA Splunk, Sumo Logic Log Management and Vade Secure IsItPhishing.
Cisco SecureX orchestration Integrations
Cisco SecureX orchestration provides a no-to-low code approach for building automated workflows. These workflows can interact with various types of resources and systems, whether they’re from Cisco or a third-party. We have a wide variety of atomic actions and workflows that can be imported into SecureX orchestration including Atlassian Jira, BMC Helix (Remedy), ManageEngine Service Desk, Microsoft Azure Graph, Microsoft Online, Microsoft Teams, ServiceNow, Slack, Tufin and ZenDesk.
Cisco Duo Security
At Cisco Duo, we strive to secure and seamlessly integrate with our customers’ existing IT investments. We work with vendors across every category to solve new customer challenges and provide zero trust access and insights for everyone. As we launch new products simplifying the end-user experience and providing improved developer tooling for our partners, here are some of the latest partner integrations in the IAM/SSO, Endpoint, SIEM & Analytics categories: Microsoft, F5, Ping Identity, AWS, Unicon, Blumira, Cigent, SailPoint, Keeper Security and Obsidian Security.
Cisco Kenna Security
This year we also welcomed Kenna Security to Cisco and the CSTA. Kenna has a healthy 3rd Party ecosystem of technology partners. Please visit the Kenna ecosystem page here to browse through the available integrations here.
For more details on each partner integration in this announcement, please read through the individual partner highlights below.
More details about our partners and their integrations:
 New Cisco Secure Endpoint Integrations
The Cigent D3E integration with Cisco Secure Endpoint provides a highly effective automated response mechanism to threats detected on Windows 10 endpoints. The D3E cloud-based management console ingests security events from the Secure Endpoint console and triggers Active Lock on the local device through the D3E Windows client. Active Lock protects individual files by requiring step-up authentication until the threat is cleared. This integration ensures sensitive files are protected during periods of elevated risk. There are many options for step-up authentication, including Cisco Duo OTP and push notifications. Also have a look at a webinar recording about the D3E technology here.
 New Cisco Secure Endpoint for iOS (formerly CSC) Integrations
CLOMO a leading MDM vendor in Japan, is now part of the Cisco Secure Endpoint for IOS ecosystem. The integration allows you to upload Umbrella and Clarity profiles output from the Cisco Umbrella administration panel to the CLOMO panel. By embedding the device serial information in the uploaded profile and installing the profile on the device, you can connect to the Cisco Umbrella service. Similar to Cisco Umbrella, you can upload the Clarity profile output from the Cisco Clarity administration panel to CLOMO panel. By embedding the device serial information and MAC address information in the uploaded profile and installing the profile on the device, you can connect to the Cisco Clarity service. Read more about the integration here.
 New Cisco Cloud Security Integrations
After a couple years of development, our Splunk application for Cloud Security has arrived. Supported in both Enterprise Security and Splunk Cloud, the cloud application and updated add-on allow for the seamless integration of Cisco Umbrella into any customers existing deployment leveraging Splunk’s CIM. Included in the application are dashboards for all the major SIG components, with advanced capabilities including real time domain-based threat mitigation with Umbrella’s enforcement API and on the fly (right-click) threat intelligence enrichment with Cisco Umbrella investigate. App here.
Varonis is a pioneer in data security and analytics, specializing in software for data protection, threat detection and response, and compliance. Varonis protects enterprise data by analyzing data activity, perimeter telemetry, and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation. Varonis integrates with Cisco Umbrella to provide a holistic picture of an attack throughout the kill chain—how attackers get into an organization, how they interact with data once inside, and any data exfiltration.
Organizations achieve the best protection when security data generated across their environment is ingested centrally and analyzed holistically. Arctic Wolf is vendor neutral, meaning that they leverage existing tools. Security data from Cisco Umbrella is ingested, enriched, and analyzed by the Arctic Wolf Platform, and acted upon by the Concierge Security team. Arctic Wolf monitors customer environments for cyberattacks and alerts only when incidents are confirmed. Best of all, there is no incremental cost based on the volume of data collected.
In an update to our current integration, BlueCat has added the ability to provide East to West traffic analysis any time Cisco Umbrella identifies a potential threat, providing a full complement to Cisco Umbrella’s North to South protection. This will give customers the ability to, if needed, search for additional infected devices related to the Umbrella alert (patient zero).
