Cisco took the stage at RSA 2023 to tout prolonged detection and response as key to a unified cross-domain safety platform, plus new Duo MFA options.
Day one in every of RSA 2023 set what’s more likely to be the week’s thematic tone on the occasion: Platforms with cross-domain telemetry within the service of safety would be the breakthrough tech. The RSA 2023 convention is held April 24-27 in San Francisco.
During a keynote speech on Monday, Cisco’s Jeetu Patel, the manager vp and common supervisor of safety and collaboration, and Tom Gillis, the senior vp and common supervisor of safety, defined how and why these platforms will advance safety operations heart features.
Find out why prolonged detection and response was on the heart of Cisco’s launch actions at RSA, together with the corporate’s announcement about its cloud-based XDR service.
Jump to:
Cisco’s highlight on XDR at RSA
Patel mentioned that cross-domain telemetry, which is the power to trace an exploit in close to real-time because it strikes throughout an enterprise’s domains, requires an end-to-end built-in platform as a result of with remoted defenses, “It’s too hard to spot modern attacks that are in any way delineated from normal behavior,” he mentioned. Patel defined {that a} platform can see what packages are traversing by way of networks. The greatest instance of this, he mentioned, is XDR.
“XDR is going to be the talk of the show,” mentioned Gillis. “You’ll be hard-pressed to find a vendor who is not telling that story.”
He mentioned because it turns into more and more clear attackers are getting good at person and software conduct, one area or incident means “you are only getting half the picture.” In essence, Patel defined, XDR confers the power to take a look at high-fidelity knowledge all over the place, whether or not from electronic mail or a PowerShell exploitation.
XDR is just not SIEM
Gillis defined that XDR serves a unique objective than conventional safety data and occasion administration. He mentioned that, whereas SIEMs are designed to log aggregated occasions over days and even months, XDR is near real-time telemetry. Also, whereas SIEMs have a look at abstract knowledge, XDR seems for highest constancy knowledge, “every message, click, process and package,” Gillis mentioned. “The industry realizes we need more resolution of events than log data.”
He mentioned counting on SIEM knowledge or single area analytics doesn’t present visibility and correlation throughout electronic mail, the net, endpoint and the community.
“And that last one – the network – is probably one of the most overlooked defense tools,” Gillis mentioned.
SEE: Learn extra about XDR on this TechRepublic article by Forrester Research.
Platform-based safety bulletins about XDR and Duo
Gillis touted the platform versus multi-vendor approaches to safety with this analogy: If you go to a giant field retailer and purchase what you assume is a house grilling system, and open the field solely to find 1,000 items and no handbook, you didn’t get what you paid for. You need the grill to be constructed, built-in and operational. He mentioned that, equally, a platform strategy to safety permits for a single, practical framework. “A platform is not a bag of parts, but a system with individual components put together in a coherent way.”
The firm’s platform-focused bulletins included the next:
- Cisco XDR is now in beta, with common availability in July. It is designed to simplify investigating incidents and quicken safety operations heart response instances.
- To defend towards multifactor authentication assaults, Cisco is providing superior options in all editions of its Duo MFA platform.
- Beginning subsequent month, Cisco is incorporating Trusted Endpoints into all paid Duo editions; it’s presently solely out there in Duo’s highest tier. According to Cisco, Trusted Endpoints permits solely registered or managed gadgets to entry assets.
Cisco XDR: A turnkey answer that performs good with third events
Cisco calls the cloud-based XDR service a turnkey, risk-based answer that applies analytics to prioritize detections. The firm acknowledged XDR “…moves the focus from endless investigations to remediating the highest priority incidents with evidence-based automation.”
Per Cisco, the safety service analyzes six telemetry sources that SOC operators say are vital for an XDR answer: endpoint, community, firewall, electronic mail, id and DNS.
Cisco states that XDR integrates with main third-party distributors to “share telemetry, increase interoperability and deliver consistent outcomes regardless of vendor or technology.” These distributors embody the next:
- For endpoint detection and response: CrowdStrike Falcon Insight XDR, Cybereason Endpoint Detection and Response, Microsoft Defender for Endpoint, Palo Alto Networks Cortex XDR, SentinelOne Singularity XDR and Trend Micro Vision One.
- For electronic mail risk protection: Microsoft Defender for Office 365 and Proofpoint Email Protection.
- For firewalls: Check Point Quantum Network Security and Palo Alto Networks Next-Generation Firewalls.
- For community detection and response: Darktrace DETECT, Darktrace RESPOND and Darktrace ExtraHop Reveal(x).
- For SIEM: Microsoft Sentinel.