An open integration method for prolonged detection and response (XDR) empowers organizations to harness the complete potential of their safety ecosystems. This open method offers safety analysts with the agility to leverage the very best instruments and entry the very best data to guard their specific environments. This not solely will increase crew effectivity but in addition the pace at which they will react to potential threats and reduces dwell time. Cisco XDR stands out on this enviornment by providing unmatched integration capabilities with not solely Cisco options however a broad array of third-party instruments. This isn’t a one-and-done endeavor — it requires fixed planning and execution from dedicated product administration and growth groups, including new and enhancing present integrations.
To this point, we now have seen robust demand for this method and greater than 900 organizations worldwide now leverage Cisco XDR to guard the integrity of their IT infrastructure. A part of the rationale for this broad attraction is that we meet safety practitioners the place they’re, permitting them to get most worth from the folks and the instruments that they have already got. That functionality is, after all, predicated on our means to work with these instruments, no matter vendor.
Within the final six months, Cisco XDR has added or considerably enhanced 21 integrations with merchandise from Cisco and ten totally different third-party technical companions, sharing telemetry and safety detections whereas rising interoperability to ship highly effective outcomes in minutes as an alternative of days.
The brand new integrations align primarily with 5 product areas – Endpoint Detection and Response (EDR), E mail Risk Protection, Community Detection and Response (NDR), Subsequent-Era Firewall (NGFW), and Safety Info and Occasion Administration (SIEM) – which are crucial for Safety Operations Middle (SOC) operators. In addition they embrace different key safety and collaboration instruments to deepen the understanding of safety operators and incident responders whereas rising crew effectivity and decreasing dwell time. The capabilities these integrations ship to Cisco XDR embrace:
- Incident Detection — If the software captures system or community telemetry, or detects security-relevant actions or occasions, Cisco XDR can ingest that data into the pool of knowledge for evaluation, or put these detections into the shopper’s mixed incident queue, so the menace could be neutralized utilizing the complete breadth of Cisco XDR’s incident response instruments.
- Safety Controls and Response — If the software manages entry to methods, networks, information, or different organizational property, Cisco XDR allows responders and operators want to have the ability to leverage these capabilities to guard these property from identified and unknown threats, each reactively and proactively (e.g. clicking a button in Cisco XDR that blocks an IP by setting a brand new rule on a firewall).
- Risk Investigation — If the software has details about menace artifacts, whether or not it’s gleaned from inside the buyer atmosphere (e.g. DNS logs exhibiting communication with a identified C&C) or from menace intelligence instruments like a malware sandbox or botnet tracker (e.g. discovering out the main points of the malware that seemingly initiated the connection), Cisco XDR can ingest that data. This may be crucial to a company’s have to be knowledgeable about present and potential future threats in significant ways in which drive optimum defenses.
- Collaboration — If the crew is already utilizing any of the highest chat or collaboration instruments, Cisco XDR can be a part of and even create channels to publish details about new or up to date incidents and might even take instructions and current the outcomes by way of these channels.
- Automation — All of the above safety outcomes, and extra, could be leveraged by Cisco XDR in each automated and semi-automated methods to drive quicker response instances to a wide range of threats and circumstances.
All these crucial capabilities are carried out by each SOC. Cisco XDR helps these groups make higher use of the instruments that drive these capabilities by offering a typical framework from which to leverage every product’s particular contributions. The extra instruments our prospects can leverage in that context, the smoother and quicker their efficiency shall be.
Open > Native
For that cause, since inception, Cisco XDR has adopted an Open XDR philosophy, or to be extra exact, Hybrid XDR. With Cisco’s broad portfolio of top-tier safety instruments, we might have gone the Native XDR route and require prospects to purchase the Cisco stack to get any cheap quantity of XDR outcomes. Nevertheless, that will not be in the very best pursuits of consumers who pursue a best-of-breed method, worth vendor range, or are within the technique of migrating to Cisco safety suites however need to get the advantages of XDR proper now.
Cisco XDR has open and documented protocols primarily based on business requirements. Now we have open and documented RESTful APIs with API prototyping instruments constructed into the product. It’s our purpose to not solely provide a big selection of out-of-the-box integrations, however to permit our companions and prospects to simply add their very own integrations, making their merchandise and even bespoke in-house instruments XDR-capable.
Speed up Velocity with Excessive Confidence
For that cause, final 12 months we launched a program for Cisco Verified integrations. These integrations are written by trusted Cisco companions to deliver their merchandise into the Cisco XDR ecosystem and are vetted by Cisco XDR Engineering and High quality Assurance groups previous to launch. You’ll be able to see the authorship particulars of all integrations on the Administration/Integrations web page.
Based mostly partially on the effectivity pushed by these capabilities, the most recent listing of recent or upgraded Cisco XDR integrations consists of some integrations that have been written by Cisco, and a few by our companions. The deliveries within the first half of the Cisco fiscal 12 months (August 2024 to January 2025) embrace:
- Utility, Id and Machine Administration: Cisco Safe Entry, Jamf Professional, Microsoft Intune
- Cloud Detection and Response: Cisco Safe DDoS Safety, Cisco Safe WAF
- EDR: SentinelOne Singularity
- E mail Safety: Microsoft Defender for Office365
- Enterprise Backup: Rubrik
- IT Service Administration (ITSM): ServiceNow
- NDR: Cisco Safe Community Analytics, NETSCOUT Omnis Cyber Intelligence (OCI)
- NGFW: Cisco Meraki MX, Palo Alto Networks
- SIEM: Cisco Splunk Cloud
- Vulnerability Administration: Cisco Vulnerability Administration (CVM) — previously Kenna
- Different: Endace, our first integration with a packet seize product
Keep tuned for future bulletins about extra integrations, together with from Secure Safety and lots of extra!
For extra data on the present listing of supported integrations, go to the Cisco XDR Integrations web page.
In case your cybersecurity firm wish to construct an integration with Cisco XDR, please contact the alliance crew at partnering-csta@cisco.com.
We’d love to listen to what you assume. Ask a Query, Remark Under, and Keep Linked with Cisco Safe on social!
Cisco Safety Social Channels
Share:
