Networking giant Cisco Systems Inc. is bringing its considerable expertise into the extended detection and response business with the launch of a new, software-as-a-service-delivered platform that integrates multiple threat detection tools to protect enterprise computing resources.

Cisco said the new Cisco XDR service will become available in July. It will bring together a range of Cisco’s proprietary tools and third-party security offerings to help customers control network access, analyze incidents, mitigate threats and automate responses, all from a single, cloud-based interface.

Cisco XDR gathers data from six telemetry sources that most security professionals say are critical for any extended detection platform, including endpoints, networks, firewalls, email, identity and domain name systems. With regard to the endpoints, Cisco XDR is as comprehensive as can be, gathering insights from more than 200 million sources via Cisco Secure Client, a tool that was previously known as AnyConnect. In this way, it provides process-level visibility into any place where endpoints meet the customer’s network.

The aim of Cisco XDR is to correlate and analyze native and third-party telemetry sources and provide detection and response in near-real-time, the company said.

Third-party products supported by Cisco XDR include Microsoft Corp.’s Defender for Endpoint and Office, Palo Alto Networks Inc.’s Cortex XDR and Next-Gen Firewall, Trend Micro Inc.’s Vision One, SentinelOne Inc.’s Singularity and ExtraHop Networks Inc’s Reveal. In addition, Cisco XDR also supports data from security information and event management platforms such as Microsoft’s Sentinel Zero Trust.

Cisco said its platform enables security teams to identify threats and mitigate them before they’re able to cause any significant damage to customer’s networks and businesses. In contrast to SIEM platforms that are often compared with XDR tools, Cisco XDR detects and investigates threats in real-time, as opposed to looking at historical data for forensic analysis.

By bringing everything together under one roof, operators will be able to look at everything from email and web traffic to access control, and gain a much clearer picture of security patterns as they emerge, Cisco said.

Raj Chopra, senior vice president and chief product officer of Cisco Security, told SDX Central that Cisco XDR is a part of the company’s “Security Cloud” vision of a unified platform that integrates security and networking services across multicloud environments. The company intends to build on its launch by adding more telemetry sources in future.

“There are three or four very big vectors that we are already working on that will also be part of the XDR which is going to make this even more helpful in even more environments going forward,” he said.

Cisco XDR will improve over time, learning from data gathered from Cisco’s enormous base of customers.

International Data Corp. analyst Frank Dickson said the true measure of any XDR platform is its ability to deliver outcomes with real and measurable benefits for organizations. These include early detection, impact prioritization and effective and efficient responses. “True results need to be quantifiable numerically and not just qualitatively described with words,” he said. “Cisco XDR delivers a clear framework for enabling organizations to achieve such tangible.”

While Cisco XDR will launch in July, users of its Duo Editions access protection software will benefit from the addition of Trusted Endpoints support on May 1. Previously, that capability was available only to subscribers of Duo’s highest tier.

Duo helps protect against cyber breaches by using adaptive multifactor authentication to verify the identity of users and the health of their devices before granting access to applications. Trusted Endpoints is an add-on service that prevents unregistered or unmanaged devices from accessing network resources.

Image: rawpixel/Freepik