Cisco XDR 2024 Cisco XDR 2024 Cisco XDR 2024
MichaelLee15927
86 views
25 slides
Mar 08, 2025
Slide 1 of 25
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
About This Presentation
Cisco XDR 2024
Slide Content
Security Operations Simplified
Cisco XDR
Cisco XDR
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Alert fatigue
is worse
Everyone is
an insider
Attacks start
from anywhere
+30%
of all incidents
involved stolen
credentials or
malicious insiders
45%
of breaches occurred
in the cloud, and 19%
due to a compromise
at a business partner
37%
of IT and SecOps pros
say swelling alert
volume, complexity
increases job difficulty
22%
increase in the
average cost of a data
breach where hybrid
work was a factor
Expanding
attack surface
In a hybrid, multi-vendor, multi-vector universe
Alert fatigue
is worse
Everyone is
an insider
Attacks start
from anywhere
+30%
of all incidents
involved stolen
credentials or
malicious insiders
45%
of breaches occurred
in the cloud, and 19%
due to a compromise
at a business partner
37%
of IT and SecOps pros
say swelling alert
volume, complexity
increases job difficulty
22%
increase in the
average cost of a data
breach where hybrid
work was a factor
Expanding
attack surface
In a hybrid, multi-vendor, multi-vector universe
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Tactics, Techniques and
Procedures (TTPs) that
once only impacted
nation-states are
now being used by
every-day attackers
Tactics, Techniques and
Procedures (TTPs) that
once only impacted
nation-states are
now being used by
every-day attackers
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Are everyone’s
problem now
Are everyone’s
problem now
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
To address the
threats of
tomorrow,
we need to change
how we look at
detection and
response today
To address the
threats of
tomorrow,
we need to change
how we look at
detection and
response today
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
The XDR promise
Application of analytics to the
collected and homogenized
data to arrive at a detection
of maliciousness
Response and remediation
of that maliciousness
Collection of telemetry
from multiple security tools
The XDR promise
Application of analytics to the
collected and homogenized
data to arrive at a detection
of maliciousness
Response and remediation
of that maliciousness
Collection of telemetry
from multiple security tools
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Adversary:
Turla
// Nicknames
Snake
Venomous Bear
Uroburos
Group 88
Waterbug
Adversary:
Turla
// Nicknames
Snake
Venomous Bear
Uroburos
Group 88
Waterbug
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Stop advanced threats like ransomware
Most attacks use a sequence like this…
A well-tailored
and personalized
email causes a
user to click…
DNS
Which goes to
a questionable
web site…
Which leads to a
strange process
being created
locally on the
user’s device…
That process will
connect to
another machine
or directly to
their data
Email
T1566: Spear phishing
T1189: Drive-by Compromise
T1055: Process Injection
T1087: Account Discovery: Domain Account
T1570: Lateral Tool Transfer
T1048: System Network Connections Discovery
Vendor A Vendor C Vendor DVendor E Vendor G
Stop advanced threats like ransomware
Most attacks use a sequence like this…
A well-tailored
and personalized
email causes a
user to click…
DNS
Which goes to
a questionable
web site…
Which leads to a
strange process
being created
locally on the
user’s device…
That process will
connect to
another machine
or directly to
their data
T1566: Spear phishing
T1189: Drive-by Compromise
T1055: Process Injection
T1087: Account Discovery: Domain Account
T1570: Lateral Tool Transfer
T1048: System Network Connections Discovery
Vendor A Vendor C Vendor DVendor E Vendor G
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Cisco XDR
You need a solution that sees deeply across the entire attack chain
Anatomy of a real attack (Turla)
Built on the Cisco Security Cloud platform
Most attacks use a sequence like this…
DNS Email
Cisco XDR
