Cisco Systems is adding a cloud-based extended detection and response (XDR) service to its cybersecurity portfolio, one of a number of product announcements made today at the start of the annual RSA Conference in San Francisco.
Cisco XDR can help investigate events by collecting and analyzing, in real-time, data from a wide range of sources — both Cisco and partner products — and correlating responses, Tom Gillis, the company’s senior vice president and general manager for Cisco Security, said in an interview.
Collected data is pooled in a cloud data lake for processing. The results are displayed on a customer console that displays alerts, where they came from, and other trending data.
There’s no shortage of competitors in the XDR space. A short list includes Palo Alto Networks, Microsoft, Sophos, Cynet, BlackBerry, Trellix, FireEye, Trend Micro and ManageEngine.
“Where we think Cisco really shines is the breadth of our [cybersecurity] portfolio and the fact that we gather native telemetry as well as from email, web, endpoint and the network,” Gillis said.
Through partnerships, he added, Cisco XDR can also gather data from other companies’ endpoint detection and response (EDR) as well as other products.
These include Microsoft Defender for Endpoint, Palo Alto Networks’ Cortex XDR and Next Generation Firewall, Trend Micro Vision One, SentinelOne Singularity, Proofpoint Email Protection and other products. It also integrates with ServiceNow for end-user ticket submissions.
The announcement of Cisco XDR was expected. The company had signaled it was creating an XDR product, even setting up a web page in advance of the announcement. The service is now in beta testing, with product availability set for July. It will be sold by subscription through Cisco partners as well as directly from the company. No pricing was announced today, but Gillis said it will come in two tiers: The base tier connects only to Cisco products, while the second tier adds connectivity to other vendors’ products.
Also today, Cisco said that starting May 1 it will broaden the capabilities of its paid Duo multi-factor authentication line. The Trusted Endpoints capability, which allows only registered or managed devices to access resources, now available only to the Duo Beyond version will be part of all paid Duo versions. The paid versions will also be renamed: Essentials, Advantage and Premier.
Cisco also said it is renaming its VPN AnyConnect client to Cisco Secure Client.
Extended detection and response is unlike a security information and event management (SIEM) platform, Gillis said. A SIEM gathers years of log data for long-term analysis. XDR “creates real-time verdicts and orchestrating a response.”
Separately, at RSA BlackBerry announced upgraded versions of several products, including an overhaul of its Cylance lineup:
— Cylance Endpoint now has a simplified investigation and response workflow with a new extended detection and response (XDR) alert interface. The company said that reduces the volume of alerts by 90 percent;
— Cylance Guard now includes secure critical event management (CEM) capabilities powered by BlackBerry AtHoc. In the event of a cyberattack, Guard customers with the new CEM integration will have secure, multi-channel internal and stakeholder communications for incident response actions, the company said. This provides them with the ability to alert, communicate, and collaborate with both internal and external stakeholders from within Guard, even when the usual communications infrastructure is not available or has been compromised by malicious activity;
— Cylance Edge now streamlines SaaS app connectivity for popular productivity tools, improving collaboration and security for hybrid workforces, now including Google Workspace, the company said. It now also enables secure connectivity for applications hosted on AWS Cloud, improves visibility of how sensitive data is being stored, accessed, and shared, and delivers enhanced zero trust threat detection capabilities;
— Cylance Intelligence gives faster access to contextual threat intelligence to stop breaches, identify a breach that may have occurred, and give security teams insight into who threat actors are, what motivates them, how they operate, and how to take a proactive stance to defend their enterprise.
Finally, BlackBerry UEM, a unified endpoint management product, now provides enhanced visibility to detect multiple embedded SIM cards (eSIMs) in mobile devices and prevents users from introducing risk by adding unmanaged eSIMs. It also allows administrators to wipe eSIMs without impacting end users’ personal devices, extending the ability to separate work and personal environments.