Cisco
Cisco
Cisco XDR - Extended Detection and Response
Cisco XDR is a product that provides a mechanism for efficiently conducting investigations by collecting telemetry information from multiple products such as terminals and networks, performing correlation analysis, prioritizing threats, and linking related information.
The data sources that are analyzed are not only compatible with Cisco products, but also with major third-party products, making it possible to correlate and alert on threats detected only by third-party products.
In addition, the built-in NDR function sends telemetry information to the Cisco XDR cloud without the need for an agent, making it easy to implement and covering OT areas where agents cannot be installed.
Achieving early detection and response to minimize risk and damage
Multi-layered security risk detection and response automation
Cisco XDR Benefits
*Applies a unique priority algorithm patented by Cisco Vulnerability Management
1) Correlation analysis
By performing correlation analysis based on telemetry collected from multiple data sources, information about the same threat is automatically associated and the risk level is reanalyzed, revealing the complete picture of a multi-stage attack.
By getting a bird's-eye view of threats and quickly visualizing their impact, we can shorten investigation times.
②Incident prioritization
From the perspective of risk management, the theory is to combine the "size of the threat" and the "importance of the asset." Cisco XDR scores the priority of assets weighted by the customer and the threat risk to them. As a unique feature, the threat risk determination includes the financial impact (real-world financial risk such as the impact on stock prices) when damage occurs, so you can focus on the most important incidents as a company.
Score calculation formula (overview)
3) Workflow for dealing with issues
It has a SOAR function for responding to incidents. It provides many commonly used workflows as presets, making it easy to implement and customizing it to suit your environment. It is also possible to isolate devices with one click using third-party products, allowing for rapid response when an incident occurs.
4. Wide-ranging telemetry collection
The built-in NDR function not only detects suspicious behavior on the network based on Netflow information, but also detects vulnerable settings and unauthorized access in IaaS environments through collaboration with AWS and other services.
Netflow information can be collected by sending it from a Catalyst switch, or by using NVM (Network Visibility Module), a function of the Cisco integrated agent (Secure Client), or by other methods suited to your environment. It also supports telemetry collection from major 3rd party products, allowing for a wide range of telemetry collection. As a result, it enables comprehensive security operations.
Corresponding image
Cisco XDR Monitoring Service
We provide 24/7 Cisco XDR monitoring services to help improve the accuracy of threat detection and reduce the burden on our customers' security operations.
Inquiry/Document request
Macnica Cisco
- E-mail:cisco-info@macnica.co.jp
Weekdays: 9:00-17:00