Torq is a no-code automation platform for security and operations teams. Frontline security professionals use Torq’s easy workflow designer, limitless integrations and pre-built templates; to deliver stronger security in minutes. By integrating Cisco Umbrella with Torq, users can accelerate threat response, automatically remediate risks, and automate away manual security tasks.
 New Cisco Firepower Next-Gen Firewall Integrations
Cisco Secure Firewall version 7.0 has been validated to run on Nutanix’s popular AHV hypervisor. The Nutanix AHV provides customers with a native no-charge hypervisor as part of their Nutanix hyperconverged infrastructure platform, allowing Secure Firewall Virtual customers to provision a fault tolerant next-generation firewall that protects East-West, as well as North-South connections and service chains. Read more here
CyberArk reduces VPN risk with MFA enforcement on any VPN client that supports RADIUS; including Cisco. The team validated Multi factor Authentication (MFA) for Cisco ASA VPN via RADIUS using the CyberARK Connector. CyberArk can be integrated to perform MFA with Cisco ASA VPN via RADIUS to authenticate AnyConnect VPN users. In this scenario, your Cisco ASA VPN is the RADIUS client, and the CyberArk Identity Connector is the RADIUS server. Read more here.
Terraform by HashiCorp is an open-source infrastructure as code (IaaS) software tool that enables you to provision infrastructure and configures it. “Terraform Cisco ASA Provider” developed by HashiCorp has been tested, validated and documented. Read more here.
Graylog is a leading centralized log management solution for capturing, storing, and enabling real-time analysis of terabytes of machine data. The team has validated two connectors – Secure Firewall FTD LINA connector used in collecting legacy ASA (LINA) events from Secure Firewall and the Secure Firewall SYSLOG connector to receive events from Secure Firewall’s SYSLOG output when forwarding to a Graylog cloud instance. Read more here.
The popular Splunk app for Secure Firewall has been enhanced to properly display syslog-based data, in addition to eStreamer. Users can also look up Intrusion Events by CVE reference. A new panel with VPN metrics has been added. Read more details here.
Cisco and Qmulos provide a comprehensive solution for cybersecurity risk management and compliance. It comprises of Cisco’s suite of security products and Qmulos’s next generation compliance product, Q-Compliance, that can identify compliance gaps that Cisco products can address for multiple frameworks (e.g., CMMC, NIST 800-53). Read more about how Cisco and Q-Compliance are collaborating here.
5] New Cisco ISE Ecosystem Integrations
Cyber Observer’s partnership with Cisco enables CISOs to manage and monitor their cybersecurity eco-system posture. The solution built using the Cisco ISE ERS API now also monitors Cisco ISE rules, policies, settings, and alerts on key aspects and issues that could affect the entire organization. Cyber Observer offers CxOs a single pane of glass view into the application and security effectiveness of the Cisco solution as well as validation with respect to compliance and controls that apply to the organization. Lear more here.
ExtraHop Reveal(x) is a cloud-native, SaaS delivered network detection and response (NDR) solution that delivers 84% faster resolution of advanced threats. With Reveal(x), security teams achieve complete east-west visibility, real-time threat detection, and intelligent response at scale. Reveal(x) securely decrypts TLS 1.3 to detect hidden threats, critical CVEs, and to provide instant network forensics. Reveal(x) integrates with Cisco ISE to enable automated, dynamic response actions based on early detection of network threats. When Reveal(x) detects a threat, it can notify Cisco ISE to quarantine affected endpoints, preventing attackers from expanding their footprint, moving laterally, and ultimately exfiltrating data. Read more about the integration here.
LinkShadow joins the growing list of pxGrid partners. The integration with the LinkShadow Cybersecurity Analytics Platform and Cisco ISE automates threat containment removes complexity to save organizational resources, all while preventing security incidents from turning into breaches. Read more about the integration here.
Splunk SOAR (formerly Splunk Phantom) combines security infrastructure orchestration, playbook automation, case management capabilities and integrated threat intelligence to streamline your team, processes and tools. The Splunk SOAR team completed their integration with Cisco ISE. Their app supports actions like listing sessions, quarantining and un-quarantining devices and terminating sessions as well. Read more details on the app here.
