Cisco has unveiled its Extended Detection and Response (XDR) solution, which aims to simplify security operations in today’s complex, multi-vendor, multi-threat landscape. With unmatched visibility across the network and endpoint, the cloud-first solution applies analytics to prioritise detections, allowing security operations centres (SOCs) to immediately remediate threats. The focus has shifted from endless investigations to remediating the highest priority incidents with evidence-backed automation.
Traditional Security Information and Event Management (SIEM) technology provides management for log-centric data and measures outcomes in days, while Cisco XDR focuses on telemetry-centric data and delivers outcomes in minutes. It natively analyses and correlates the six telemetry sources that SOC operators say are critical for an XDR solution: endpoint, network, firewall, email, identity, and DNS. On the endpoint specifically, Cisco XDR leverages insight from 200 million endpoints with Cisco Secure Client, formerly AnyConnect, to provide process-level visibility of where the endpoint meets the network.
Frank Dickson, Group Vice President, Security & Trust, IDC, said: “The true measure of XDR is its ability to deliver actual security outcomes, real and measurable benefit to organisations — early detection, impact prioritisation, and effective and efficient response. True results need to be quantifiable numerically and not just qualitatively described with words. Cisco XDR delivers a clear framework for enabling organisations to achieve such tangible outcomes.”
In addition to Cisco’s native telemetry, Cisco XDR integrates with leading third-party vendors to share telemetry, increase interoperability, and deliver consistent outcomes regardless of vendor or technology. The initial set of out-of-the-box integrations at general availability include endpoint detection and response (EDR), email threat defence, next-generation firewall (NGFW), network detection and response (NDR), and security information and event management (SIEM).
Meanwhile, as attackers increasingly target gaps in weaker multi-factor authentication (MFA) implementations, Cisco is redefining what is essential for access management. Every business needs three key pillars for its access management strategy: enforcing strong authentication, verifying devices, and reducing the number of passwords in use. Cisco has announced that Trusted Endpoints will be added to all its paid Duo Editions beginning on May 1st. Previously just available in Duo’s highest tier, Trusted Endpoints allows only registered or managed devices to access resources. By delivering Trusted Endpoints alongside Single Sign On, MFA, Passwordless, and Verified Push within the entry-level Duo Essentials edition, Cisco is delivering the most secure, cost-effective, and user-friendly access management solution on the market.
