Cisco’s XDR enables organizations to collect and analyze threat data, as well as prioritize, hunt, and remediate threats. Cisco’s XDR security solution is part of the SecureX cloud-native platform, which integrates with all Cisco security offerings. Organizations use SecureX to centralize security products and environments, such as network security, cloud edge, and EDR.
Cisco XDR is a solution designed to extend the capabilities of Cisco’s detection and response solutions. Organizations can use it to collect and correlate data across email applications, endpoints, cloud resources, servers, and networks. It enables teams to analyze, prioritize, hunt, and remediate threats for protection against data loss or breach. Cisco XDR is part of the SecureX security platform.
What Is SecureX?
Cisco SecureX is a cloud-native security orchestration platform that connects Cisco security services with infrastructure. It is designed to create a consistent user experience that provides access to automation, facilitates collaboration, and drives measurable insights.
SecureX natively integrates a variety of Cisco security solutions in the following areas:
Network security—includes Cisco Next-Gen Firewall, AnyConnect, Stealthwatch, ISE, Web Security, and Meraki MX. These solutions filter traffic, enable secure remote access, provide analytics and threat detection, enable segmentation, filter web content, and provide a secure wide area network.
User and endpoint protection—includes Cisco XDR, Duo, AMP for Endpoints, Email Security, Security Connector, and Meraki SM. These solutions enable identity controls, detect and respond to threats, filter email content, filter mobile device traffic, and enable mobile device management.
Cloud edge—includes Cisco Umbrella, Cloudlock, and Stealthwatch Cloud. These solutions filter internet traffic, protect against data breaches, and provide in-depth visibility.
Application security—includes Cisco Tetration. This solution provides workload protections, increases visibility, and enables micro-segmentation.
SecureX is designed as an integrated, portfolio-based solution. This is in contrast to solution-based or technology-based options.
Solution-based—built on siloed solutions. These solutions provide limited context and visibility and can only cover limited control points. Examples of solution-based platforms include next-generation firewalls, endpoint protection platforms, and secure internet gateways.
Technology-based—built through, often complex, integrations. These solutions lack native controls and can leave blind spots. Examples of technology-based platforms include system information and event management (SIEM) and security orchestration, automation, and response (SOAR).
Portfolio-based—built on natively integrated back and frontends. These solutions can also be integrated with third-party solutions and can provide streamlined workflows and visibility across control points. SecureX is an example of this type of platform.
Different XDR security solutions offer different architectures. Read our articles about McAfee XDR and Palo Alto XDR.
The SecureX platform provides a variety of capabilities to help organizations efficiently secure their systems. These capabilities are built-in to the platform and can be extended through Cisco or third-party integrations.
The SecureX platform enables unified visibility of an organization’s entire security portfolio, including activity feeds, threat intelligence, and delivery of metrics. This includes built-in metrics capabilities including measures for incident burndown, mean time to detection (MTTD), and mean time to remediation (MTTR).
Teams can incorporate these metrics with case management features. These features enable teams to assign and track incident cases and to add contextual information as they gather it.
Automation in SecureX is based on a no or low code approach in an intuitive drag and drop interface. Teams can use this interface to create automation workflows and playbooks that are shareable across their organization.
Through the SecureX adapter, playbooks can be used to orchestrate workflows across security solutions, cloud resources, Internet of Things (IoT) devices, data centers, and networks. There are currently more than 50 adapters available with more in development.
In addition to custom playbooks, SecureX includes pre-built playbooks for known and common threats. These playbooks include scripts for collecting event data, correlating information, detecting threats, and responding to incidents. Teams can use playbooks to automate responses fully or to isolate threats for further investigation.
Managed threat hunting
Included in the SecureX platform are services for managed threat hunting. These services enable teams to hunt across domains while leveraging threat intelligence and data correlation technologies. Through hunting, security professionals can detect persistent and targeted threats that have bypassed existing systems.
Threat services are performed by Talos, a team of dedicated security experts operated by Cisco. This team consistently works to research threats and distribute information on both threat and remediation to SecureX users through the dashboard.
Fast time to value
SecureX provides the most significant benefit for existing Cisco users. From the Cisco account dashboard organizations can add their solutions to SecureX by providing the relevant API keys. This includes Cisco solutions and third-party or custom solutions. Organizations can also attach any on-premises devices they need to monitor, including firewalls or email servers.
Beyond XDR Security With Cynet’s Autonomous Breach Protection
Cynet 360 is an autonomous breach protection platform that works in three levels, providing XDR, Response Automation, and 24/7 MDR in one unified solution. Cynet natively integrates these three services into an end to end, fully-automated breach protection platform.
Cynet’s XDR layer includes the following capabilities:
Endpoint protection—multilayered protection against malware, ransomware, exploits and fileless attacks.
Network protection—protecting against scanning attacks, MITM, lateral movement and data exfiltration.
User protection—preset behavior rules coupled with dynamic behavior profiling to detect malicious anomalies.
Deception—wide array of network, user, file decoys to lure advanced attackers into revealing their hidden presence.
Cynet 360 can be deployed across thousands of endpoints in less than two hours. It can be immediately used to uncover advanced threats and then perform automatic or manual remediation, disrupt malicious activity and minimize damage caused by attacks.