{"id":89062,"date":"2023-04-25T22:48:09","date_gmt":"2023-04-25T22:48:09","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4073795"},"modified":"2023-04-25T22:48:09","modified_gmt":"2023-04-25T22:48:09","slug":"rsa-cisco-launches-xdr-with-focus-on-platform-based-cybersecurity","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=89062","title":{"rendered":"RSA: Cisco launches XDR, with focus on platform-based cybersecurity"},"content":{"rendered":"<div id>\n<p> Cisco took the stage at RSA 2023 to tout extended detection and response as key to a unified cross-domain security platform, plus new Duo MFA features. <\/p>\n<\/div>\n<div id>\n<figure id=\"attachment_3977475\" aria-describedby=\"caption-attachment-3977475\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-3977475\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/04\/rsa-cisco-launches-xdr-with-focus-on-platform-based-cybersecurity.jpg\" alt=\"Cisco logo on building\" width=\"1400\" height=\"933\"><figcaption id=\"caption-attachment-3977475\" class=\"wp-caption-text\">Image: Tobias Arhelger\/Adobe Stock<\/figcaption><\/figure>\n<p>Day one of RSA 2023 set what is likely to be the week\u2019s thematic tone at the event: Platforms with cross-domain telemetry in the service of security will be the breakthrough tech. The RSA 2023 conference is held April 24-27 in San Francisco.<\/p>\n<p>During a keynote speech on Monday, Cisco\u2019s Jeetu Patel, the executive vice president and general manager of security and collaboration, and Tom Gillis, the senior vice president and general manager of security, explained how and why these platforms will advance security operations center functions.<\/p>\n<p>Find out why extended detection and response was at the center of Cisco\u2019s launch activities at RSA, including the company\u2019s announcement about its cloud-based XDR service.<\/p>\n<p>Jump to:<\/p>\n<h2 id=\"spotlight\">Cisco\u2019s spotlight on XDR at RSA<\/h2>\n<aside class=\"pinbox right\">\n<h3 class=\"heading\">Must-read security coverage<\/h3>\n<\/aside>\n<p>Patel said that cross-domain telemetry, which is the ability to track an exploit in near real-time as it moves across an enterprise\u2019s domains, requires an end-to-end integrated platform because with isolated defenses, \u201cIt\u2019s too hard to spot modern attacks that are in any way delineated from normal behavior,\u201d he said. Patel explained that a platform can see what packages are traversing through networks. The best example of this, he said, is XDR.<\/p>\n<p>\u201cXDR is going to be the talk of the show,\u201d said Gillis. \u201cYou\u2019ll be hard-pressed to find a vendor who is not telling that story.\u201d<\/p>\n<p>He said as it becomes increasingly clear attackers are getting good at user and application behavior, looking at one domain or incident means \u201cyou are only getting half the picture.\u201d In essence, Patel explained, XDR confers the ability to look at high-fidelity data everywhere, whether from email or a PowerShell exploitation.<\/p>\n<h3>XDR is not SIEM<\/h3>\n<p>Gillis explained that XDR serves a different purpose than traditional security information and event management. He said that, while SIEMs are designed to log aggregated events over days or even months, XDR is close to real-time telemetry. Also, while SIEMs look at summary data, XDR looks for highest fidelity data, \u201cevery message, click, process and package,\u201d Gillis said. \u201cThe industry realizes we need more resolution of events than log data.\u201d<\/p>\n<p>He said relying on SIEM data or single domain analytics does not provide visibility and correlation across email, the web, endpoint and the network.<\/p>\n<p>\u201cAnd that last one \u2013 the network \u2013 is probably one of the most overlooked defense tools,\u201d Gillis said.<\/p>\n<p><b>SEE:<\/b> <a href=\"https:\/\/www.techrepublic.com\/article\/frequently-asked-questions-on-extended-detection-and-response\/\">Learn more about XDR in this TechRepublic article<\/a> by Forrester Research.<\/p>\n<h2 id=\"announcements\">Platform-based security announcements about XDR and Duo<\/h2>\n<p>Gillis touted the platform versus multi-vendor approaches to security with this analogy: If you go to a big box store and buy what you think is a home grilling system, and open the box only to discover 1,000 pieces and no manual, you didn\u2019t get what you paid for. You want the grill to be built, integrated and operational. He said that, similarly, a platform approach to security allows for a single, functional framework. \u201cA platform is not a bag of parts, but a system with individual components put together in a coherent way.\u201d<\/p>\n<p>The company\u2019s platform-focused announcements included the following:<\/p>\n<ul>\n<li>Cisco XDR is now in beta, with general availability in July. It is designed to simplify investigating incidents and quicken security operations center response times.<\/li>\n<li>To protect against multifactor authentication attacks, Cisco is offering advanced features in all editions of its Duo MFA platform.<\/li>\n<li>Beginning next month, Cisco is incorporating Trusted Endpoints into all paid Duo editions; it is currently only available in Duo\u2019s highest tier. According to Cisco, Trusted Endpoints allows only registered or managed devices to access resources.<\/li>\n<\/ul>\n<h2 id=\"xdr\">Cisco XDR: A turnkey solution that plays nice with third parties<\/h2>\n<p>Cisco calls the cloud-based XDR service a turnkey, risk-based solution that applies analytics to prioritize detections. The company stated XDR \u201c\u2026moves the focus from endless investigations to remediating the highest priority incidents with evidence-based automation.\u201d<\/p>\n<p>Per Cisco, the security service analyzes six telemetry sources that SOC operators say are critical for an XDR solution: endpoint, network, firewall, email, identity and DNS.<\/p>\n<p>Cisco states that XDR integrates with leading third-party vendors to \u201cshare telemetry, increase interoperability and deliver consistent outcomes regardless of vendor or technology.\u201d These vendors include the following:<\/p>\n<ul>\n<li><b>For endpoint detection and response:<\/b> CrowdStrike Falcon Insight XDR, Cybereason Endpoint Detection and Response, Microsoft Defender for Endpoint, Palo Alto Networks Cortex XDR, SentinelOne Singularity XDR and Trend Micro Vision One.<\/li>\n<li><b>For email threat defense:<\/b> Microsoft Defender for Office 365 and Proofpoint Email Protection.<\/li>\n<li><b>For firewalls:<\/b> Check Point Quantum Network Security and Palo Alto Networks Next-Generation Firewalls.<\/li>\n<li><b>For network detection and response:<\/b> Darktrace DETECT, Darktrace RESPOND and Darktrace ExtraHop Reveal(x).<\/li>\n<li><b>For SIEM:<\/b> Microsoft Sentinel.<\/li>\n<\/ul>\n<p> <!-- default newsletter at the end --> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Cisco took the stage at RSA 2023 to tout extended detection and response as key to a unified cross-domain security platform, plus new Duo MFA features. Image: Tobias Arhelger\/Adobe Stock Day one of RSA 2023 set what is likely to be the week\u2019s thematic tone at the event: Platforms with cross-domain telemetry in the service [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":89063,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29,40,783,56,287],"tags":[],"class_list":["post-89062","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cisco","category-cloud","category-cloudsync","category-cybersecurity","category-security"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/89062","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=89062"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/89062\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/89063"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=89062"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=89062"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=89062"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}