security

What You Need to Know About Cisco XDR – TechDecisions


Cisco is launching a new extended detection and response (XDR) solution, this summer, as part of Cisco Security Cloud, a unified, AI-driven, cross-domain security platform designed to converge the company’s expertise and visibility across the network and endpoints into one security solution.

The company announced the news during the annual RSA Conference. In addition, the company announced new advanced features in all editions of Duo MFA, the Cisco’s access management solution.

What is Cisco’s new XDR offering?

According to the company, Cisco XDR is a cloud-first solution designed to simplify investigation of cyber incidents and enable security operations centers to immediately remediate threats.

Cisco XDR applies analytics to prioritize detections and moves the focus from endless investigations to remediating the highest priority incidents with evidence-backed automation, the company says.

Different from traditional security information and event management (SIEM) solutions, Cisco says its new XDR solution focuses on telemetry-centric data and delivers much faster outcomes by natively analyzing and correlating six telemetry sources that are critical to SOC operations.

The company calls Cisco XDR “as close to real-time as possible,” by dealing with high-fidelity data with insight into ever mailbox, forward, packet and process.

Those six telemetry sources are endpoint, network, firewall, email, identity and DNS, according to Cisco.

For endpoints, Cisco XDR leverages insight from 200 million endpoints with Cisco Secure Client, formerly AnyConnect, to provide process-level visibility of where the endpoint meets the network, the company says.

On the endpoint specifically, Cisco XDR leverages insight from 200 million endpoints with Cisco Secure Client, formerly AnyConnect, to provide process-level visibility of where the endpoint meets the network.

Readers Also Like:  Spyware: Researchers study use of apps, suggest safeguards - CTV News

Integrations with third-party security vendors

According to Cisco, the XDR solutions integrates with many third-party vendors to share telemetry and increase interoperability, with an initial set out out-of-the-box integrations that include:

  • Endpoint Detection and Response (EDR): CrowdStrike Falcon Insight XDR, Cybereason Endpoint Detection and Response, Microsoft Defender for Endpoint, Palo Alto Networks Cortex XDR, SentinelOne Singularity, Trend Vision One
  • Email Threat Defense: Microsoft Defender for Office, Proofpoint Email Protection
  • Next-Generation Firewall (NGFW): Check Point Quantum, Palo Alto Networks Next-Generation Firewall
  • Network Detection and Response (NDR): Darktrace DETECT and Darktrace RESPOND,  ExtraHop Reveal(x)
  • Security Information and Event Management (SIEM): Microsoft Sentinel

By sharing data across vendor lines and applying advanced analytics on that telemetry, Cisco XDR can quickly find and respond to sophisticated attacks, the company says.

When is Cisco XDR available?

According to the company, the XDR solution is currently in Beta and will be generally available in July 2023.

Duo MFA enhancements

Cisco says it is adding Trusted Endpoints to all of its paid Duo editions. This was previously only available in Duo’s highest tier, but are now available starting May 1.

According to Cisco, Trusted Endpoints allows only registered or managed devices to access resources. Trusted Endpoints is now offering alongside Single Sign On, MFA, Passwordless and Verified Push within the entry-level Duo Essential edition.





READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.