Technology company Cisco beefed up its Extended Detection and Response (XDR) by analytics to prioritize detections. Cisco XDR moves the focus from endless investigations to remediating the highest-priority incidents with evidence-backed automation.
According to Cisco, this is just one of the efforts to achieve a unified, (artificial intelligence) AI-driven, cross-domain security platform which is the Cisco Security Cloud.
Cisco’s XDR strategy leverages visibility across the network and endpoints into one turnkey, risk-based solution. Now in Beta with General Availability coming in July 2023, Cisco XDR simplifies investigating incidents and enables security operations centers (SOCs) to immediately remediate threats.
Cisco launches Zero Trust assessment tool to help SMBs with cybersecurity
Cisco to train over 6 million people in cybersecurity, digital skills in APAC
“The threat landscape is complex and evolving,” Jeetu Patel, EVP and GM of Security and Collaboration at Cisco, said in a statement. “Detection without response is insufficient, while response without detection is impossible.”
Telemetry
Cisco XDR focuses on telemetry-centric data and delivers outcomes in minutes. It natively analyzes and correlates the six telemetry sources that Security Operations Center (SOC) operators say are critical for an XDR solution: endpoint, network, firewall, email, identity, and DNS. On the endpoint specifically, Cisco XDR leverages insight from 200 million endpoints with Cisco Secure Client, formerly AnyConnect, to provide process-level visibility of where the endpoint meets the network.
Cisco XDR integrates with leading third-party vendors to share telemetry, increase interoperability, and deliver consistent outcomes regardless of vendor or technology.
The initial set of out-of-the-box integrations at general availability include:
- Endpoint Detection and Response (EDR): CrowdStrike Falcon Insight XDR, Cybereason Endpoint Detection and Response, Microsoft Defender for Endpoint, Palo Alto Networks Cortex XDR, SentinelOne Singularity, Trend Vision One
- Email Threat Defense: Microsoft Defender for Office, Proofpoint Email Protection
- Next-Generation Firewall (NGFW): Check Point Quantum, Palo Alto Networks Next-Generation Firewall
- Network Detection and Response (NDR): Darktrace DETECT and Darktrace RESPOND, ExtraHop Reveal(x)
- Security Information and Event Management (SIEM): Microsoft Sentinel