Cisco released a new cybersecurity threat detection solution from Cisco Extended Detection and Response (XDR). What are the sophistication?
This new XDR solution from Cisco includes features for Duo multi-factor authentication (MFA), which aim to help companies better protect their information technology ecosystem.
Cisco XDR is currently in beta, and will be available in July 2023 simplifying security incident investigations and enabling security operations centers to address threats.
The solution leverages cloud services and applies analytics to prioritize detection and shift the focus from investigation to addressing security incidents with security priority, which is done using evidence-based automation.
"The threat landscape is complex and constantly evolving. Detection without response is not enough, while response without detection is impossible. With Cisco XDR, security operations teams can respond and address threats before they have a chance to cause significant damage," said Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco, in a statement we received, Friday (5/5/2023).
Cisco XDR focuses on telemetry-centric data and delivers results in minutes. The solution natively analyzes and correlates six telemetry sources that Security Operations Center (SOC) operators find critical to XDR solutions: device, network, firewall, email, identity, and DNS.
This technology leverages insights from the 200 million devices secured with the Cisco Secure Client, formerly AnyConnect, to provide process-level visibility as devices encounter the network.
In addition to Cisco native telemetry, Cisco XDR integrates with leading third-party vendors to share telemetry, improve interoperability, and deliver consistent results regardless of vendor or technology. Built-in features and functionality when the product is generally available include:
Endpoint Detection and Response (EDR): CrowdStrike Falcon Insight XDR, Cybereason Endpoint Detection and Response, Microsoft Defender for Endpoint, Palo Alto Networks Cortex XDR, SentinelOne Singularity, Trend Vision One
Email Threat Defense: Microsoft Defender for Office, Proofpoint Email Protection
Next-Generation Firewall (NGFW): Check Point Quantum, Palo Alto Networks Next-Generation Firewall
Network Detection and Response (NDR): Darktrace Detect and Darktrace Respond, ExtraHop Reveal(x)
Security Information and Event Management (SIEM): Microsoft Sentinel
Important aspects of access management have also become a major focus for Cisco, as attackers are now increasingly targeting loopholes in weak MFA implementations.
This is why, starting May 1, Cisco is adding Trusted Endpoints to all of its paid Duo Editions. Previously only available on the highest tier of Duo, Trusted Endpoints allow only enrolled or managed devices to access resources.
By bringing in Trusted Endpoints, along with Single Sign On, MFA, Passwordless, and Verified Push in the entry-level edition of Duo Essentials, Cisco provides the most secure, cost-effective, and easy-to-use access management solution on the market.