Forrester TEI™ Finds Cisco Vulnerability Management Delivers 125% ROI

Oh, the torture of not having a strong risk-based vulnerability management solution in place.

You know what I’m talking about. Relying on ineffective and unmanageable CVSS, homegrown scoring systems, vendor scoring, or a mixture of those options to help you try to prioritize the mountain of vulnerabilities in your environment. It leads to a lot of headaches and not a lot of progress to show.

Even more, it negatively impacts the working relationship between Security and IT, especially when one team is passing over a laundry list of vulnerabilities to the other with minimal context and understanding of business impact.

But it doesn’t have to be this way. Cisco Vulnerability Management (formerly Kenna.VM) takes a risk-based approach to vulnerability prioritization that is fueled by data science, enabling Security and IT teams to focus their limited resources on real risk and remediate more efficiently. ​

An April 2023 Total Economic ImpactTM study conducted by Forrester Consulting and commissioned by Cisco found that Cisco Vulnerability Management delivered a 125% return on investment (ROI) over three years, and a payback period of just 6 months for that investment.

Customers Interviewed for This Study

Forrester interviewed five Cisco Vulnerability Management customers (Figure 1) and formed a composite organization based on their characteristics to analyze the financial and operational impacts of Cisco Vulnerability Management. The composite organization is a global organization with $10 billion in annual revenue, 100,000 assets covered by Cisco Vulnerability Management, and 10 security analyst FTEs.

Figure 1: Characteristics of Cisco Vulnerability Management Customers Interviewed for the Total Economic Impact of Cisco Vulnerability Management, an April 2023 commissioned study by Forrester Consulting for Cisco

The study uncovered that, after adopting Cisco Vulnerability Management, customers transform their vulnerability management programs by streamlining their security and IT operational efficiency and reducing the likelihood of data breaches.

Let’s dig into the findings.

20% Reduction in Risk of Breach

Breaches. No one likes them, but they exist. Forrester found that Cisco Vulnerability Management reduced the risk of breach by helping the composite organization’s security and IT operation teams prioritize their efforts and focus on the most critical vulnerabilities. In doing so, these teams reduce the time it takes to remediate vulnerabilities and implement automation to proactively address potential security issues. Over three years, the composite organization reduces the risk of breach by 20%, with savings worth $1.5 million.

A senior manager of enterprise vulnerability management in entertainment and media explains, “When you’ve got 100 things to look at and they are all critical, nothing is critical. With [Cisco Vulnerability Management], we are able to say, ‘No, focus on these 10 to 15 things, not 100.’”

12% Increase in Security Analyst Efficiency

With Cisco Vulnerability Management, security analysts focus on the most critical vulnerabilities, optimize how they allocate resources to manage vulnerabilities, and better communicate the importance to their IT teams and leadership. As a result of these benefits, security analysts for the composite organization increase their productivity by 12%, worth about $276,000 over three years.

As stated by the global head of cyber vulnerability management in a financial services organization, “The benefit is not just about reducing [vulnerability] volume, it’s about shifting attention to what really needs to be focused on. The business also understands the criticality and is pushing those remediations. [Cisco Vulnerability Management] helped us improve maturity, reduce risk, and help focus on what’s important.”

Additionally, security teams experience stronger cross-functional communication and collaboration with their IT and leadership teams when using Cisco Vulnerability Management.

“We’ve seen about 14 hours a day of time savings spread out amongst the whole team after you factor in all the back-and-forth explanations through emails, meetings, and leadership briefs,” says senior manager of enterprise vulnerability management, entertainment and media. “Now, we just point people to a dashboard that leverages the vulnerability intelligence from [Cisco Vulnerability Management].”

7,800 Hours Saved Annually by IT Operations

Oftentimes, Security and IT teams are faced with competing priorities. And when not a lot of context is being shared with IT that explains why certain fixes are needed, remediation can slow down.

The Forrester TEI reports that Cisco Vulnerability Management helps the composite organization’s IT teams prioritize the most critical vulnerabilities, saving them time in remediation. Cross-team collaboration between security and IT groups improves, which streamlines operations and empowers IT resources to own more of the vulnerability management process. This saved IT Operations 7,800 hours annually and saved the composite organization $514,000 over three years.

