Cisco automates response to cyber threats

  • April 26, 2023
  • Steve Rogerson

At this week’s RSA conference in California, Cisco unveiled a way to detect cyber threats quickly and respond automatically.

This is part of its progress towards its vision of the Cisco Security Cloud, a unified, AI-driven, cross-domain security platform. The XDR option and the release of features for Duo MFA should help organisations better protect the integrity of their entire IT ecosystem.

Cisco’s XDR strategy converges its expertise and visibility across the network and endpoints into one turnkey, risk-based offering. Now in beta with general availability coming in July 2023, XDR simplifies investigating incidents and enables security operations centres (SOCs) to remediate threats immediately.

The cloud-first offering applies analytics to prioritise detections and moves the focus from endless investigations to remediating the highest priority incidents with evidence-backed automation.

“The threat landscape is complex and evolving,” said Jeetu Patel, executive vice president at Cisco. “Detection without response is insufficient, while response without detection is impossible. With Cisco XDR, security operations teams can respond and remediate threats before they have a chance to cause significant damage. Cisco continues to ensure that if it’s connected, you’re also protected. We are uniquely positioned to deliver integrations that simplify securing today’s increasingly complex, hybrid multi-cloud environments without compromising user experience.”

While traditional security information and event management (SIEM) technology provides management for log-centric data and measures outcomes in days, XDR focuses on telemetry-centric data and delivers outcomes in minutes. It natively analyses and correlates the six telemetry sources that SOC operators say are critical for XDR: endpoint, network, firewall, email, identity and DNS. On the endpoint specifically, it leverages insight from 200 million endpoints with Cisco Secure Client, formerly AnyConnect, to provide process-level visibility of where the endpoint meets the network.

“The true measure of XDR is its ability to deliver actual security outcomes, real and measurable benefit to organisations – early detection, impact prioritisation, and effective and efficient response,” said Frank Dickson, group vice president at IDC. “True results need to be quantifiable numerically and not just qualitatively described with words. Cisco XDR delivers a clear framework for enabling organisations to achieve such tangible outcomes.”

In addition to Cisco’s native telemetry, XDR integrates with third-party vendors to share telemetry, increase interoperability, and deliver consistent outcomes regardless of vendor or technology. The initial set of out-of-the-box integrations at general availability include: endpoint detection and response (EDR); email threat defence; firewall; network detection and response; and SIEM.

As attackers increasingly target gaps in weaker multi-factor authentication (MFA) implementations, Cisco is redefining what is essential for access management. Every business needs three key pillars for its access management strategy: enforcing strong authentication, verifying devices, and reducing the number of passwords in use. This is why, beginning on May 1st, Cisco is adding trusted endpoints to all its paid Duo editions. Previously just available in Duo’s highest tier, trusted endpoints allow only registered or managed devices to access resources. By delivering trusted endpoints alongside single sign on, MFA, passwordless and verified push within the entry-level Duo essentials edition, Cisco is delivering secure, cost-effective and user-friendly access management.

“Our vision for XDR is to provide customers with a comprehensive, consolidated view of their security posture, enabling them to respond to threats quickly and effectively,” said Mike Gibson, senior vice president of Trend Micro. “The integration with Cisco XDR is a significant step forward in the evolution of cyber security. By leveraging the strength of both, we are able to offer our customers a unification that expands telemetry insights to gain a greater perspective of their security environment enabling them to detect threats faster and respond more effectively.”