Cisco’s XDR enables organizations to collect and analyze threat data, as well as prioritize, hunt, and remediate threats. Cisco’s XDR security solution is part of the SecureX cloud-native platform, which integrates with all Cisco security offerings. Organizations use SecureX to centralize security products and environments, such as network security, cloud edge, and EDR.
In this article, you will learn:
Cisco XDR is a solution designed to extend the capabilities of Cisco’s detection and response solutions. Organizations can use it to collect and correlate data across email applications, endpoints, cloud resources, servers, and networks. It enables teams to analyze, prioritize, hunt, and remediate threats for protection against data loss or breach. Cisco XDR is part of the SecureX security platform.
Cisco SecureX is a cloud-native security orchestration platform that connects Cisco security services with infrastructure. It is designed to create a consistent user experience that provides access to automation, facilitates collaboration, and drives measurable insights.
SecureX natively integrates a variety of Cisco security solutions in the following areas:
SecureX is designed as an integrated, portfolio-based solution. This is in contrast to solution-based or technology-based options.
The SecureX platform provides a variety of capabilities to help organizations efficiently secure their systems. These capabilities are built-in to the platform and can be extended through Cisco or third-party integrations.
The SecureX platform enables unified visibility of an organization’s entire security portfolio, including activity feeds, threat intelligence, and delivery of metrics. This includes built-in metrics capabilities including measures for incident burndown, mean time to detection (MTTD), and mean time to remediation (MTTR).
Teams can incorporate these metrics with case management features. These features enable teams to assign and track incident cases and to add contextual information as they gather it.
Automation in SecureX is based on a no or low code approach in an intuitive drag and drop interface. Teams can use this interface to create automation workflows and playbooks that are shareable across their organization.
Through the SecureX adapter, playbooks can be used to orchestrate workflows across security solutions, cloud resources, Internet of Things (IoT) devices, data centers, and networks. There are currently more than 50 adapters available with more in development.
In addition to custom playbooks, SecureX includes pre-built playbooks for known and common threats. These playbooks include scripts for collecting event data, correlating information, detecting threats, and responding to incidents. Teams can use playbooks to automate responses fully or to isolate threats for further investigation.
Managed threat hunting
Included in the SecureX platform are services for managed threat hunting. These services enable teams to hunt across domains while leveraging threat intelligence and data correlation technologies. Through hunting, security professionals can detect persistent and targeted threats that have bypassed existing systems.
Threat services are performed by Talos, a team of dedicated security experts operated by Cisco. This team consistently works to research threats and distribute information on both threat and remediation to SecureX users through the dashboard.
Fast time to value
SecureX provides the most significant benefit for existing Cisco users. From the Cisco account dashboard organizations can add their solutions to SecureX by providing the relevant API keys. This includes Cisco solutions and third-party or custom solutions. Organizations can also attach any on-premises devices they need to monitor, including firewalls or email servers.
Cynet 360 is an autonomous breach protection platform that works in three levels, providing XDR, Response Automation, and 24/7 MDR in one unified solution. Cynet natively integrates these three services into an end to end, fully-automated breach protection platform.
Cynet’s XDR layer includes the following capabilities:
Cynet 360 can be deployed across thousands of endpoints in less than two hours. It can be immediately used to uncover advanced threats and then perform automatic or manual remediation, disrupt malicious activity and minimize damage caused by attacks.
Get a free trial of Cynet 360 and experience the world’s only integrated XDR, SOAR and MDR solution.