The director of security surveillance and vulnerabilities management told Forrester: “Of the vulnerabilities that are [Cisco Vulnerability Management] related, [our remediation teams] spend at least half the time that they used to spend on vulnerability management. I’d say if they [previously] spent 15 to 20 minutes to understand the vulnerability, open the file, look for the target host, with [Cisco Vulnerability Management], they probably cut that time by half.”

More Benefits Beyond the Numbers

In addition to the quantified findings uncovered, the composite organization saw several unquantified benefits, including improved leadership visibility and communication, as well as improved collaboration between security and IT.

What’s more, Forrester also found that Cisco Vulnerability Management improved the employee experience by helping teams tie their efforts to business impact and reduce manual effort on tedious tasks. “The benefit is not just about reducing [vulnerability] volume, it’s about shifting attention to what really needs to be focused on. The business also understands the criticality and is pushing those remediations, says a global head of cyber vulnerability management in financial services. “[Cisco Vulnerability Management] helped us improve maturity, reduce risk, and help focus on what’s important.”

Forrester Proves Cisco Vulnerability Management’s Value with 125% ROI Over 3 Years

Forrester’s financial analysis of Cisco Vulnerability Management highlights savings of $2.32 million for the composite organization over a three-year period, and a 125% return on investment (ROI).

Cisco Vulnerability Management uses data science to take a risk-based approach to prioritization and it’s working. Customers today are no longer guessing where to focus their remediation efforts. They can easily identify the areas of significant risk and take action, leading to quicker time to value.

Source: cisco.com

Continue reading

IT Leaders Contend with Secure Multicloud Access – The 2023 Global Networking Trends Report

What do you get when a massively distributed workforce tries to securely connect to a massively distributed set of applications? Massive complexity. In light of this, our latest annual Global Networking Trends Report is focused on how IT leaders and networking professionals are dealing with the challenges of connecting their increasingly dispersed workers to their increasingly distributed applications. And coming as a surprise to no one, when 2,500 IT leaders and professionals across 13 countries were surveyed, they verified that these challenges were their number one networking priority for 2023.

In addition to presenting the key trends from the survey results, the report includes six areas of essential guidance—guidance that focuses on one ultimate outcome: how best to provide distributed workforces with consistent, secure, anywhere connectivity to applications in a multicloud environment. We also asked Cisco experts to share their point of view on how organizations should implement this essential guidance. Here are a few points I found particularly interesting.

Use of Multiple Clouds is on the Rise

The report validates that organizations are, indeed, moving more of their apps and workloads to multiple cloud providers. But a bigger revelation was just how many different cloud providers organizations are using: 92% use more than two and an incredible 34% host workloads with more than four cloud providers (Figure 1). At the same time, one in four are using more than 20 SaaS applications. And when asked why, many respondents identified agility as the biggest motivation for moving to multiple cloud services, citing it as more important than either cost or resilience. 

Figure 1. The use of multiple cloud and SaaS providers has become the norm.  Source: 2023 Global Networking Trends Report.

Lack of Operational Consistency is an Obstacle

The report found that two in five respondents cite lack of consistency across networking, security, and cloud domains as a big obstacle to securely connecting users to cloud resources. At the root of this problem is the reality that many IT organizations still have network and security teams that plan and operate independently. This leaves many IT leaders challenged when trying to deliver better and more secure user experiences with their existing technology and divided operational boundaries.

Integrate Networking and Security from Device to Cloud  

Almost half of the respondents identified a fully integrated networking and security architecture in the form of Secure Access Service Edge (SASE) as their primary choice for connecting branches and remote users to multicloud applications within the next two years. They reported widespread plans to integrate cloud-based software-defined WAN (SD-WAN) connectivity and cloud security in order to deliver consistent secure access to both SaaS– and IaaS–based services.  

Simplify Connectivity to Multiple Clouds 

As the number of clouds increases, the ability to provide consistent and efficient connectivity management and security across them is becoming increasingly important. To improve connectivity to cloud-based applications from all locations, 53% of respondents said they are prioritizing SD-WAN integration with cloud services, SaaS, and middle-mile providers (Figure 2). Why? To apply policy consistently, automate connectivity, and better secure the application experience. 