You need a solution that sees deeply across the entire attack chain
Anatomy of a real attack (Turla)
Built on the Cisco Security Cloud platform
Most attacks use a sequence like this…
DNS Email
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Lesson from Turla
Only an effective XDR solution can adapt to the
changing nature of the threat
Security tools need to focus
on the attacker
Turn potential false positives
into validated incidents
Focus on initial compromise,
lateral movement,
privilege escalation and
data exfiltration
Lesson from Turla
Only an effective XDR solution can adapt to the
changing nature of the threat
Security tools need to focus
on the attacker
Turn potential false positives
into validated incidents
Focus on initial compromise,
lateral movement,
privilege escalation and
data exfiltration
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Your Infrastructure
SIEM/SOAROthers
3
rd
party toolsIntelligence
Cisco
ApplicationsCloud
Network Endpoint
Your SOC
CISO
SecOps
Analyst
Incident
responder
Clear
prioritization
Streamlined
investigations
Automation and
response guidance
Open and
extensible
Built on the Cisco security platform
Email
Identity
Simplify with Cisco XDR
Your Infrastructure
SIEM/SOAROthers
3
rd
party toolsIntelligence
Cisco
ApplicationsCloud
Network Endpoint
Your SOC
CISO
SecOps
Analyst
Incident
responder
Clear
prioritization
Streamlined
investigations
Automation and
response guidance
Open and
extensible
Built on the Cisco security platform
Identity
Simplify with Cisco XDR
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Detect
the most
sophisticated threats
•Multi-vector detection:
network, cloud, endpoint,
email, and more
•Enriched incidents with
asset insights, threat intel
•Optimized for
multi-vendor environments
Build
resilience
•Close security gaps
•Anticipate what’s next
through actionable intel
•Get stronger, everyday
with continuous,
quantifiable improvement
Act on
what truly matters,
faster
•Prioritize threats by
greatest material risk
•Unified context to
streamline investigations
•Evidence-backed
recommendations
Elevate productivity
•Focus on what matters and
filter out the noise
•Boost limited resources for
maximum value
•Automate tasks and focus
on, strategic tasks
The Cisco approach to XDR
Detect more, act faster, elevate productivity, build resilience
Detect
the most
sophisticated threats
•Multi-vector detection:
network, cloud, endpoint,
email, and more
•Enriched incidents with
asset insights, threat intel
•Optimized for
multi-vendor environments
Build
resilience
•Close security gaps
•Anticipate what’s next
through actionable intel
•Get stronger, everyday
with continuous,
quantifiable improvement
Act on
what truly matters,
faster
•Prioritize threats by
greatest material risk
•Unified context to
streamline investigations
•Evidence-backed
recommendations
Elevate productivity
•Focus on what matters and
filter out the noise
•Boost limited resources for
maximum value
•Automate tasks and focus
on, strategic tasks
The Cisco approach to XDR
Detect more, act faster, elevate productivity, build resilience
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Shift the focus to outcomes
XDR-driven outcomes
Prioritize
by impact
Speed up
investigations
Accelerate
response
How fast can we
confidently respond?
How much can
SecOps automate?
Are we quantifiably
getting better?
How quickly are we able
to understand thefull
scope and entry
vectors of attacks?
Are we prioritizing
the attacks that
represent the largest
material impacts to
our business?
Detect
sooner
Where are we
most exposed
to risk?
How good are we
at detecting
attacks early?
Shift the focus to outcomes
XDR-driven outcomes
Prioritize
by impact
Speed up
investigations
Accelerate
response
How fast can we
confidently respond?
How much can
SecOps automate?
Are we quantifiably
getting better?
How quickly are we able
to understand thefull
scope and entry
vectors of attacks?
Are we prioritizing
the attacks that
represent the largest
material impacts to
our business?
Detect
sooner
Where are we
most exposed
to risk?
How good are we
at detecting
attacks early?
