Tuesday, 21 May 2024

Strengthen Your Security Operations: MITRE ATT&CK Mapping in Cisco XDR

In the intricate dance between cyber attackers and defenders, understanding adversary behavior is the difference between keeping up with sophisticated attacks or falling behind the evolving threat landscape. For security teams, this often feels like trying to navigate a maze blindfolded since adversaries typically have greater insights into defender strategies than defenders have into adversarial attacks. This lack of visibility can lead to reactive cybersecurity with ineffective security operations, poor incident response, and a weak security posture.

However, there’s another approach to cybersecurity that empowers security teams to strengthen their security operations and proactively protect their environments.

Move from Reactive to Proactive Security


Enter MITRE ATT&CK coverage mapping – a groundbreaking capability coming soon to Cisco XDR that enables security teams to turn their reactive operations into a holistic cybersecurity strategy by taking a proactive approach to threats. MITRE ATT&CK coverage mapping uses an interactive heatmap to connect adversary behaviors to detections from Cisco XDR and other integrated security solutions (see Figure 1).

Strengthen Your Security Operations: MITRE ATT&CK Mapping in Cisco XDR
Figure 1: MITRE ATT&CK Coverage Map Dashboard

This helps visualize how your security tools cover every attacker tactic, technique, and procedure (TTP) from the MITRE ATT&CK framework to give you a comprehensive understanding of threats across your entire security environment. You can use the automated MITRE ATT&CK coverage map to strengthen your security operations by enhancing threat detection, identifying and closing gaps in your defenses, and improving incident response.

The MITRE ATT&CK coverage map enhances detection of sophisticated threats across your environment. Understanding the tactics and techniques used by adversaries allows you to improve your security by taking stronger preventative measures. Moreover, it simplifies analysis of potential threats while fostering a proactive cybersecurity mindset that helps your security teams increase alignment with attacker motives and methods. It helps you prioritize incidents based on the impact and relevance of specific adversary behaviors.

Visualizing and mapping attacker TTPs also helps your security teams expose gaps in threat detection. They can use the MITRE ATT&CK coverage map to gain complete visibility into how your current security tools cover the full spectrum of threats. This allows your analysts to spot holes in your security infrastructure and prioritize resources across the most critical gaps. Furthermore, identifying weaknesses in your defenses enables you to deploy new security tools to close coverage gaps and strengthen your overall security posture.

Finally, MITRE ATT&CK coverage mapping improves incident response with a standardized language for your security operations. The MITRE ATT&CK framework provides a common language that makes it easier for security teams to communicate and collaborate on incidents. When combined with a heatmap of product coverage, you can streamline the incident analysis process while reducing the burden on your security team to identify patterns across alerts. This speeds detection and investigation to reduce both mean time to detection (MTTD) and mean time to response (MTTR) for your security operations.

Bolster Your Defenses


MITRE ATT&CK coverage mapping in Cisco XDR provides comprehensive visibility into adversary TTPs, giving you a quick and complete understanding of attackers. These actionable insights empower your analysts to hunt for threats with targeted hypotheses based on MITRE ATT&CK techniques for a proactive approach to security. Your analysts can also use these insights to strengthen your overall security posture and enhance your defenses by identifying, prioritizing, and closing gaps across your security stack.

In the ever-changing world of cybersecurity, staying ahead of adversaries is imperative. With MITRE ATT&CK coverage mapping in Cisco XDR, you can enable proactive security operations, bolster your defenses, and navigate the cyber threat landscape with greater confidence.

Source: cisco.com

Saturday, 18 May 2024

Integrating IT and Campus Facilities for Future-Ready Learning Space

Integrating IT and Campus Facilities for Future-Ready Learning Space

Transforming the University on-campus digital experience


Recent discussions with education leaders and industry analysts show a rapidly evolving scenario in the ‘post-COVID era’, where universities face increasing pressure to enhance the on-campus experience for students, faculty, and staff. These stakeholders now have higher expectations for how they digitally engage with their institution, academic life, their peers, and the broader university community.