Figure 2. SD-WAN Integrations with IaaS, SaaS, and Middle-mile Providers are Vital for a Better IT and User Experience.  Source: 2023 Global Networking Trends Report.

You Can’t Manage What You Can’t See 

Ultimately responsible for end-user experiences, IT is increasingly challenged to deliver desired levels of service. With the majority of transactions either originating or terminating outside of traditional enterprise boundaries, IT lacks visibility into the full network path. The digital supply chain is increasingly complex, composed of multiple providers and hops that are typically invisible to IT teams. With the Internet increasingly becoming the new core network, it’s no wonder that IT teams need help. In response to this need for greater visibility, 51% of IT professionals reported prioritizing the adoption of end-to-end network telemetry and visibility to achieve proactive detection and remediation of issues.  

Guiding, influencing, or implementing your own organization’s direction for networking is no easy feat. Explore this year’s report to learn more about how your peers are connecting and securing their increasingly distributed personnel to increasingly distributed apps and data.

Source: cisco.com

Continue reading

Future-proof with Cisco Next-Gen Firewalls

We have seen an increase in the efforts to future-proof our technology, infrastructure, and our planet. Future-proof means we introduce or create a product or system that is unlikely to become obsolete or fail in the future.

We’ve seen this in how architects are designing bridges and skyscrapers, our global efforts in planet and ecosystem conservation, and in the technology sphere, especially in the efforts around security solutions. What we build now is what will enable the future generation to be the next leaders, thought leaders, and innovators.

Foundation of Futureproofing

At Cisco our purpose is to power an inclusive future for all. We have the technology, solutions, and motivation to bring communities together and drive change for everyone no matter where they live. For this change to take place, we have to offer customers a strong and secure foundation.

This foundation is centered on providing a network with consistent visibility, policy harmonization, and cloud management. Here at Cisco, we provide this level of security foundation through Cisco Next-Generation Firewalls (NGFW). Cisco is helping customers take control of their security landscape, and they can leverage their current Cisco investments to start turning their network infrastructure into additional control points and direct extension to have a complete security architecture.

Cisco’s Future-proof Security Platform

Customers can leverage the power of Cisco to turn their existing infrastructure into an extension of their firewall solution, which leads to a greater evolution of security everywhere they need it. Cisco can turn your customers’ entire network into an extension of the security architecture, experience world-class security controls, and have a unified policy with threat visibility. Let’s talk briefly about each of these points.

Security Architecture Extension

Cisco provides a trusted network security with the deepest set of integration between core networking functions and network security. Whether your customers are looking to get more from their existing network with Application-Centric Infrastructure (ACI) or Identity Services Engine (ISE) or extend their protection across the architecture quickly with advanced threat intelligence, there is a solution available that matches their needs.

World-class Security Controls

Security threats are becoming increasingly complex, but Cisco NGFW appliances can be deployed wherever your customers need them no matter if they are on-premise or across multiple clouds. By protecting customers from hidden threats, Cisco NGFW leverages dedicated hardware to inspect threats hidden in encrypted traffic while maintaining optimal performance.

Cisco offers many parallel solutions that work with Cisco NGFW. If you would like to learn more about these additional opportunities, please contact your Cisco Distribution, Partner, or Marketing account manager.

Unified Policy and Threat Visibility

When your customers invest in Cisco NGFW or update their existing security portfolio to include this solution, they will not only gain stronger security posture, but will also be set up with a future-ready management experience that can evolve with their network. This will help your customers deliver scalable controls across many devices quickly, reduce complexity, stay ahead of threats, and accelerate their security operations.

Tackling new opportunities

Whether you are discussing an upgrade with a customer to be more future-proof or showing how Cisco technology can better secure a customer’s IT landscape, there is a solution that can help them identify, overcome, and prevent challenges from impacting their IT goals. The future is now, and we must help customers look ahead with confidence in their security technology.

