Cisco has unveiled the latest progress towards its vision of the Cisco Security Cloud, a unified, artificial intelligence (AI)-driven, cross-domain security platform. Cisco’s new XDR solution and the release of advanced features for Duo MFA will help organisations better protect the integrity of their entire IT ecosystem.
Threat detection and response
Cisco’s XDR strategy converges its deep expertise and visibility across the network and endpoints into one turnkey, risk-based solution. Now in beta with general availability coming in July 2023, Cisco XDR simplifies investigating incidents and enables security operations centres (SOCs) to immediately remediate threats. The cloud-first solution applies analytics to prioritise detections and moves the focus from endless investigations to remediating the highest priority incidents with evidence-backed automation.
Commenting on the launch, Jeetu Patel, executive vice president and general manager, Security and Collaboration, Cisco, said, “The threat landscape is complex and evolving. Detection without response is insufficient, while response without detection is impossible. With Cisco XDR, security operations teams can respond and remediate threats before they have a chance to cause significant damage. Cisco continues to ensure that ‘if it is connected, then rest assured you are also protected.’ We are uniquely positioned to deliver integrated solutions that simplify securing today’s increasingly complex, hybrid multi-cloud environments without compromising user experience.”
While traditional security information and event management (SIEM) technology provides management for log-centric data and measures outcomes in days, Cisco XDR focuses on telemetry-centric data and delivers outcomes in minutes. It natively analyses and correlates the six telemetry sources that security operations centre (SOC) operators say are critical for an XDR solution: endpoint, network, firewall, email, identity, and DNS. On the endpoint specifically, Cisco XDR leverages insight from 200 million endpoints with Cisco Secure Client, formerly AnyConnect, to provide process-level visibility of where the endpoint meets the network.
Meanwhile, Frank Dickson, group vice president, security and trust, IDC, said, “The true measure of XDR is its ability to deliver actual security outcomes, real and measurable benefit to organisations — early detection, impact prioritisation, and effective and efficient response. True results need to be quantifiable numerically and not just qualitatively described with words. Cisco XDR delivers a clear framework for enabling organisations to achieve such tangible outcomes.”
In addition to Cisco’s native telemetry, Cisco XDR integrates with leading third-party vendors to share telemetry, increase interoperability, and deliver consistent outcomes regardless of vendor or technology. The initial set of out-of-the-box integrations at general availability include:
- Endpoint detection and response (EDR): CrowdStrike Falcon Insight XDR, Cybereason Endpoint Detection and Response, Microsoft Defender for Endpoint, Palo Alto Networks Cortex XDR, SentinelOne Singularity, Trend Micro Vision One
- Email threat defence: Microsoft Defender for Office, Proofpoint Email Protection
- Next-generation firewall (NGFW): Check Point Quantum, Palo Alto Networks Next-Generation Firewall
- Network detection and response (NDR): Darktrace DETECT and Darktrace RESPOND, ExtraHop Reveal(x)
- SIEM: Microsoft Sentinel
Further, Brad Davenport, vice president, Technical Architecture, Logicalis, said, “Throughout Logicalis’ decades-long pursuit to becoming a world class integrator; we have recognized the impact extensibility can have on the viability and efficacy of any solution. With the launch of Cisco XDR, we can finally provide our customers with XDR outcomes as a solution or managed offering. We see this as a natural progression for us along the security maturity journey. Logicalis is very excited to put our combined expertise to work for our clients and offer Cisco XDR to help them achieve their business outcomes.”
Zero trust and access management
As attackers increasingly target gaps in weaker multi-factor authentication (MFA) implementations, Cisco is redefining what is essential for access management. Every business needs three key pillars for their access management strategy: enforcing strong authentication, verifying devices, and reducing the number of passwords in use. This is why, beginning on May 1, Cisco is adding trusted endpoints to all its paid Duo editions. Previously just available in Duo’s highest tier, trusted endpoints allows only registered or managed devices to access resources. By delivering trusted endpoints alongside Single Sign On, MFA, Passwordless, and Verified Push within the entry-level Duo Essentials edition, Cisco is delivering the most secure, cost-effective, and user-friendly access management solution on the market.
Mattheus Bovbjerg, vice president, Integrations, Darktrace, said, “Darktrace DETECT and RESPOND, parts of the Darktrace Cyber AI Loop, can quickly contain and disarm threats, whether known or unknown, and with a high degree of fidelity. Our collaboration with Cisco will provide our mutual customers with added visibility into security incidents and actions across cloud, network and OT. We look forward to expanding this collaboration to additional coverage areas including email and software-as-a-service (SaaS) applications in the future.”
Additionally, Jesse Rothstein, chief technology officer and co-founder, ExtraHop, said, “As organisations embrace the network as the essential source for cybertruth, our partnership with Cisco offers enterprises the ability to integrate ExtraHop with best-of-breed products for a more comprehensive view of their IT environments. Joint customers will benefit from ExtraHop’s enterprise-grade, high–fidelity detections with network decryption and support for more than 80+ protocols, while also seamlessly integrating with log and endpoint solutions to achieve more streamlined investigations.”
Furthermore, Akhil Kapoor, vice president, Technology Partnerships and Business Development, SentinelOne, said,”SentinelOne is excited to team with Cisco to deliver market-leading solutions that allow our joint customers to push the boundaries of security. We look forward to integrating our EDR and Cloud Workload Protection (CWPP) solutions with Cisco to help organisations of all sizes secure tomorrow today.”
Lastly, Mike Gibson, senior vice president, Global Services and Customer Success, Trend Micro, said, “Our vision for XDR is to provide customers with a comprehensive, consolidated view of their security posture, enabling them to respond to threats quickly and effectively. The integration with Cisco XDR is a significant step forward in the evolution of cybersecurity. By leveraging the strength of both solutions, we are able to offer our customers a unified solution that expands telemetry insights to gain a greater perspective of their security environment enabling them to detect threats faster and respond more effectively.”