RSA Conference 2023: Cisco getting into XDR, Blackberry revamps Cylance lineup

Cisco Systems is adding a cloud-based extended detection and response (XDR) service to its cybersecurity portfolio, one of a number of product announcements made today at the start of the annual RSA Conference in San Francisco.

Cisco XDR can help investigate events by collecting and analyzing, in real-time, data from a wide range of sources — both Cisco and partner products — and correlating responses, Tom Gillis, the company’s senior vice president and general manager for Cisco Security, said in an interview.

Collected data is pooled in a cloud data lake for processing. The results are displayed on a customer console that displays alerts, where they came from, and other trending data.

Screen shot of Cisco Systems' XDR Control Centre
Screen shot of Cisco Systems’ XDR Control Centre

There’s no shortage of competitors in the XDR space. A short list includes Palo Alto Networks, Microsoft, Sophos, Cynet, BlackBerry, Trellix, FireEye, Trend Micro and ManageEngine.

“Where we think Cisco really shines is the breadth of our [cybersecurity] portfolio and the fact that we gather native telemetry as well as from email, web, endpoint and the network,” Gillis said.

Through partnerships, he added, Cisco XDR can also gather data from other companies’ endpoint detection and response (EDR) as well as other products.

These include Microsoft Defender for Endpoint, Palo Alto Networks’ Cortex XDR and Next Generation Firewall, Trend Micro Vision One, SentinelOne Singularity, Proofpoint Email Protection and other products. It also integrates with ServiceNow for end-user ticket submissions.

The announcement of Cisco XDR was expected. The company had signaled it was creating an XDR product, even setting up a web page in advance of the announcement. The service is now in beta testing, with product availability set for July. It will be sold by subscription through Cisco partners as well as directly from the company. No pricing was announced today, but Gillis said it will come in two tiers: The base tier connects only to Cisco products, while the second tier adds connectivity to other vendors’ products.

Also today, Cisco said that starting May 1 it will broaden the capabilities of its paid Duo multi-factor authentication line. The Trusted Endpoints capability, which allows only registered or managed devices to access resources, now available only to the Duo Beyond version will be part of all paid Duo versions. The paid versions will also be renamed: Essentials, Advantage and Premier.

Cisco also said it is renaming its VPN AnyConnect client to Cisco Secure Client.

Extended detection and response is unlike a security information and event management (SIEM) platform, Gillis said. A SIEM gathers years of log data for long-term analysis. XDR “creates real-time verdicts and orchestrating a response.”

Separately, at RSA BlackBerry announced upgraded versions of several products, including an overhaul of its Cylance lineup:

Cylance Endpoint now has a simplified investigation and response workflow with a new extended detection and response (XDR) alert interface. The company said that reduces the volume of alerts by 90 percent;

Cylance Guard now includes secure critical event management (CEM) capabilities powered by BlackBerry AtHoc. In the event of a cyberattack, Guard customers with the new CEM integration will have secure, multi-channel internal and stakeholder communications for incident response actions, the company said. This provides them with the ability to alert, communicate, and collaborate with both internal and external stakeholders from within Guard, even when the usual communications infrastructure is not available or has been compromised by malicious activity;

Cylance Edge now streamlines SaaS app connectivity for popular productivity tools, improving collaboration and security for hybrid workforces, now including Google Workspace, the company said. It now also enables secure connectivity for applications hosted on AWS Cloud, improves visibility of how sensitive data is being stored, accessed, and shared, and delivers enhanced zero trust threat detection capabilities;

Cylance Intelligence gives faster access to contextual threat intelligence to stop breaches, identify a breach that may have occurred, and give security teams insight into who threat actors are, what motivates them, how they operate, and how to take a proactive stance to defend their enterprise.

Finally, BlackBerry UEM, a unified endpoint management product, now provides enhanced visibility to detect multiple embedded SIM cards (eSIMs) in mobile devices and prevents users from introducing risk by adding unmanaged eSIMs. It also allows administrators to wipe eSIMs without impacting end users’ personal devices, extending the ability to separate work and personal environments.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now