Highlights:
- Cisco XDR will be launched in July. Cisco’s own technology and third-party security services will help clients regulate network access, analyze events, mitigate risks, and automate actions from a single cloud-based interface.
Cisco Systems Inc., a networking giant, is expanding its expertise into the extended detection and response market by introducing a new SaaS platform incorporating multiple threat detection tools to safeguard enterprise computing resources.
Cisco has stated that the new Cisco XDR service will be ready in July. It will combine several of Cisco’s internal technologies and third-party security services to assist clients in controlling network access, analyzing events, mitigating risks, and automating actions, all from a single cloud-based interface.
Cisco XDR collects data from six telemetry sources considered necessary for any extended detection platform by most security professionals, including endpoints, firewalls, networks, identity, email, and domain name systems. In terms of endpoints, Cisco XDR is as extensive as it gets, capturing data from over 200 million sources via Cisco Secure Client, formerly called AnyConnect. As a result, it enables process-level insight into every location where endpoints connect to the customer’s network.
According to the business, Cisco XDR aims to correlate and analyze native and third-party data sources to enable detection and reaction in near-real time.
Cisco XDR supports third-party solutions such as Palo Alto Networks Inc.’s Cortex XDR and Next-Gen Firewall, Microsoft Corp.’s Defender for Endpoint and Office, SentinelOne Inc.’s Singularity, Trend Micro Inc.’s Vision One, and ExtraHop Networks Inc.’s Reveal. Cisco XDR also accepts data from security information and event management solutions such as Microsoft’s Sentinel Zero Trust.
Cisco claims that its platform enables security teams to identify and neutralize attacks before they do significant harm to customers’ networks and organizations. Unlike SIEM platforms, which are frequently compared to XDR solutions, Cisco XDR identifies and analyzes risks in real time rather than looking at previous data for forensic analysis.
By integrating everything under one roof, operators can examine everything from email and web traffic to access control and acquire a far clearer view of emerging security patterns, according to Cisco.
According to Raj Chopra, Senior Vice President and Chief Product Officer of Cisco Security, Cisco XDR is part of the company’s “Security Cloud” goal of a single platform that unifies security and networking services across multi-cloud settings. In the future, the firm plans to expand on its first launch by integrating more telemetry sources.
“There are three or four very big vectors that we are already working on that will also be part of the XDR, which is going to make this even more helpful in even more environments going forward,” Raj Chopra said.
Cisco XDR will evolve over time, learning from information collected from Cisco’s vast consumer base.
Frank Dickson, an analyst at International Data Corporation, stated that the accurate measurement of any XDR platform is its ability to provide organizations with actual and quantifiable benefits. These include early detection, prioritization of impact, and efficient and effective responses.
Raj Chopra said, “True results need to be quantifiable numerically and not just qualitatively described with words. Cisco XDR delivers a clear framework for enabling organizations to achieve such tangible.”
While Cisco XDR will be released in July, consumers of its Duo Editions access protection software will gain support for Trusted Endpoints on May 1. Previously, only Duo’s highest-tier subscribers had access to this feature.
Before granting access to applications, Duo protects against cyber intrusions by using adaptive multifactor authentication to authenticate the identity of users and the health of their devices. Trusted Endpoints blocks unregistered or unmanaged devices from network resources.