To meet these demands effectively, universities must modernize their physical and digital infrastructures by integrating Information Technology (IT) with campus facilities strategies. This integration enables leveraging technology to enhance resource and space management, create sustainable environments, foster dynamic teaching and learning, streamline administrative tasks, and provide well-being services through seamless digital interactions.

The integration of IT with campus facilities management not only optimizes operations but also enriches the overall experience for all stakeholders involved. Here are the priority drivers we have heard from education leaders for the Next Generation Campus:

Learning Spaces Physical and Digital Convergence


Physical and digital convergence in university campuses involves more than just offering physical spaces for academic and social activities. It encompasses providing robust connectivity, ensuring cybersecurity, and creating environmentally sustainable environments that promote collaboration, innovation, and well-being. This convergence extends beyond traditional areas like lecture theatres, libraries, and laboratories to include non-traditional learning spaces such as canteens and other open spaces where students can access online course materials, engage in social media, and interact with peers and instructors on and off campus.

Improving User Experience


Integrating IT and Campus Facilities for Future-Ready Learning Space

The campus plays various roles for students, serving as a place to access specialized equipment and a hub for social connection with peers and the institution. Beyond education, living and working on campus are significant aspects of college or university life. Integrating the IT network with campus facilities management enhances the experience for students, faculty, and staff by simplifying tasks and minimizing obstacles. Digital wayfinding systems facilitate navigation through campus buildings, while smart scheduling platforms streamline room reservations and event planning. These technological enhancements simplify tasks, minimize obstacles, and foster a more positive and productive campus experience.

Using Data to Maximize Space and Resource Utilization


Integrating IT infrastructure with campus facilities management generates a wealth of data that can inform strategic planning and decision-making processes. By utilizing the WI-FI network to capture data, universities can gain real-time insights into utilizing campus facilities, analyzing trends in space usage, energy consumption, and facility maintenance. This data empowers informed decision-making on space allocation, usage patterns, and resource optimization. Moreover, predictive analytics can anticipate future needs and challenges, enabling proactive interventions and risk mitigation strategies.

Enhancing Operational Efficiency


Integrating IT with campus facilities management streamlines administrative processes, enhancing efficiency and cost-effectiveness. This integration automates tasks such as remote working for administrative staff, contact center operations, room bookings, and maintenance requests. By reducing manual workloads and improving response times, digital systems optimize resource allocation, minimize overhead costs, and promote agility and responsiveness within the institution.

Supporting Sustainability Initiatives


Digital technologies play a crucial role in supporting sustainability initiatives on campus. Smart IoT sensors in the IT network for energy management systems optimize HVAC controls, lighting schedules, and power usage, reducing carbon emissions and energy costs. Additionally, digital tools facilitate waste management and recycling efforts, promoting sustainability awareness among the campus community.

Enhancing Safety and Security


Integrating IT with campus facilities management strengthens safety and security measures on campus. Digital signage, surveillance systems, access control mechanisms, and emergency notification platforms leverage digital technologies to monitor and respond to potential threats effectively. These systems enhance campus safety by providing real-time insights, communication capabilities, and peace of mind for students, faculty, and staff.

How Cisco Can Help


The integration of IT and campus facilities strategies represents a paradigm shift for universities to transcend traditional silos and foster a holistic approach to optimize campus operations and enhance the student experience. At the heart of this integration lies a reliable, secure, and connected digital infrastructure providing real-time insights into how physical spaces are utilized and services delivered. With combined IT and facilities strategies, universities can create smarter, more sustainable, and student-centric campus environments, with tangible benefits for operational enhancements and brand reputation.

Source: cisco.com

Thursday, 16 May 2024

Four ways DORA compliance is an opportunity for financial services organizations to accelerate digital transformation

Four ways DORA compliance is an opportunity for financial services organizations to accelerate digital transformation

Digital services now play a key role in the European economy. The potential catastrophic consequences of these services being compromised has driven the European Commission to introduce The Digital Operational Resilience Act (DORA).

