XDR, a catalyst for the efficiency of cybersecurity solutions

Because cyber threats are becoming more and more sophisticated, companies need speed and accuracy in detecting and eliminating them. Most classic security solutions have been specially built to deal with threats to specific categories of IT products or applications. As a result, companies currently use, for example, dedicated firewall products, endpoint protection, email protection, web protection, Internet-connected application protection, intrusion detection systems, vulnerability scanning systems, software patch management systems, security information and event management systems, solutions for identity risk management, solutions for traffic encryption, and this is only a partial enumeration of the current needs of security systems.

 

 

In this context, the XDR ( Extended Detection and Response ) concept was launched, aiming to provide a centralised system that provides global visibility into the company’s network, cloud services, user endpoints and applications, to help the security specialists of the companies to detect, investigate and remediate effectively the cyber threats. Cisco SecureX is an XDR platform recommended by Datanet Systems to companies that currently use Cisco security products and seek to streamline their security operations by improving their orchestration and by automating the repetitive tasks.

212 days – that’s how long it takes, on average, to detect a computer security breach in a company today. And another 75 days pass, on average, to fix it. Investments in new security solutions frequently focus on addressing specific issues and increase the volume and complexity of the IT team’s work. But, in many cases, the results are not as expected – security detection and remediation times do not decrease, the volume of alerts increases, investigations are difficult and time-consuming, the effectiveness of response measures remains low. The main cause of these side effects is that most of the security solutions currently used by companies are built to operate in isolation, and their integration – when possible – requires advanced skills, time and money.


Using IT security solutions separately, companies operate with unrelated data that does not provide a clear picture of the nature, spread and immediate effects of a security event. Thus, using separate solutions leads to difficulties in detecting the causes and the compromised systems and in prioritizing the alerts, and reduces the effectiveness of the response measures, because it does not allow their coordination in real time.

 

XDR, from concept to concrete solutions

The concept of “ Extended Detection and Response ”(XDR) emerged in response to all these problems, intending to allow companies to centralize and correlate data from multiple security solutions, to unify the detection processes, to simplify the analysis and to orchestrate the remediation actions.

In order to benefit from all these advantages, Datanet Systems specialists recommend Cisco’s XDR platform – SecureX – which stands out for its ease of use, accessibility, performance and short deployment time. According to a cost-benefit analysis conducted in companies that have used SecureX for three years, the Cisco XDR platform led to:

  • Reducing the time for identifying and fixing a security event by 75% in the first year of use and 90% in the next two;
  • Reducing costs with security breaches by 40-50%;
  • Reducing the risk of breaches by 35-45%;
  • Reducing the effort made with the analysis of security incidents by 90%.

Cisco SecureX also ensures the increase of the quality and consistency of the response and prevention measures and simplifies the activity of the IT team by using predefined playbooks – suites of logical actions that cover common work situations and scenarios, and automatic workflowse.

 

How Cisco XDR works

The Cloud platform SecureX is available free of charge to any company that purchases Cisco cybersecurity products. SecureX combines the detection capabilities of the Cisco security solutions with advanced Machine Learning technologies, which facilitates the rapid detection of abnormal behaviors that can signal a real security event. The central module of the platform – „ Threat response”- ensures the conduct of investigations, monitoring an extensive set of indications of compromise ( IoCs ) to detect which users and / or equipment are affected. The data is correlated and enriched with contextual information collected from multiple sources, such as Threat Intelligence services, vulnerability databases, “Zero Day ” alerts. Cisco’s XDR platform also provides the means for orchestration, by creating automated playbooks for threat detection, vulnerability management, and remediation actions.

Thus, using the SecureX platform , companies can obtain:

  • visibility in a single console of information received from multiple security solutions;
  • simplification of security operations;
  • acceleration of the detection and remediation processes through automatic workflows;
  • application of proactive protection measures;
  • conformity with the compliance requirements

Scenarios for working with SecureX

Here are some specific examples of how SecureX “collaborates” with some Cisco security solutions:

  • Cisco Secure Endpoint can be used as a sensor in the XDR platform to detect the presence of malware and suspicious files on users’ PCs and smartphones. The solution can be used to apply specific blocking, quarantine and remediation measures on the endpoints.
  • Cisco Umbrella allows companies to block the access of employees who use the company’s PCs and smartphones, directly from the XDR platform, to risky Internet domains and to possible destinations of data leaks.
  • Cisco Secure Web provides companies with access, via SecureX , to detailed information about risky Internet sites and Cloud Web applications accessed by enterprise users, making it easier to enforce rules based on user profile, endpoint security posture etc.
  • Cisco Secure Firewall allows you to view on the XDR platform the IP addresses of the network traffic, and block the communication with suspicious IP addresses from SecureX. The XDR platform allows the interrogation of all Secure Firewall devices and their orchestrated configuration, for increasing the efficiency of the response measures throughout the entire organization.

Most Cisco security solutions can be included through SecureX in automated workflows, which can be applied simultaneously across multiple devices.

 

The advantages of collaborating with Datanet

To achieve these results, Datanet specialists can provide services of:

  • Implementation, configuration and customization of Cisco security solutions (Secure Endpoint , AnyConnect, Secure Email, Duo, Secure Web, Umbrella, Secure Firewall, etc.).
  • Integration of those solutions and of third-party applications in SecureX and configuration of the collected data streams.
  • Customization of the interfaces and creation of automated playbooks and workflows according to the requirements and needs of the customers.

Using the services of Datanet Systems, Cisco Gold Partner, you can benefit from:

  • our IT system integrator skills and certified multi-vendor competencies,
  • our solid experience from critical security infrastructure-related projects,
  • the competencies of the largest team of certified Cisco specialists in Romania,
  • rapid technical support with national coverage, and training for administration and operation of the systems delivered by us.

For more technical and commercial information about SecureX, Cisco security solutions and related Datanet services, please contact us at sales@datanets.ro.

______________________

Note: Article taken from profit.ro – here.

*References:
Ponemon Institute: Cost of a Data Breach Report 2021
Forrester Research: The Total Economic Impact Of Cisco SecureX