Cisco ISE for ThreatConnect Playbooks allows you to use ISE actions as part of a greater security automation or orchestration. Playbooks allow you to respond to events within your environment such as notifications from a SIEM, suspected phishing emails, or alerts from asset monitoring. Additionally, you can also automate tasks as part of an incident response Workflow. These situations provide an excellent opportunity to automatically employ Cisco ISE for Playbooks to take immediate action with your endpoints. Read more details here.
 New SecureX threat response Integrations
The Amazon Guard Duty integration provides threat intelligence feeds, such as lists of malicious IP addresses and domains, and machine learning to identify unexpected and potentially unauthorized and malicious activity within your AWS environment. The integration allows querying IPv4 and IPv6 data types. This integration returns Indicators, Sighting and Relationships. Read more about the integration here.
The Recorded Future integration allows the user to enrich cyber observables with high-confidence intelligence, collected by their research team. It shows how malicious a cyber observable is and indicates that maliciousness based on the Recorded Future combined evidence. The integration allows you to pivot to Recorded Future from an observable, for a broader search. The integration allows users to query IPv4, IPv6, SHA-1, SHA-256, MD5, domain, and URL data types. This integration returns verdicts, judgements, indicators, and sightings. Read more here
The alphaMountain.ai integration enables users to conduct an investigation informed by reputation on domains and IP addresses. alphaMountain offers threat intelligence, web reputation, and content categorization collected and processed. The integration allows querying using IPv4, IPv6, domain, and URL data types. This integration returns verdicts, judgements, indicators, and sightings. Read more here.
The Sumo Logic Log Management integration indicates to the user that the observable in an investigation is contained in a log message within Sumo Logic, and that it has been observed within the environment. It provides the user with the date and time the observable was seen in the log, the collector that received the log and the log source that provided the message. The integration allows you to pivot to Sumo Logic Log Management with an observable for a broader search. The integration allows querying using IPv4, IPv6, SHA-1, SHA-256, MD5, domain and URL data types. This integration returns verdict and judgements from Sumo Logic’s query to CrowdStrike Intelligence. Additionally, sightings of observable from each log message are returned. Read more here
The Devo integration indicates to the user that the observable in an investigation is contained in a log message within Devo, and that it has been observed within the environment. It provides the user with the date and time the observable was seen in the log, the host that sent the log, and the tag and table names that contain the message. The integration allows querying using IPv4, IPv6, SHA-1, SHA-256, MD5, domain, and URL data types. This integration returns sightings of observable from each log message. Read more here
The Graylog integration empowers users to investigate an observable and determine if it is contained in a log message stored in Graylog. It provides users with the date and time the observable was seen in the log, the node that received the log , the log source and the raw log messages. This integration allows you to query IPv4, IPv6, SHA-1, SHA-256, MD5, domain, URL, file path, user and email data types; and it returns sightings of an observable from each log message. The integration also enables users to pivot into Graylog, to search for an observable in all the log messages. It will open a new browser window in the Graylog user interface, containing the results of the search on the log messages that contain that observable. Read more here.
The SecureX module for IBM QRadar allows you to Query QRadar for IPv4 and IPv6 observables in the last seven days and return Sightings in the SecureX threat response investigation. Module configuration requires firewall access to cloud, so a Cisco CX engagement recommended. Actions include pivoting into QRadar from the IP Sighting in SecureX threat response and adding to a QRadar Reference Set. Read more here
The MISP Open-Source Threat Intelligence Platform & Open Standards For Threat Information Sharing allows SecureX threat response users to add a module for their MISP instance, and see Verdict, Judgement, Indicators and Sightings for hash values, IP addresses and domains, during an investigation. Read more about MISP here. Watch the demo video here.
Radio frequency (RF) network and device data collected by Bastille Networks are available in SecureX threat response as an integrated source. Data includes RF Device location information, RF Device packet information, RF Network connectivity. Data is available on a number of RF protocols including Cellular, Bluetooth, Bluetooth Low Energy, Wi-Fi, and IEEE 802.15.4. RF information can be cross-referenced back to an endpoint on your network using the SecureX Threat Response Bastille integration. Read more here.
IBM X-Force Exchange integration in SecureX threat response enables an investigator to query IBM X-Force Exchange for observables (IP, IPV6, Domain, URL, MD5, SHA1, SHA256) and return verdicts to SecureX threat response, based on the Risk Score. Read more here.