Supported by the right technology partner, financial service institutions (FSIs) can turn compliance into competitive advantage, while hardening operational resilience, across four key areas:

  1. Business continuity in the event of ICT third-party provider disruptions (Multicloud Operations & Service Substitutability).
  2. Business optimization with enhanced telemetry and insights so leaders can make the data driven decisions with confidence (Observability & Data Quality).
  3. Improved operational experience by minimizing downtime through ICT and cyber recovery plans (Back to Health).
  4. Delivering exceptional customer experience by improving service quality, availability, and robustness (Resilience by Design).

How will DORA impact your organization?


From January 2025 FSIs will be required to deliver to a set of criteria, templates, and directives to assure continued delivery of Important Business Services (IBS) to customers. These will check and prove their ability to maintain a proactive stance on security, and ensure they are able to endure, address, and recover from the impact of ICT incidents.

Why is DORA an opportunity to deliver greater resilience?


Cisco believe these regulatory requirements are an opportunity for the financial sector to further implement digital transformation across the enterprise. DORA is a catalyst to move from siloed, fragmented ‘best-of-breed’ approaches to a more holistic strategy driven by top-down cultural change. Supported with agile service delivery practices organizations can proactively and incrementally address evolving business continuity requirements. This marks an opportunity for FSI’s to rethink how they harden their operational resilience through capabilities such as IBS mapping alongside ICT and cyber operational transformation.

How can Cisco partner with you to achieve operational resilience?


Cisco’s portfolio is uniquely positioned to support FSIs in the journey to strengthen cyber resilience, ICT resilient operations, and to map important business services across four key areas:

Four ways DORA compliance is an opportunity for financial services organizations to accelerate digital transformation

Multicloud Operations & Service Substitutability to enable business continuity for FSIs in the event of ICT third-party provider disruptions (e.g. cloud provider services). We achieve this through:

  • Multicloud service automation enabling the journey to any cloud
  • Digital experience monitoring
  • Third party risk management assuring ‘substitutability’ of cloud services

Observability & Data Quality by working with FSIs to define IBS entity dependencies. Helping to create dashboards and reports that provide the insights relevant to the different business stakeholders. Key solutions in this area are:

  • Full-stack observability tooling
  • Enhancing telemetry & insights, through best-in-class data management and AI generated insights
  • IT asset management (including software and hardware) for improved accuracy and data hygiene

Back to Health by tailoring and executing ICT and cyber recovery plans. We do so through:

  • Cyber security simulation (red and purple teaming)
  • Maturity assessments for capability gap analysis
  • Resiliency testing and validation as part of the CI/CD delivery pipeline and digital twins

Resilience by Design through driving ICT operational maturity, resulting in improved service quality, availability, and robustness. This can be achieved through:

  • Improve operational effectiveness through better integration of people process technology and tools
  • An end-to-end security platform for consistent policy orchestration and implementation. Remediating security related events fast and consistently
  • Threat Intelligence & Modelling and include a ‘Shift left’ mentality in the development lifecycle.

Putting these key areas into a maturity journey context, we can assess where your organization is with regards to operational resilience. This will help with mutual understanding what is needed to take the next maturity steps as shown in the table below.

Four ways DORA compliance is an opportunity for financial services organizations to accelerate digital transformation

We have worked as a trusted partner in helping organizations globally across all verticals to achieve operational resilience. Our extensive experience of helping customers through our comprehensive portfolio of solutions and services can support each FSI’s unique journey to DORA compliance.

Source: cisco.com

Tuesday, 14 May 2024

Optimizing business velocity with Cisco Full-Stack Observability

Optimizing business velocity with Cisco Full-Stack Observability

Fueling digital transformation success with cost and resource optimization over applications, workloads, and components

Digital transformation comes with an irony that is not lost on the IT teams. Applications and the digital experiences they enable require cloud-based resources for which costs can easily spiral out of control. Worse, lack of visibility means that utilization of these resources can be difficult to accurately assess.

