When I was growing up — as was typical for the times (I am dating myself, I know) — my parents balanced their checkbooks and used spreadsheets to track their bills and expenses. Times have certainly changed. The online personal finance platform Mint.com arguably paved the way for a new market to make money management a simpler and more efficient experience. Mint was borne from the constant juggle of keeping track of a multitude of bank accounts, credit cards, loans, and investment accounts. In aggregating a user’s portfolio of accounts into one platform and providing alert notifications for upcoming bills or overspending in particular categories, Mint has made it simpler to stay on top of your bills and provide budget analysis (including flagging anomalies) to help you more effectively meet financial goals.
But how does online personal finance relate to security? Well, XDR is the new buzz in the world of security operation technologies. It seems a logical next step after EDR (Endpoint Detection and Response) and the advent of SIEM and SOAR technologies. EDR technology provides advanced threat protection and faster response at the endpoint level. SIEM (Security Information and Event Management) solutions tackle data aggregation, analytics, and log storage of security threats and events. SOAR (Security Orchestration, Automation, and Response) tools provides security operations with API integration and automation.
XDR (Extended Detection and Response) recently came about for more complete detection and response than EDR solutions alone, to not only give customers unified visibility beyond the endpoints, but also to address the complexity problem in security that persist with SIEMs and SOARs. Gartner defines XDR as “a unified security incident detection and response platform that automatically centralizes and correlates data from many proprietary security elements”. ESG also notes that XDR solutions also often include SOAR-like capabilities.
But hold on – is XDR really that new? Perhaps it is to other vendors, but Cisco has been doing extended detection and response for about two years now. SecureX threat response, 10,000+ customers strong, has had XDR capabilities before the term “XDR” became the new buzz. Imagine that! It’s not unlike how Mint was an online personal finance platform before it became a market category.
In 2018, we had an ambitious goal of accelerating investigations and incident response with products that work together. So, we developed (what is now known as) SecureX threat response to simplify security operations by integrating the many disparate security tools across your control points into one console for faster threat hunting and incident response. Threat response aggregates, correlates and queries global intel and local context to understand the impact of a threat across your environment, then take first-strike response(s) – all in one console. My previous blog in May discussed how our threat response application evolved to become a key component of SecureX – our expanded cloud-native, built-in platform that simplifies security through integrations, unifies visibility across your environment, and maximizes efficiency through automation. Now we can safely say that SecureX matches – and goes beyond – the core capabilities touted by XDR solutions.
Matching XDR solutions, the SecureX platform integrates technology together with true turnkey interoperability – whether Cisco security products or third parties – for extended detection and response beyond the endpoint to also the network, cloud edge, and applications with firewall, analytics, email security, user authentication, and more security technologies. Also matching XDR, SecureX centralizes and normalizes data from integrated products for analysis and query.
SecureX goes beyond what an XDR offers with more meaningful integrations, simpler orchestration, and broader use cases to advance your organization’s security maturity and maintain compliance.
- Simplicity. SecureX threat response has provided a simplified experience for two years accelerating threat investigations and remediation. This simplicity tenet now carries over into the SecureX user experience and other capabilities. Every Cisco Secure customer is entitled to SecureX – meaning there is no separate licensing or additional technology layer.
- Visibility. Pull in data from across your security products and infrastructure into SecureX without the expensive requirement to centrally store it in a data lake. SecureX then normalizes and correlates it – all in one view via the customizable dashboard while also maintaining context with single sign-on and the ribbon across your products. SecureX’s third party integrations are without limitations, providing a connected backend and consistent frontend experience.
- Efficiency. Automate routine tasks and eliminate friction in your processes with SecureX orchestration pre-built workflows or no-/low-code approach to building your own workflows. SecureX and the breadth of Cisco Secure portfolio is a powerful advantage for the sharing of telemetry and context in a consistent user experience, and all backed by global Talos threat intelligence. This capability enables SOAR-like outcomes to deliver greater time savings and collaboration across SecOps, NetOps, and ITOps.
If you’re a Cisco Secure customer, start using SecureX today to increase time savings and reduce costs. Like Mint users who can’t imagine managing their finances without the app, SecureX users similarly cannot go back to operating their security ecosystem with multiple, siloed tools and consoles. Unlike typical XDR solutions that can come with a hefty price tag (though not a million dollars…), SecureX won’t break the bank since it is a fundamental right with every Cisco Secure product. If you’re not yet a customer, evaluate our Cisco Secure products – endpoint, email, firewall, network analytics , cloud security, and more – with a built-in SecureX experience. Also like Mint, which helps customers whether they have one financial account or 15, SecureX is for security teams of any size and maturity — whether you’re simplifying your existing SIEM or SOAR tools by better connecting them to your control points using XDR capabilities, or if you don’t have the time or talent for those tools, simply benefiting from integrated products with built-in XDR capabilities.
Learn more about SecureX at cisco.com/go/securex, watch the demo video, or get started at security.cisco.com.
Share:
Leave a Reply