Incident Response

Staying one step ahead of adversaries with Cisco XDR

In the endless arms race that is cybersecurity, the bad guys just keep getting badder. That is, smarter and more sophisticated. And even the ones that aren’t quite as smart have access to advanced tactics, techniques, and weaponized exploits that – just a few years ago - were only available to nation states.

The EternalBlue exploit is one example of what we're up against. Originally developed by the U.S. National Security Agency, it was leaked by a hacker group in 2017. Ever since, it has been all but in the public domain, and continues to be repurposed by cybercriminals and ransomware gangs of all kinds.

For me, the EternalBlue exploit was a “crossing-the-Rubicon" moment. In the same way that the Roman republic was never the same again after Caesar marched his army into Rome, the threat landscape has forever been changed by the public availability of advanced exploits and tactics that were once the domain of only nation-state sponsored adversaries.

Detection AND response. You need both.

Today, email remains the No. 1 threat vector. Most of us can spot those grammatically challenged attempts to get us to click. Generative AI, however, represents a new threat. It gives hackers a way to send ever more deceptive emails and texts. And it can even generate malicious code  at unprecedented speeds with just a few prompts.  

In this constant cat-and-mouse game, defenders must be right 100 percent of the time, while hackers need to be successful just once to breach a network, steal important data, or demand ransom.

The good news is that we defenders are smart, too. Security is a tough challenge, especially in an era of widely distributed apps, clouds, users, and endpoints. But we have great people at Cisco and around the world determined to meet those challenges. Multi-factor authentication, advanced firewalls, and other defenses are proving formidable barriers to hackers.

But the inevitable can still happen. Even with meticulous prevention, almost any organization can suffer a breach. At these times, knowing that it’s happening, pinpointing where, and responding rapidly are critical. As I like to say, “Detection without response is insufficient, but response without detection is impossible.” You need both to be effective.

That’s why I’m super excited about Cisco XDR. Built from the ground up by our team, Cisco takes a holistic integrated approach to detection and response – something that doesn’t exist with isolated point-products.

Simplify security operations, accelerate response, and empower SOC teams

Cisco XDR combines and simplifies existing Cisco product suites while adding a next dimension of security. I believe it’s the best, most innovative offering of its kind.

One reason is because Cisco’s knowledge of and access to the world’s networks is unmatched. Cisco built the network, and no one knows it as well as we do. If you add up every endpoint with Cisco Secure Client (formerly AnyConnect), you are talking over 200 million endpoints. With that footprint, we provide process-level visibility of where the endpoint meets the network, giving insights you won’t see from any other vendor. Start layering in the DNS telemetry we get from Umbrella with the identity and authentication information we get from Duo, and you get a sense of what Cisco can do that no other vendor can.

Our customers include nearly 100 percent of the Fortune 100 and many thousands of other enterprises, small-to-medium business, and public sector organizations. So, our data and telemetry enable vast, sweeping insights into global traffic. And our technology — including highly advanced AI and machine learning — can learn from prior exploits and anticipate what’s coming next, while detecting and analyzing even the most subtle anomalies.   

The result is an innovative, holistic solution enabling rapid response, thanks to automation, orchestrated capabilities, and guided remediation. It’s seamlessly integrated with Cisco’s broad portfolio of security and networking solutions, as well as third-party offerings from the likes of Microsoft and Palo Alto Networks. And it’s accessed through a highly intuitive user interface, developed with insights from SOC operators and outside partners.

With these capabilities, a customer can quickly detect the most advanced threats, isolate them, quarantine them, and get their organization back up and running with little or no downtime.

As we said, today’s adversaries are sophisticated. And even the unsophisticated ones can be armed with sophisticated tools. A single point solution, deployed in isolation, cannot meet the deluge of threats facing organizations today. It takes multiple sources of telemetry, precisely coordinated security analytics and a deep reach into the network to counter advanced threats.

With Cisco XDR, we have done just that. Continue reading to learn more about Cisco XDR.

By AJ Shipley Vice President, Product Management, Threat Detection and Response at Cisco

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.