This creates a conundrum. Fast, reliable application performance depends on sufficient allocation of cloud resources to support demand, even when usage spikes. Under-resourcing in this area can cause significant performance challenges that result in very user experience. With this in mind, teams responsible for migrating workloads to the cloud or spinning up resources for new applications can often over-provision cloud resources to be on the safe side.

The more complexity that is introduced by sprawling suites of tools, containers, application programming interfaces (APIs), and serverless components, the more ways there are to incur costs. And the more ways there are to fall short of efficiency goals  as cloud resources sit idle.

As a result, technologists are under pressure to find out where costs are out of alignment and whether resources have been allocated in ways that support the business.

Taking the guesswork out of optimization


Cisco Full-Stack Observability allows operational teams to gain a broad understanding of system behavior, performance, and security threats across the entire application estate. It also equips them to understand and optimize cloud resource utilization. This optimization helps organizations lower costs by properly modulating asset utilization across workloads, paying only for what they need through right-sizing resource allocation.

It offers optimization capabilities for resolving poorly aligned cloud spend with actionable insights into hybrid costs and application resources within their established monitoring practices. While over-provisioning to avoid downtime is wasteful from both a budgetary and sustainability perspective, under-allocation presents a serious risk.

When applications are constrained by insufficient resources, the resulting poor application performance or even downtime can damage organizational reputation and revenues. With Cisco Full-Stack Observability, teams can scale up or down to ensure resources sufficiently support workloads.

Moreover, Cisco Full-Stack Observability solutions provide visibility into application-level costs alongside performance metrics down to the pod level. It helps perform granular cost analysis of Kubernetes resources, allowing FinOps and CloudOps teams to understand the composition of their cloud spend as well as the cost of resources that are idle. Armed with granular cost insights, organizations can mitigate overspending on unused resources while ensuring that critical applications have adequate resources.

Driving optimization with AI and ML


Artificial intelligence (AI) is driving change in observability practices to improve both operational and business outcomes. Cisco Full-Stack Observability combines telemetry and business context so that AI and machine learning (ML) analytics can be uniformly applied. This allows IT Operations teams to extend their value and truly be strategic enablers for their business.

For example, application resource optimization with Cisco Full-Stack Observability takes aim at inefficiencies in Kubernetes workload resource utilization. By running continuous AI and ML experiments on workloads, it creates a utilization baseline, analyzing and identifying ways to optimize resource utilization. The resulting recommendations for improvement help to maximize resource usage and reduce excessive cloud spending.

Cisco Full-Stack Observability offers capabilities, moreover, to identify potential security vulnerabilities related to the application stack and optimize the stack against these threats. It continuously monitors for vulnerabilities within applications, business transactions, and libraries with the ability to find and block exploits automatically. The result is real-time optimization without constant manual intervention.

To understand and better manage the impact of risks on the business, Cisco security solutions use ML and data science to automate risk management at multiple layers. First, code dependencies, configuration-level security vulnerabilities, and leakage of sensitive data are continually assessed. Second, business priorities are established through a measurement of risk probability and business impact.

This comprehensive approach to optimization makes Cisco Full-Stack Observability a powerful solution for modern, digital-first organizations.

Source: cisco.com

Saturday, 11 May 2024

Secure Firewall & Multicloud Defense: Secure Connectivity With Simplified Policy Across Clouds

Most of our large customers today have datacenters and leverage multiple clouds to maximize flexibility and agility for meeting their business needs. Traditionally, the security for these environments has rested with different teams, each having their own tools and processes. But as our application and IT environments become more interwoven, the complexity of the environments and the challenge of securing them has massively increased. Siloed tools and teams are now part of the problem, generating new gaps and blind spots. Attackers are growing more sophisticated and taking advantage of these new challenges. In fact, last year, 39% of breaches spanned multiple environments and cost organizations an average of $4.75M per breach globally.

It is time to rethink how organizations approach the hybrid-multicloud security strategy — converging the fabrics between on-premises and cloud network security to foster collaboration across teams and deliver a unified edge security strategy.

