XDR is a unified incident detection and response platform that sits between the various layers of detection and response tools, normalizes their different datasets, runs high-fidelity analyses, and coordinates approvals/actions to make it easier for teams to understand the full scope of security issues and remediate quickly and efficiently. By bringing these functions together, efficiency and efficacy go up and overall TCO goes down.
Fundamentally, XDR is an evolution on two previously existing detection and response layers, Network Detection and Response (NDR) and Endpoint Detection and Response (EDR). We will likely see more of this type of evolution as security platforms become more and more, but the underlying EDR/NDR capabilities will still be important.
Cisco’s approach to XDR is built on native integrations between our platform, SecureX, our NDR, Cisco Secure Network Analytics (formerly Stealthwatch), and Secure Endpoint. Our robust EDR technology makes it easier to cut through the noise of alerts, understand what happened, how to act, and how to strengthen defenses in the future without changing interfaces. These four elements are critical in any XDR strategy because they accelerate time-to-detection and decrease dwell time.
A unified detection and response platform is a simple concept to grasp but building an XDR solution isn’t something that can be slapped together quickly.
To learn about Cisco’s platform approach to XDR, read out recently published eBook.
ATT&CK is a collection of the methods used by cyber attackers to get access to your environment. MITRE took the hundreds of tactics and mapped them to a relatively short list of 41 mitigations. These make it easier to have security conversations and discuss mitigations rather than asking questions.
To learn more about MITRE ATT&CK check out our blog.
This is why we’ve mapped key functionality within Secure Endpoint to MITRE ATT&CK — a framework focused on understanding the specific tactics, techniques, and procedures used by attackers to infiltrate systems. This makes it easy for teams to see the type of mitigations they have available, which ones to use, and when to use them.
When you need fast answers to about a particular device or group of devices, Orbital Advanced Search is just the thing you need. With hundreds of pre-built queries, security teams can run complex checks in to the status of any or all endpoint, at any point in the device’s history. This is very effective to discover root cause analysis and understanding when and where a threat might have entered the environment. These queries can be inserted into broader security playbooks that are run automatically or on demand on regular intervals. Because we’ve already mapped existing IoCs to MITRE ATT&CK, your team doesn’t need to have expertise on how different malware strains behave, the specific remediation steps, or MITRE itself. They’ll be able leverage the knowledge that we’ve coded into our security portfolio to make smarter decisions faster.
Threat Hunting, which was once only available to the most mature security environments, is now available through Secure Endpoint. With the expertise of Talos and our Research and Efficacy Team, Cisco proactively identifies threats in customer environments. This means high-fidelity alerting from automated, human-driven hunts built on over 20 years of experience.
Secure Endpoint makes remediation simpler, and more process driven. With detailed file tracking across every endpoint and correlated with network, email and web activity, you can configure automated file blocking and exploit prevention via analysis results before execution or retrospectively.
We’ve also automated policy actions like taking forensic snapshots, running file analysis, blocking files and domains, and moving entities to a more aggressive protection stance such as network access shutdown or quarantine, meaning your teams have more time to focus on making timely decisions. All of this is brought together into a single view so that you aren’t jumping between consoles when time matters most.
Cisco Talos Intelligence Group is one of the largest commercial threat teams in the world. The researchers, analysts, and engineers of Talos are supported by unrivaled telemetry and sophisticated systems to create accurate, rapid, and actionable threat intelligence for Cisco customers and products.
https://talosintelligence.com
With such a large number of workers operating at the edge, it is a crucial control point that must not be overlooked or thought of as a “box check”. Whether you’re looking to move towards Zero Trust, leverage cloud in your security strategy, or improve detection and response capabilities – Secure Endpoint is an accelerator towards those goals.
Click below to find the security solution that best meets your current goals.
Secure Endpoint and prevention and detection Learn more
Secure Endpoint and advanced EDR functionality Learn more
Secure Endpoint and how to offload Threat Hunting to security experts Learn more
With a single agent approach to security, Cisco Secure Client delivers deeper visibility across their environment – from the cloud to the endpoint – enabling accelerated threat detection, faster response times, and a quicker, easier shift to XDR, Zero Trust and SASE.
The Secure Client:
Secure Endpoint and the Secure Client Learn more