Source: cisco.com

Continue reading

Spend Less Time Managing the Network, More Time Innovating with the Network

As networks evolve to keep up with the requirements of a distributed hybrid workforce and the need for new B2B and B2C cloud applications, an increasingly complex workload for IT is an inevitable byproduct. Remote workers, collaborative applications, and smart building IoT devices have all added management challenges to the hybrid workplace network. IT teams, already responsible for network device onboarding, availability, and resilience, are taking on AIOps responsibilities for ensuring high application experience. They’re also picking up SecOps oversight for monitoring various endpoints for spoofing threats and malware intrusions. With this growing load of responsibilities, how is IT going to scale and not break?

The answer lies in the past as well as in the future. Twenty years ago, Cisco developed one of the first machine-learning toolsets to analyze vast quantities of telemetry collected from switches, routers, and access points to assist in technical problem resolution. The system, created by the Cisco Advanced Services team, was called Network Profile (NP). Built on top of one of the first network-specific data lakes, NP helped customers understand the current state of their networks and enabled Cisco technicians to quickly troubleshoot network issues.

Since then, Cisco has worked diligently to augment the intelligence inherent in the network. Today, the continuously evolving NP is an integral part of the Cisco CX Cloud and is tightly integrated with Cisco DNA Center. Cisco DNA Center Analytics, like NP and Site Analytics, and automations like the Machine Reasoning Engine, make network pros more effective by offloading repetitive, complex, and time-sensitive tasks that do not directly add new value to the organization.

A key value of applying Machine Learning and Artificial Intelligence engines in conjunction with volumes of operational telemetry is to do simple things simply well and thus enable less experienced NetOps technicians to handle a broader range of maintenance tasks.

Automating Compliance Checks

A great example of this intelligent automation lies in the area of compliance. Cisco DNA Center automates configuration checks of settings—such as certificates and SNMP—across hundreds of controllers. What is usually a time-consuming and tedious task is greatly simplified. Guided automations recommend fixes that IT can quickly implement with a single click. And since this scanning is always on, in real-time, technicians don’t need to remember to set aside time every week to run a network compliance scan. That’s simplification!

Simplifying Device Maintenance

Similarly, when managing thousands of networking devices across campuses, branches, and remote offices, what IT doesn’t know about lingering security issues forces technicians to be reactive rather than proactive. It takes time and expertise to keep up with PSIRT vulnerabilities and patches to network software on thousands of access points and switches.

Cisco DNA Center provides preventative measures for device maintenance. By connecting Cisco DNA Center to Cisco CX Cloud, fixes for known PSIRTs and software patches that IT can identify by existing TAC cases are shared automatically through a Cisco DNA Center dashboard with IT teams operating with relevant infrastructures. The granularity of these notifications extends from controller OS images down to specific device configurations, so only features in use are included in notifications. As a result, instead of discovering that an issue causes a network problem with a known resolution, Cisco DNA Center proactively recommends an appropriate resolution even before a problem occurs. And if a configuration is not using any of the affected features, the controllers will bypass installing unnecessary patches. The result is complexity simplified.

Moving From Reactive to Preventative

Predictive analytics with DNA Center’s Trends and Insights dashboard is an AIOps tool for monitoring the network for changes and anomalies that, while not causing an immediate issue, could become a problem in the future. For example, early warning alerts for events like a gradual increase in wireless interference, a sudden increase in the number of devices connected to the same Access Point, or an IoT device that is pulling 20% more power from a switch can help IT take preventative actions before issues impact workforce performance or network availability. By identifying the signs of looming network problems, Cisco DNA Center keeps NetOps teams ahead of issues instead of constantly chasing them—the empowerment of being proactive versus reactive.

Figure 1. Out of complexity, simplicity with Cisco DNA Center AI/ML and Cisco Knowledgebase.

Optimizing the Network Fabric for Application Performance

Reducing complexity with AI/ML processes that assist IT in optimizing the network enables the best application experience for the workforce and customers. Increasingly this is even more critical as applications are literally everywhere, and so are the people who rely on them to keep operations rolling and interact with the business. Gaining visibility into application usage everywhere in the distributed network enables IT to prioritize network resources for business-critical applications and deprioritize irrelevant business applications.