Today, we are we’re bringing on-prem and cloud security together into one unified platform through the Cisco Security Cloud to marry the power of Cisco Secure Firewall and Cisco Multicloud Defense. Combined, these solutions provide multi-environment customers with greater visibility and protection across environments, more consistent control to reduce risk, and simplified security policy creation to alleviate complex operations.

This year at RSA Conference 2024, customers can experience where security meets the network with new capabilities between these solutions — as part of our unified security platform.

Multicloud networking: Secure connectivity from ground to cloud


Imagine you have an application on-prem that needs to talk to an application in the cloud, how would you approach this challenge? Traditionally, organizations have had to rely on 3rd party native tools. However, these services can be costly — especially as you scale applications and environments. And as you scale, the complexity increases, reducing visibility and control of critical security functions. Now, by leveraging our unified platform with the Cisco Security Cloud, customers can build these connections in house with secure site-to-cloud and cloud-to-cloud connectivity between applications and environments. With this, organizations will be able to securely scale hybrid cloud operations while reducing cost and maintain visibility and control of their connections and data.

Secure Firewall & Multicloud Defense: Secure Connectivity With Simplified Policy Across Clouds

New network object sharing further simplifies policy creation across multi-environments


In many cases today, organizations are building, deploying, and managing policies in silos. This disparate method strains teams — creating laborious, redundant steps in the policy building process, leads to increased risk of human error and cues the dreaded swivel chair scenario — hopping between numerous tools and platforms to build policies.

At Cisco Live EMEA, we announced general availability of network object sharing for static objects. Today at RSA Conference, we’re reducing multi-environment complexity even further with the ability to now share dynamic objects using our unified management fabric. This gives organizations a single location to pool objects, simplifying policy building and management across environments. Baked into the Cisco Security Cloud platform, this capability empowers organizations to easily share objects between Secure Firewall and Multicloud Defense, reducing complexity, removing duplicative processes, and stopping the pain of maintaining yet another case of siloed operations across separate solutions.

Secure Firewall & Multicloud Defense: Secure Connectivity With Simplified Policy Across Clouds

As we continue to innovate across the Cisco Security Cloud, synergies across the network security portfolio will continue to grow. The launch of these shared capabilities between Cisco Secure Firewall and Cisco Multicloud Defense is a significant step towards converging the fabrics of best-in-class data center and cloud security to protect customers from ground to cloud.

Looking to get started? Understand your risk by signing up for our free Cloud Visibility and Risk Report. Powered by Cisco Defense Orchestrator and Cisco Multicloud Defense, our solutions run alongside your clouds to help you understand your risk with pervasive visibility into assets and connections — our experts then provide you with actionable security insights and recommendations to better protect your infrastructure.

Source: cisco.com

Friday, 10 May 2024

INFRAM24: Measuring your IT strategy and capabilities to drive adoption and improve outcomes

INFRAM24: Measuring your IT strategy and capabilities to drive adoption and improve outcomes

Measuring your IT strategy and capabilities to drive adoption and improve outcomes


The world of healthcare is constantly shifting, and technology is at the spearhead of this continuous transformation. As organizations grapple with the complexities of digital adoption, cybersecurity, and sustainable operations, HIMSS’ Infrastructure Adoption Model (INFRAM) has been updated to meet the need, and lead with data-driven insights and strategic guidance. Cisco enables healthcare leaders to use INFRAM not just as an evaluation tool, but to drive change, mitigate risks, and ensure that technology investments translate into improved care delivery and clinical outcomes.

What’s New with INFRAM


Recently, HIMSS has revised INFRAM to not just look at infrastructure capabilities but to also look at IT strategy, assess technology adoption by internal stakeholders, and measure the direct impacts of infrastructure investments on clinical outcomes and operations. It now allows organizations to understand if their infrastructure capabilities are in line with their overall goals.  This update provides a closer look at the effectiveness of technology investments and identifies opportunities for improvements.