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Key XDR use cases
Prioritized incident response
Focus on the most critical security
events for immediate attention
On-demand threat hunting
Reduce the time between intrusion
and discovery of attackers
Key XDR use cases
Prioritized incident response
Focus on the most critical security
events for immediate attention
On-demand threat hunting
Reduce the time between intrusion
and discovery of attackers
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Leveraging the Cisco security cloud
Combining core capabilities including a frictionless experience, open and extensible ecosystem,
and AI-driven automation
Delivering XDR to meet you where you are
Cisco
XDR
Secure
Network Analytics
Cisco networking
Cisco Secure Firewall
Third-party
networking
Network
User/
endpoint
Cloud
Application
& identity
Secure Endpoint
Secure Client
Email threat defense
Cisco Vulnerability
Management
Third-partyendpoint
Cisco Duo
Cisco Identity Services
Engine
Cisco Orbital
Cisco Secure Web Appliance
Cisco Umbrella
Third-partyidentity
Cisco Attack Surface
Management
Cisco Defense
Orchestrator
Cisco Secure Workload
Public cloud logs
Third-party cloud
Services: Talos Incident Response | Cisco Technical Security Assessments
Leveraging the Cisco security cloud
Combining core capabilities including a frictionless experience, open and extensible ecosystem,
and AI-driven automation
Delivering XDR to meet you where you are
Cisco
XDR
Secure
Network Analytics
Cisco networking
Cisco Secure Firewall
Third-party
networking
Network
User/
endpoint
Cloud
Application
& identity
Secure Endpoint
Secure Client
Email threat defense
Cisco Vulnerability
Management
Third-partyendpoint
Cisco Duo
Cisco Identity Services
Engine
Cisco Orbital
Cisco Secure Web Appliance
Cisco Umbrella
Third-partyidentity
Cisco Attack Surface
Management
Cisco Defense
Orchestrator
Cisco Secure Workload
Public cloud logs
Third-party cloud
Services: Talos Incident Response | Cisco Technical Security Assessments
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Prioritizing threats based on
impact to the business
Cisco Talos
Unrivaled, actionable intelligence for known and
emerging threats. Identifies tactics, techniques,
and procedures (TTPs) used
Firewall
Telemetry
Endpoint
Telemetry
Cloud
Telemetry
Network
Telemetry
Apps/Email
Telemetry
Strategic integrations to deliver customer outcomes
*
Coming soon
Microsoft Defender
for Endpoint
Microsoft Defender
for Office 365
Prioritizing threats based on
impact to the business
Cisco Talos
Unrivaled, actionable intelligence for known and
emerging threats. Identifies tactics, techniques,
and procedures (TTPs) used
Firewall
Telemetry
Endpoint
Telemetry
Cloud
Telemetry
Network
Telemetry
Apps/Email
Telemetry
Strategic integrations to deliver customer outcomes
*
Coming soon
Microsoft Defender
for Endpoint
Microsoft Defender
for Office 365
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Easy to buy tiers for Cisco XDR
Cisco XDR
Essentials
Cisco XDR
Advantage
Cisco XDR
Premier
Full featured XDR
Native integration
of the Cisco security
portfolio enabling
analysts to detect and
respond to the most
sophisticated threats,
plus a repository for
data ingest and
retention
Full featured XDR
+
Commercially supported
and curated integrations
with select third-party
security solutions
Full featured XDR
+
Third-party integrations
+
Cisco Secure Managed
Detection and Response
+
Cisco Talos
Incident Response
+
Cisco Technical
Security Assessment
Easy to buy tiers for Cisco XDR
Cisco XDR
Essentials
Cisco XDR
Advantage
Cisco XDR
Premier
Full featured XDR
Native integration
of the Cisco security
portfolio enabling
analysts to detect and
respond to the most
sophisticated threats,
plus a repository for
data ingest and
retention
Full featured XDR
+
Commercially supported
and curated integrations
with select third-party
security solutions
Full featured XDR
+
Third-party integrations
+
Cisco Secure Managed
Detection and Response
+
Cisco Talos
Incident Response
+
Cisco Technical
Security Assessment
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Cisco Talos
Incident Response
Cisco Technical
Security Assessments
MDR powered by Cisco XDR provides:
•24x7x365 global security monitoring
•Unmatched Cisco expertise
•Quarterly threat briefings
•Dedicated portal
•Threat advisories with MXDR Portal
Knowledge Base access