SecureX threat response queries Palo Alto Networks AutoFocus for Sightings, Targets, and Judgements as well as any observable relations (such as name of SHA256, IP hosting a domain, etc.) Investigator has the ability to pivot into AutoFocus for additional context. More details here.
SecureX Threat Response integration with Akamai Network List pulls network application security and disposition data through the Akami APIs, resulting in visualized sightings and judgements visualized. The analyst has the response actions of Add or Remove from Akamai network list as well. Learn more about the SecureX threat response & Akamai integration here.
Block threats and enrich endpoint protection in real-time, straight from the SecureX dashboard with Cybersixgill’s Darkfeed. Powered by Cybersixgill’s unparalleled deep and dark web automated collection, SecureX users can now perform actions: like Automatically Enrich IOCs from Cisco Secure X, gain unparalleled context with essential explanations of IOCs (hash/URL/domain), enhance Cisco SecureX with seamless integration of real-time contextual data from the most comprehensive coverage of deep and dark underground sources, proactively analyze and investigate new malware threats as they emerge, get actionable insights to effectively mitigate threats, better understand malware TTPs and trends and easily & intuitively visualize your threat map. Read more here.
This module enables SecureX threat response to collect Sightings from many data sources, by using the Splunk CIM as a translation layer between data models. Read more here.
Cisco Endpoint Security Analytics (CESA) delivers Cisco AnyConnect endpoint data to prebuilt Splunk analytics and dashboards. This add-on enables SecureX threat response investigations to access telemetry that has been generated by the AnyConnect Network Visibility Module. Supported observable types include IPv4 addresses, IPv6 addresses, domains, file names and SHA256 file hashes. The extension for Splunk can be downloaded here.
 New SecureX Orchestration Integrations
ManageEngine offers enterprise IT management software for service management, operations management, Active Directory and security needs. SecureX orchestration now has atomic actions for ManageEngine workflows and include Get Tokens, Refresh Token, Create Incident, Add Work Note to Incident and Create Change Request. Access the atomic actions here.
Slack brings team communication and collaboration into one place so you can get more work done, whether you belong to a large enterprise or a small business. SecureX orchestration atomic actions for workflows include Get List Of Channels, Join Channel and Send Message To Channel. Read more here
Microsoft Teams integrates the people, content, and tools your team needs to be more engaged and effective. SecureX orchestration atomic actions with Microsoft Teams for workflows are now available and include Post Message via Webhook and Post Adaptive Card via Webhook. Read more here.
Microsoft Azure Resource Graph enables resource exploration and information management at scale to provide you full visibility into your environment. SecureX orchestration atomic actions for Azure Resource Graph workflows include Get Access Token and Get User. Read more here.
SecureX orchestration workflows can now automatically update a Cisco Secure Firewall ASA’s split tunnel configuration with Microsoft Online networks and domains. The workflows include ASA Split Tunnel and CDO Group Update. See an example video recording here.
BMC Helix ITSM is a powerful, people-centric solution that exploits emerging technologies such as AI and machine learning. SecureX orchestration atomic actions with BMC Remedy for workflows include Fetch Token, Create Incident, Work Note To Incident and Create Change Request. Access the atomic actions here.
Atlassian Jira is a proprietary issue tracking product that allows bug tracking and agile project management for software development. SecureX orchestration atomic actions for Jira workflows include Get_IDs_from_Projects, Create_Change_Request, Create_Incident and Add_Work_Note_to_Issue. You can access the atomic actions here.
Tufin enables enterprises to ensure continuous compliance and maintain audit readiness – from application connectivity to firewall management – across their hybrid cloud environment. SecureX orchestration workflows, using the Tufin-created atomic actions include Secure Firewall Threat Containment, Secure Firewall Vulnerability Prioritization and Secure Firewall IPS Alert Enrichment. Access the workflows here.
Zendesk is a service-first CRM company that builds software designed to improve customer relationships. SecureX orchestration atomic actions for workflows are now available and include Create_Ticket and Add_Work_Note_to_Ticket. Access the atomic actions here.