New INFRAM Domains


The updated version of INFRAM addresses 5 crucial aspect of healthcare infrastructure:

  1. Cybersecurity: Data breaches are occurring more frequently and can have a larger effect on patient care and hospital operations than ever before, INFRAM emphasizes establishing robust cybersecurity practices, leveraging AI (Artificial Intelligence) for quick recovery, and aligning organizational efforts to minimize future risks. This domain allows organizations to understand their current capabilities in everything from network identity all the way to endpoint security.
  2. IT Management & Performance: Systematic performance support and change management are critical for adhering to service-level agreements. INFRAM assists in leveraging technology to mitigate incidents and maintain high service standards. This helps the hospital understand their current IT capabilities across transport, wireless, collaboration, and data center for everything from location services all the way to their cloud usage strategy.
  3. Adoption: Ensuring that innovative technologies are not just installed but integrated and optimized for maximum efficiency is vital. INFRAM ensures that patients, clinicians, staff, IT, and leadership reap the full benefits of technological advancements.
  4. Outcomes: Perhaps most importantly, INFRAM provides a framework that aligns IT investments with clinical, financial, and operational objectives, ensuring measurable contributions to organizational goals.
  5. Sustainability: Healthcare organizations are not exempt from the global call for environmental responsibility. INFRAM aids in developing strategies to reduce greenhouse gas emissions and carbon footprints, aligning healthcare with green initiatives.

Benefits to Healthcare Leaders


Using INFRAM, healthcare leaders can:

  • Measure Value: Adopt an evidence-based approach for investments, gain critical buy-in, and achieve recognition for outcomes.
  • Analyze Gaps: Pinpoint and address friction points in infrastructure development for tailored, strategic investments.
  • Cybersecurity Risk Planning & Mitigation: Implement a proactive, best-practice approach to cybersecurity and establish a clear plan of action in the event of breaches.
  • Build Governance and Drive Adoption: Ensure technology governance that maximizes value and supports care teams in delivering optimal outcomes.
  • Drive Alignment- INFRAM provides a structured approach to evaluate a hospital’s infrastructure and Cisco can help ensure it aligns with the organization’s goals. This allows for cohesion between the Executive, Clinical, Operation and IT teams.

INFRAM24


INFRAM is more than an assessment tool; it is a strategic ally for healthcare organizations aiming to harness the power of technology to improve patient care and operational efficiency. As healthcare continues to evolve, INFRAM offers a structured path to navigate the complexities of digital transformation with confidence and clarity.

Source: cisco.com

Thursday, 9 May 2024

Empowering Cybersecurity with AI: The Future of Cisco XDR

Empowering Cybersecurity with AI: The Future of Cisco XDR

In 2007, there was a study from the University of Maryland proving that internet-connected systems were attacked every 39 seconds on average. Today, that number has grown more than 60%. Cisco sees 64 attempts to connect to ransomware infrastructure every second. The world is becoming digitized, and hybrid, which creates an environment that criminals target with increasing sophistication. It’s too much for human-scale, and so a hybrid world requires a hybrid approach that sits between humans and machines.

Envision an AI Assistant that serves as a reliable partner for incident responders, offering precise, real-time guidance on the subsequent steps to take, tailored to the specific state of the incident at hand and allowing SOC (Security Operations Center) teams to respond faster and do more with less. I am pleased to announce the launch of the AI Assistant in XDR as a part of our Breach Protection Suite.

In our RSAC 2023 announcement, we introduced a vision of our Cisco SOC Assistant, designed to expedite threat detection and response. Today, this vision is realized and available in private preview. It enhances our Breach Protection Suite which is powered by Cisco XDR’s capabilities. It significantly speeds up investigations and responses, enabling security teams to safeguard their environments more efficiently and cost-effectively.

Assist with Information Discovery


In 2024, the global shortfall of 3.5 million security professionals, as reported by ISC2, underscores the importance of retaining and recruiting skilled personnel to counter increasingly sophisticated cyber threats and safeguard enterprises. Moreover, the lack of appropriate tools often leads to ineffective cyber risk management and professional burnout, adversely affecting staff retention and the SOC’s capacity to thwart attacks.