Take, for example, the fast-growing use of collaboration applications incorporating audio and video, screen sharing, recording, and translation. Cisco DNA Center AIOps features enable IT to proactively manage Microsoft Teams and Cisco WebEx performance. The Applications Dashboard in Cisco DNA Center displays the audio, video, and application share quality of experience for individual or team sessions for both platforms, enabling IT to quickly determine if a problem is inside or outside the network. The dashboard also provides remediation suggestions, such as increasing Wi-Fi coverage in specific areas—before operations are affected. Suppose the problem is outside the enterprise network. In that case, IT can activate Cisco ThousandEyes WAN Insights directly from the dashboard to determine the internet bottleneck or provider causing the issue, along with alternate routing suggestions to fix the performance degradation.

Simplify Networks with a Foundation of Automation and Analytics

We are weaving AI and ML capabilities throughout Cisco software, controllers, and network fabrics to simplify the management of complex networks, including innovations like AI Network Analytics, Machine Reasoning Engine Workflows, Networking Chatbots, AI Spoofing Detection, Group-Based Policy Analytics, and Trust Analytics. These solutions assist IT in directing talent to more innovative projects that add value to the organization, such as securing the remote workforce, managing multi-cloud applications, and implementing a Secure Access Service Edge (SASE) for holistic security across the enterprise.

Cisco DNA Center enables IT to hide complexity and operate massive networks at scale, securely, and with agility. The value of AI/ML in Cisco DNA Center is in the ability of the network to enable an excellent experience for IT personas, which in turn provides an optimal experience for the workforce, along with trust in knowing the network is always watching and self-adjusting.

Source: cisco.com

Continue reading

How to Pass Cisco 300-420 ENSLD Exam Using Various Study Materials?

Getting certified by Cisco is the recommended path to establishing a career in Cisco products. Countless companies, regardless of their size, rely on Cisco’s network software and equipment. It’s evident that Cisco’s products surpass those of their competitors because they continuously enhance and add new features to their technologies. If your career goal is to work in enterprise design, passing the Cisco 300-420 ENSLD exam will significantly benefit you and give you a significant advantage when job hunting.

Cisco 300-420 ENLSD Exam Overview

To obtain the new CCNP certification, you must pass two tests, one of which is the Cisco 300-420 ENSLD. This exam is a concentration test chosen from a pool of six others. It is mandatory to take the 300-420 exam and the core Cisco 350-401 test to be eligible for the certification. The 300-420 exam encompasses diverse topics that students must be familiar with before attempting. These objectives include:

Advanced Addressing and Routing Solutions (25%)

Advanced Enterprise Campus Networks (25%)

WAN for Enterprise Networks (20%)

Network Services (20%)

Automation (10%)

These topics are intended to aid in your exam preparation, consisting of 55-65 questions and last 90 minutes. Once you grasp these topics well, you will be well-prepared to take the Cisco 300-420 exam and pass it successfully.

Best Study Resources for CCNP Enterprise 300-420 ENSLD Exam

You must have the right study resources to prepare for the CCNP Enterprise 300-420 ENSLD exam. Here are some of the best resources that you can use:

1. Official Cisco Learning Resources

The official Cisco Learning Resources is a great place to start your preparation for the CCNP Enterprise 300-420 ENSLD exam. Cisco offers a range of training courses, study materials, and practice tests that can help you learn the exam topics and get hands-on experience with Cisco technologies and solutions. You can find these resources on the Cisco website or through Cisco’s authorized learning partners.

2. CCNP Enterprise 300-420 ENSLD Study Guide

The CCNP Enterprise 300-420 ENSLD Study Guide is a comprehensive resource covering all the exam blueprint topics. The guide includes detailed explanations, examples, and practice exercises to help you understand the exam concepts and prepare for the test. You can find the study guide on Amazon or other online bookstores.

3. Cisco 300-420 ENSLD Practice Tests

Practice tests are essential to your preparation for the CCNP Enterprise 300-420 ENSLD exam. They help you identify your strengths and weaknesses, get familiar with the exam format and time constraints, and build your confidence for the test. You can find practice tests on the Cisco website, through Cisco’s authorized learning partners, or on online learning platforms such as nwexam website.

