During the RSA event, Cisco introduced its new Extended Detection and Response (XDR) solution and advanced features for Duo MFA, which will help organizations protect their IT ecosystem. These innovations are included in the Cisco Security Cloud, a unified security platform powered by artificial intelligence and designed for multiple environments.
Cisco is developing a new XDR solution, which combines the company’s expertise and visibility into networks and endpoints to create a risk-based solution for threat detection and response. Cisco XDR, which is currently in beta, will be available in July 2023 and will enable security operations centers (SOCs) to immediately mitigate threats through test-based automation and risk analysis. The cloud-native solution applies analytics to prioritize detections and automate response, reducing the need for endless investigations.
Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco, points out that the cyberthreat landscape is increasingly complex and that detection without response is insufficient, while response without detection is impossible. That’s why, with the Cisco XDR solution, security teams can respond and remediate threats early, before they can cause significant damage.
Unlike traditional security information and event management (SIEM) technology, which analyzes log-based data and takes days to deliver results, Cisco XDR focuses on telemetry data and provides results in minutes. The XDR solution combines six sources of telemetry critical to security operations centers (SOCs): endpoints, network, firewall, email, identity, and DNS, and natively analyzes and correlates them.
Frank Dickson, Vice President of the Security and Trust Division at IDC, notes that the real advantage of XDR lies in its ability to deliver tangible security outcomes, including early detection, prioritization of impact, and efficient and effective response. According to Dickson, results must be quantifiable numerically, not just described in words, and Cisco XDR provides a clear framework to help organizations achieve these measurable results.
The Cisco XDR solution not only uses native Cisco telemetry, but also integrates with third-party providers to share data, extend interoperability, and provide consistent results regardless of vendor or technology. The solution includes an initial set of “out of the box” integrations with third-party providers in different areas, including:
- Endpoint Detection and Response (EDR): Cybereason Endpoint Detection and Response, Microsoft Defender for Endpoint, Palo Alto Networks Cortex XDR, Trend Micro Vision One, and SentinelOne Singularity.
- Defense against email threats: Microsoft Defender for Office and Proofpoint Email Protection.
- Next-Generation Firewall (NGFW): Palo Alto Networks Next-Generation Firewall.
- Network Detection and Response (NDR): ExtraHop Reveal(x).
- Security Information and Event Management (SIEM): Microsoft Sentinel.
Cisco is adding advanced functionality to its Duo multi-factor access management solution to improve security in hybrid multi-cloud environments. The integration of Trusted Endpoints in Duo, along with Single Sign On, MFA, Passwordless, and Verified Push, will allow access only to registered or managed devices. According to Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco, their solution ensures that if the user is connected, they are also protected, without compromising the user experience.