The AI Assistant in XDR acts as a potent enhancer, empowering SOC teams to maximize their efficiency and effectively close the personnel and skill gap. When an incident occurs, the assistant will contextualize events across email, the web, endpoints, and the network to tell the SOC analyst exactly what happened and its impact on their environment. It presents a short description of the incident that quickly answers what, when and how an incident happened. It also provides a long description of the incident which explains the timeline of events that have happened in this active incident.

Empowering Cybersecurity with AI: The Future of Cisco XDR
Figure 1: Short Description of Incident Details generated by the AI Assistant

Empowering Cybersecurity with AI: The Future of Cisco XDR
Figure 2: Long Description of Incident Details and Events Timeline

Moreover, our AI Assistant utilizes XDR’s patented ability to prioritize critical incidents, reducing alert fatigue for the SOC team and enhancing their efficiency in handling active incidents.

Empowering Cybersecurity with AI: The Future of Cisco XDR
Figure 3: Targeted Prioritization of Incidents by AI Assistant that Need Immediate Attention

Augment and Elevate SOC Teams with Best Practice Recommendations


Today’s SOCs often struggle with a fragmented technology stack, making it difficult to respond effectively to cyber threats. Alert fatigue is a major hurdle for modern SOC teams, hindering proactive threat hunting and leading to overlooked alerts and burnout. The Cisco AI Assistant comes to the rescue and jumpstarts the incident response process for a modern SOC team.

Our AI Assistant, powered by Cisco XDR the platform for Cisco’s Breach Protection Suite, synthesizes data from email, web, processes, endpoints, cloud, and network domains, offering precise action recommendations to effectively contain ongoing cyber-attacks. It works at machine scale to identify patterns and potential attacks that humans might miss because of alert fatigue, if a defender is only looking at one domain in isolation, or while trying to manually correlate data. The AI Assistant is context aware, meaning it tracks the state of the incident in real-time and generates tailored recommendations specific to that incident.

Empowering Cybersecurity with AI: The Future of Cisco XDR
Figure 4: Tailored Recommendations for an Incident by the AI Assistant

Mean Time to Detection (MTTD) and Mean Time to Respond (MTTR) are two primary metrics that SOC teams want to optimize for. Cisco XDR with our AI Assistant enables security teams to reduce these metrics by jumpstarting investigations and incident response by providing tailored recommendations for that specific incident.

Enable Seamless Collaboration Across Security Teams


The Cisco AI Assistant, embedded within XDR, facilitates team collaboration using Webex, Teams, or Slack. This empowers security teams to swiftly assemble the right experts for an active incident, thereby speeding up the MTTR. The AI Assistant unifies the team by setting up WAR rooms, summarizing messages, and logging them in XDR for instant audit-readiness.

Empowering Cybersecurity with AI: The Future of Cisco XDR
Figure 5: AI Assistant creates a Webex WAR Room and brings the right experts together for Incident Response

Automate Workflows to Neutralize Threats Across the Enterprise


Today’s SOCs often lack a cohesive technology stack to respond to cyber threats efficiently and consistently. As the IT environment grows beyond the on-premises data center to cloud, hybrid-cloud and multi-cloud country specific data centers, organizations accumulate point solutions to monitor and protect pieces of the environment. As a result, SOC analysts must do a lot of the heavy lifting required to detect and respond to an attack. This includes logging into different tools to execute workflows that contain an attack.

Our AI Assistant taps into advanced workflows and atomics with Cisco XDR’s 90+ integrations. Our AI assistant enables the execution of workflows at a single click, guided by the AI Assistant’s personalized recommendations that consider the incident’s playbook and current state in real-time.

Empowering Cybersecurity with AI: The Future of Cisco XDR
Figure 6: Execution of Automated Workflows by the AI Assistant to Contain an Incident

Gone are the days when security teams had to juggle multiple isolated products and execute workflows in each to mitigate an attack. With Cisco Breach Protection Suite, billions of security events can be correlated and recommended actions can be generated and executed all in one place. This is the transformative power of the Cisco XDR combined with Cisco’s AI Assistant revolutionizing enterprise security.

Source: cisco.com