Tips for Passing CCNP Enterprise 300-420 ENSLD Exam

Here are some tips that can help you pass the CCNP Enterprise 300-420 ENSLD exam:

1. Understand the Exam Blueprint

The CCNP Enterprise 300-420 ENSLD exam blueprint outlines the topics and subtopics the exam covers. Ensure you understand the blueprint and focus your study efforts on the areas you need to improve.

2. Get Hands-on Experience

The CCNP Enterprise 300-420 ENSLD exam tests your ability to design enterprise networks using Cisco technologies and solutions. You must have hands-on experience with Cisco devices and software to prepare for the exam. Set up a lab environment or use simulation tools for the necessary expertise.

3. Join Study Groups

Joining study groups can help you stay motivated and learn from other candidates preparing for the CCNP Enterprise 300- 420 ENSLD exam. You can find study groups on social media platforms like LinkedIn, Facebook, or Reddit.

4. Use Mind Mapping and Note-taking Techniques

Mind mapping and note-taking techniques can help you organize your thoughts, understand complex topics, and remember important concepts. Use these techniques to create summaries, diagrams, and charts that capture the exam topics and subtopics.

5. Practice Time Management

The CCNP Enterprise 300-420 ENSLD exam lasts for 90 minutes, which means you have limited time to answer 60-70 questions. Practice time management techniques, such as skipping difficult questions and returning to them later, to ensure you answer all the questions within the allotted time.

Conclusion

The CCNP Enterprise 300-420 ENSLD exam is a challenging test requiring extensive knowledge and experience designing enterprise networks using Cisco technologies and solutions. To prepare for the exam, you must have the right study resources, such as official Cisco learning resources, study guides, and practice tests. Additionally, you need to follow some tips, such as understanding the exam blueprint, getting hands-on experience, joining study groups, using mind mapping and note-taking techniques, and practicing time management. With the proper preparation and dedication, you can pass the CCNP Enterprise 300-420 ENSLD exam and advance your career in the networking field.

Continue reading

Disaster Recovery Solutions for the Edge with HyperFlex and Cohesity

The edge computing architecture comes with a variety of benefits. Placement of compute, storage, and network resources close to the location at which data is being generated typically improves response times and may reduce WAN based network traffic between an Edge site and central data center. This stated the distributed nature of edge site architectures also introduces several challenges related to data protection and disaster recovery. One requirement is performing local backups with the ability to conduct local recovery operations. Another formidable challenge involves edge site disaster recovery. Planning for the inevitable edge site outage, be it temporary, elongated, or permanent is the problem this blog takes a deeper look into.

Business continuity planning focuses on items such as Recovery Point Objective (RPO) and Recovery Time Objective (RTO). These measurements are generally expressed in terms of a Service Level Agreement (SLA). Under the covers exists a collection of infrastructure building blocks that make adherence to an SLA possible. In simplistic terms, the building blocks include the ability to perform backups, the ability to create additional copies of backups, provide a methodology to transport backup copies to remote locations (replication), an intuitive management interface, and connects to a preconfigured recovery infrastructure.

From an operational standpoint, an edge site disaster recovery solution includes workflows that enable the ability to:

◉ Perform workload failover from an edge site to a central site.

◉ Protect failed over workload at a central site.

◉ Reverse replicate protected workloads from a central site back to an edge site at the point where the edge site is ready to receive inbound replication traffic.

◉ Failover again such that the edge site once again hosts production workloads.

◉ Test these operations without impacting production workloads.

Should an edge site failure or outage occur, workload failover to a disaster recovery site may become necessary. (Quite obviously, disaster recovery operations should be tested on an ongoing basis rather than just hoping things will work.) At the point where workload failover has been completed successfully, the failed over workload requires data protection. At the point where the edge site has been returned to an operational state, backup copies should be replicated back to the edge site. Alternatively, a new or different edge site may replace the original edge site. At some point, workload transition from the central site back to the edge site will occur.

