Cisco Extended Detection and Response (XDR) aims to accelerate and simplify security processes in cross-manufacturer, hybrid environments. Evidence-based automation prioritizes and remediates security incidents.
Cisco XDR is a complete in-house development and will be generally available in July 2023. The solution simplifies incident investigation across the IT ecosystem and enables Security Operations Centers (SOCs) to immediately mitigate threats. The cloud-first solution uses AI-supported, analytical methods to accelerate the evaluation of incidents and responses to them.
This shifts the focus from intricate investigations into all operations to resolving the highest-priority incidents—based on evidence-based automation. Compared to the previous EDR approach (Endpoint Detection and Response), not only end devices are analyzed, but also everything in front of them - i.e. virtual and physical servers, network components such as routers and switches, cloud workloads and applications - such as e-mails.
XDR faster than SIEM
🔎 Cisco's XDR solution prioritizes all incidents (Image: Cisco).
While traditional SIEM (Security Information and Event Management) technologies handle the management of log-centric data and evaluations take several days, Cisco XDR focuses on telemetry-centric data and delivers results in minutes. Cisco XDR natively analyzes and correlates six telemetry sources that security operations center (SOC) operators are critical to an XDR solution: endpoint, network, firewall, email, identity, and DNS. Cisco XDR leverages insights from 200 million endpoints running Cisco Secure Client, formerly AnyConnect, to monitor endpoints. At the process level, these provide insights into how end devices connect to the network.
In addition to Cisco's native telemetry, leading third-party detection and automation can be connected to Cisco XDR - a key approach to enable maximum benefit for users.
The following connections are already available
- Endpoint Detection and Response (EDR): Cybereason Endpoint Detection and Response, Microsoft Defender for Endpoint,
- Palo Alto Networks Cortex XDR, Trend Micro Vision One, SentinelOne Singularity
- Email Threat Defense: Microsoft Defender for Office, Proofpoint email protection
- Next Generation Firewall (NGFW): Palo Alto Networks next generation firewall
- Network Detection and Response (NDR): ExtraHop Reveal(x)
- Security Information and Event Management (SIEM): Microsoft Sentinel
Do you have a moment?
Take a few minutes for our 2023 user survey and help make B2B-CYBER-SECURITY.de better!You only have to answer 10 questions and you have an immediate chance to win prizes from Kaspersky, ESET and Bitdefender.
Here you go directly to the survey
Cisco DUO: Update for many users
As attackers are increasingly targeting vulnerabilities in weak multi-factor authentication (MFA) implementations, Cisco is significantly expanding the functionality of its DUO offering for many user groups. MFA is thus experiencing an enormous leap in quality across the board.
As of May 1st, Trusted Endpoints is included in all Duo editions except the Free version. Trusted Endpoints, previously only available in Duo's largest package, allow only enrolled or managed devices to access resources. By providing Trusted Endpoints alongside Single Sign On, MFA, Passwordless, and Verified Push in the Duo Essentials Edition, Cisco offers the most secure, cost-effective, and easy-to-use access management solution on the market.
More at Cisco.com
About Cisco Cisco is the world's leading technology company that makes the Internet possible. Cisco is opening new possibilities for applications, data security, infrastructure transformation and the empowerment of teams for a global and inclusive future.