Cisco is taking its first major step into Extended Detection and Response (XDR) with a SaaS-delivered integrated system of endpoint, network, firewall, email and identity software aimed at protecting enterprise resources.
Cisco’s XDR service, which will be available July, brings together myriad Cisco and third-party security products to control network access, analyze incidents, remediate threats, and automate response all from a single cloud-based interface. The offering gathers six telemetry sources that Security Operations Center (SOC) operators say are critical for an XDR solution: endpoint, network, firewall, email, identity, and DNS, Cisco stated.
The third-party products include support for Microsoft Defender for Endpoint and Office, Palo Alto Networks Cortex XDR and its Next-Generation Firewall, Trend Micro Vision One, SentinelOne Singularity, and ExtraHop Reveal. The service also supports security information and event management (SIEM) systems including Microsoft Sentinel Zero Trust and Access Management
“Despite the wide adoption of all of the security point solutions out there, customers are finding cybersecurity incidents—in particular ransomware cases which are growing uncontrollably—are getting through the defenses, but when you bring together these tools under one system that can look at email, web traffic, access control and other metrics with analytics, telemetry, and other tools in one place that’s where customers will see a clearer picture of security patterns emerge,” said Tom Gillis, senior vice president and general manager of Cisco’s Security Business Group.
The idea is to enable security teams to detect threats and remediate them before they have a chance to cause