HyperFlex with Cohesity Data Protect

Cohesity provides a number of DataProtect solutions to assist users in meeting data protection and disaster recovery business requirements. The Cohesity DataProtect product is available as a Virtual Edition and can be deployed as a single virtual machine hosted on a HyperFlex Edge cluster. A predefined small or large configuration is available for selection when the product is installed. The Cohesity DataProtect solution is also available in a ROBO Edition, running on a single Cisco UCS server.

Cohesity DataProtect edge solutions provide local protection of virtual machine workloads and can also replicate local backups to a larger centralized Cohesity cluster deployed on Cisco UCS servers.

Cohesity protection groups are configured and define the workloads to protect. Protection groups also include a policy that defines the frequency and retention period for local backups. The policy also defines a replication destination, replication frequency, as well as the retention period for replicated backups.

In summary, Cisco HyperFlex with Cohesity DataProtect has built-in workflows that enable easy workload failover and failover testing. At the point where reverse replication can be initiated, a simple policy modification is all that is required. Cohesity also features Helios, a centralized management facility that enables the entire solution to be managed from a single web-based console.

Source: cisco.com

Continue reading

Securing the #1 threat vector is a key part of an effective XDR strategy

There are many ways to build out an extended detection and response (XDR) solution; that may be why so many options exist in the marketplace. However, email security is an undeniably critical component in most customer scenarios. Its strengths lie in its ability to enrich incidents, gather actionable telemetry, provide visibility for greater context, and empower quicker response times. This analysis and understanding of data intent — and the subsequent ability to speed remediation — make email security foundational to an effective XDR strategy.

What should be built into your XDR strategy?

◉ Ability to share data rapidly between existing security layers

◉ Greater context and enriched threat investigation and response

◉ Automated security responses

What should an XDR solution provide?

◉ A visual representation of real threats you are investigating

◉ Easy to understand, quick to comprehend results

◉ A seamless way to extend your existing security product

Email administrators use this XDR strategy when investigating threats against end-users in your organization. Using Cisco Secure Email Threat Defense, Cisco bakes this in from the start.

A single email contains many identifiable data dispositions that your email security platform already uses to analyze and act against – IP addresses, URLs, hostnames, and attachments (SHA-256 hash). This data is a gold mine of information used in your XDR platform.

Figure 1: Snapshot of threat techniques in a phishing email

Message tracking shows the verdict of the message and the techniques used to categorize and score the email as a threat. In addition, you’ll see pertinent information such as Sender, Recipient, Attachments, and URLs – the expected data points. Email Threat Defense provides these powerful search capabilities to give you quick access to these message details that empower more informed responses. Remediating threats directly in Cisco XDR and Threat Response streamlines processes and saves valuable time.

Share data between existing security layers

Your XDR strategy needs to deliver this data between security layers. Cisco XDR builds a data correlation map of a message and all related dispositions. Direct results allow further queries and information gathering by giving you a visual, interactive investigation representation.

Figure 2: Example of an XDR investigation starting with a threat message.

IP addresses seen can be added to an inbound policy outside the email platform. Interact with the URL and see judgments, or perhaps sandbox and re-evaluate it in real time. Add the SHA256 to your Secure Endpoint blocklist. These are all now key functionalities of XDR that empower you and your team to make faster, data driven decisions.

Aid and enrich threat investigation and response

Your XDR extensibility should continue with more than just Cisco security products. You can use your existing third-party products for additional intelligence and include extensions to help build your response action.

Figure 3: Extensible options to quarantine and isolate observables

Cisco and Cisco Talos Intelligence Group provide excellent detection and response, rule sets, and a vast intelligence library. In addition, we work closely with partners and additional third-party providers that help to defend against known and emerging threats, new vulnerability discovery, and threat interdiction. Utilizing an external threat feed provider or incorporating your direct private intelligence are vital drivers to XDR collaboration techniques.

Automate security responses

Cisco XDR rounds out the strategy with orchestration, allowing you to automate responses with various solutions, specifically providing additional detections and actions.

Figure 4: Pre-built orchestrations in XDR, this example blocks user access.

Orchestration allows prebuilt workflows ready to combine the telemetry, security need, and subsequent actions readily available to execute. This automation alleviates the need for redundant or recurring motions that take up your team’s valuable resources and allows them to focus on more strategic initiatives.

Source: cisco.com

Continue reading