 New Cisco Duo Integrations
In a cloud application and mobile world, organizations can’t rely on traditional perimeter security architecture to secure access to applications. Protect access to both on-premises and cloud-based Microsoft applications with Cisco Duo’s solutions that verify trust for the workforce. More than 8,000 organizations trust Duo to simplify access to all their Microsoft applications, including Office 365, Outlook Web App (OWA), Windows desktop, services and more. Read more here.
F5 BIG-IP Access Policy Manager (APM) new integration with Cisco Duo adds stronger trust-based authentication to any VPN login. This new integration is built with Duo WebSDK v4 (Duo Universal Prompt) and does not require deploying Duo software on-premises or use RADIUS! In this configuration, F5’s BIG-IP APM acts as an Open ID Connect (OIDC) client and Duo acts as an identity provider for two-factor authentication, showing the interactive web-based Duo prompt. F5 APM + Duo provides Zero Trust for an organization by ensuring the identity of the user, security posture of their device and access policies are applied at each access request. Read more here.
PingFederate is a full-featured federation server that provides identity management, web single sign-on, and API security for customers, partners, and employees. PingFederate + Cisco Duo brings our trust-based multi-factor authentication to be used with PingFederate SSO user logins, complete with self-service enrollment, utilizing OIDC protocols for a stronger and more secure experience. Read more here.
Unicon and Cisco Duo have teamed up to provide a secure SSO and MFA combination using Central Authentication Server (CAS). Unicon created a CAS extension specifically for Duo to streamline the configuration of an updated, secure, and user-friendly MFA. Users can quickly set up Duo with CAS and deploy to all users immediately to begin using a zero-trust framework every time an access request is made. Read more here.
Cisco Duo and Blumira support zero trust principles by providing continuous and automated identity monitoring, threat detection and response. By deploying a lightweight software sensor, you can quickly start centralizing logs from all of your security tools and systems onto Blumira’s modern SIEM platform, including Duo’s security logs. You no longer need a fully staffed security team to provide secure remote access for your remote workers. Read more here.
Cigent + Cisco Duo brings multi-factor authentication and encryption for data at rest and in transit. Encrypt files everywhere. Enforce zero trust, by requiring MFA for files. The Cigent Data Defense integration with Duo Security combined solution extends Duo’s multi-factor authentication to require zero trust access to sensitive files, external media, and internal storage on Windows PCs. This integration ensures sensitive files are always protected by Duo MFA in a simple way that is far more effective than other solutions and protects files from theft, insider threat, and ransomware. Read more here.
SailPoint, the leader in identity governance, brings the Power of Identity to customers around the world, enabling greater levels of security, operational efficiency and improved compliance. Cisco Duo and SailPoint have partnered to provide a zero-trust security solution that combines strong, adaptive authentication with proactive identity governance. This enables organizations to empower their users with convenient, appropriate and secure access to the resources that they need to do their jobs. Read more here
Utilizing a cloud solution of Cisco Duo SSO + Keeper SSO Connect provides users with an easy and consistent login experience for any and every application, whether it’s on-premises or cloud-based. An organization will be able to use Duo for zero-trust access to verify the identity of the user, the security posture of their device, and apply access policies each time an access request is made to ensure only trusted users and devices are accessing the sensitive password information stored within Keeper. Read more here.
Obsidian protects business-critical SaaS applications against account compromise, insider threats, data leaks, and bad posture. Combined with Duo security logs, Obsidian’s threat detection rules and models analyze data from Duo with activity data across critical SaaS applications, allowing customers to quickly detect external attacks, privilege elevation, publicly shared files, admin sprawl, and more. Monitor activity across all SaaS accounts in a single console. Save time with normalized activity data for easier triage, investigation and hunting. Read more here.
AWS customers can protect their applications authenticated through Directory Service with Cisco Duo’s MFA in less than 10 minutes using the Quick Start. The gold-standard for deploying third-party services in AWS, the Quick Start guides that meet best practices of security and high availability. Supported by Duo and AWS, the Duo MFA Quick Start also offers technical and troubleshooting support. Read more here.
 Cisco Kenna Security Integrations
The Microsoft Defender for Endpoint TVM integration with Cisco Kenna.VM brings endpoint vulnerability data found by TVM into the Kenna.VM platform and presents this information in the context of all vulnerability data sources, enabling organization to understand their security threat landscape and to prioritize vulnerability remediation. Read more here