•Third-party integration management
CTSA provides:
•Threat Modelling
•Penetration Testing (Pen Testing)
•Red Teaming
•Security Architecture Assessments
•Application Security Assessments
•Security Operations Assessments
•DevOps Assessments
•Build / Configuration Reviews
Talos IR provides:
•Full suite of proactive and
emergency services
•Incident response expertise
•Swift action
•Intelligence-enriched analysis
Cisco Secure Managed
Detection and
Response
Cisco XDR Premier: MDR + Talos IR + CTSA
Cisco Talos
Incident Response
Cisco Technical
Security Assessments
MDR powered by Cisco XDR provides:
•24x7x365 global security monitoring
•Unmatched Cisco expertise
•Quarterly threat briefings
•Dedicated portal
•Threat advisories with MXDR Portal
Knowledge Base access
•Third-party integration management
CTSA provides:
•Threat Modelling
•Penetration Testing (Pen Testing)
•Red Teaming
•Security Architecture Assessments
•Application Security Assessments
•Security Operations Assessments
•DevOps Assessments
•Build / Configuration Reviews
Talos IR provides:
•Full suite of proactive and
emergency services
•Incident response expertise
•Swift action
•Intelligence-enriched analysis
Cisco Secure Managed
Detection and
Response
Cisco XDR Premier: MDR + Talos IR + CTSA
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Learn more at cisco.com/go/xdr
Is your attack surface adequately
protected against emerging threats?
See Cisco XDR in Action
Guided Demo
Video Overview of
Cisco XDR
Learn more at cisco.com/go/xdr
Is your attack surface adequately
protected against emerging threats?
See Cisco XDR in Action
Guided Demo
Video Overview of
Cisco XDR
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Cisco XDR license tiers
+ Security Analytics and Correlation
+ Threat Intelligence
+ Threat Hunting
+ Response Actions
+ Incident Prioritization
+ Incident Management
+ Case Prioritization
+ Asset Context
+ User Context
+ Custom Workflows
+ Workflow Libraries
+ Third-Party Telemetry
+ Managed Services
Essentials Advantage Premier
Cisco XDR license tiers
+ Security Analytics and Correlation
+ Threat Intelligence
+ Threat Hunting
+ Response Actions
+ Incident Prioritization
+ Incident Management
+ Case Prioritization
+ Asset Context
+ User Context
+ Custom Workflows
+ Workflow Libraries
+ Third-Party Telemetry
+ Managed Services
Essentials Advantage Premier
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
IS Manager & Architect – Infrastructure and Security, Hendricks Regional Health
Jason Lantz
Cisco XDR makes it simple for us
to investigate incidents across all the
security products we already own.
IS Manager & Architect – Infrastructure and Security, Hendricks Regional Health
Jason Lantz
Cisco XDR makes it simple for us
to investigate incidents across all the
security products we already own.
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Lead Developer and Division Lead for Programming, Procellis
Nate Haleen
The alert prioritization in Cisco XDR
saves us a ton of time and helps us
investigate the most important issues first!
Lead Developer and Division Lead for Programming, Procellis
Nate Haleen
The alert prioritization in Cisco XDR
saves us a ton of time and helps us
investigate the most important issues first!
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Senior Network Engineer, Room & Board
Mark Rodrigue
With Cisco XDR, our full security suite
works together so we can quickly and
confidently deal with the threats
that matter most to our business.
Senior Network Engineer, Room & Board
Mark Rodrigue
With Cisco XDR, our full security suite
works together so we can quickly and
confidently deal with the threats
that matter most to our business.
© 2023 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Chief Information Security Officer, National Football League (NFL)
Tomás Maldonado
Cisco’s depth and breadth of experience
in understanding the scale of and securing
our environment from threats ensured that
we were well prepared ahead of Super Bowl
LVIII.
Chief Information Security Officer, National Football League (NFL)
Tomás Maldonado
Cisco’s depth and breadth of experience
in understanding the scale of and securing
our environment from threats ensured that
we were well prepared ahead of Super Bowl
LVIII.
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 86
- Slides 25
- Age 267 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views