Cisco XDR: Open Ecosystem Accelerated at Black Hat Events
Cisco XDR is an Open Platform
Cisco XDR turns one year old this week, and it is a good time to share the backstory of how we developed relationships and alliances with “competitors” to have the open ecosystem of today.
The story begins in the Black Hat Network Operations Center, which provides a high security, high availability network in one of the most demanding environments in the world – the Black Hat event. This is accomplished with the help of best of breed solutions providers and seasoned security and engineering teams led by Black Hat’s NOC Team Leads. The Security Operations Center is within the NOC.
This is our eighth year supporting Black Hat USA. Cisco is the Official Mobile Device Management, Malware Analysis and DNS (Domain Name Service) Provider. We work with other official providers to bring the hardware, software and engineers to build and secure the network, for our joint customer Black Hat: Arista, Corelight, Lumen, NetWitness and Palo Alto Networks.
The NOC Team Leads allow Cisco (and the other NOC partners) to bring in additional software to make our internal work more efficient and have greater visibility; however, Cisco is not the official provider for Extended Detection & Response, Network Detection & Response or Collaboration. The Cisco team brings the Breach Protection Suite, including:
- Cisco XDR: Threat Hunting / Threat Intelligence Enrichment / Executive dashboards / Automation with Webex
- Cisco XDR Analytics (Formerly Secure Cloud Analytics / Stealthwatch Cloud): network traffic visibility and threat detection
It Started at Black Hat
While working side-by-side with the Palo Alto Networks engineers year after year deployed to Singapore, London and Las Vegas, we developed trust and the desire to work closer together and build more integrations between the products in the NOC/SOC. A reporter with The Register toured the Black Hat USA 2023 NOC and wrote an article about this close collaboration between partners. The working relationship with Palo Alto Networks opened doors with Check Point and Fortinet, as we publicly demonstrated our commitment to cooperation in the SOC.
The Black Hat experiences expanded into building the RSA Conference SOC. During his keynote at RSAC 2022, Cisco Security Executive VP and GM Jeetu Patel stated, “We all know this is a hypercompetitive industry. But beating competitors is nowhere near as important as stopping the bad actors. Collectively, we can work together to defeat our real adversaries.” We implement this challenge everyday with Cisco XDR.
We took our experiences at Black Hat and RSAC SOC to the National Football League SOC for the Super Bowl and Draft. Protecting these large events required cooperation with companies such as Microsoft and CrowdStrike, now two of the most robust integration partners with Cisco XDR. We took those skills and technology integrations to Paris, actively protecting the Paris 2024 Games today.
We engaged other industry leaders, including SentinelOne, Trend Micro, Cybereason, Darktrace and Proofpoint; building relationships and integrations with Cisco XDR.
New Palo Alto Networks (and other) Integrations
From proof-of-concept connections at Black Hat, we took these ideas and built them into the XDR product. The most recent additions include Cisco Meraki MX, Cisco Umbrella DNS detections and now Palo Alto Networks firewall.
Recent and upcoming third-party integration additions include:
- Detections and Incident Generation
- Palo Alto Cortex-enabled Next-Generation Firewall
- Microsoft Defender for Office 365
- Proofpoint Threat Protection
- Threat Investigation
- Palo Alto Cortex-enabled Next-Generation Firewall
- Check Point Quantum
- Microsoft Defender for Office 365
- Workflows
- Palo Alto Networks Panorama – Add IP, Domain, or URL to Group or Category
- This workflow appears in the pivot menu and allows you to add a URL, IP, or domain name to a group or category in Palo Alto Networks Panorama.
- Jira Cloud, Xmatters, ZenDesk
- These workflows allow SOCs/NOCs to collaborate more effectively using the team collaboration tools they already have
- Elastic
- Integrations with SIEMs and data storage apps allow for long-term retention of incident history for compliance and policy purposes
- Palo Alto Networks Panorama – Add IP, Domain, or URL to Group or Category
- Asset Insights
- Automated Ransomware Recovery
New Integration Opportunities
Cisco Partners can publish their own integrations in the Cisco XDR Integrations “Exchange”, with our new Verified Integrations Program. Some of the first integrations brought to XDR by participants in this program are:
- Threat Investigation
- Red Sift Pulse
- Bastille Networks
- Radware Cloud WAF Service
- Radware Cloud DDoS Protection Service
- Signal Sciences Next-Gen WAF
- Workflows
- Radware Cloud DDoS Protection Service
- Rubrik Security Cloud
If you have a product that you want to make Cisco XDR compatible, email our Cisco Security Technical Alliance at partnering-csta@cisco.com
Check Out the NOC and SOC Dashboards at Black Hat
While you are at Black Hat USA, plan to visit the Cisco Booth, 7-8 August, where you can speak with one of the engineers from the Black Hat SOC inside the Network Operations Center and check out the Cisco XDR and ThousandEyes dashboards up close.
You can also attend a scheduled NOC Presentation to learn more about the technology partners who come together to build and protect the Black Hat network:
- Wednesday, August 7:
- 10:20 AM – 10:50 AM in Lagoon G, Level 2
- 4:45 PM – 5:35 PM in Business Hall Theater E
- Thursday, August 8:
- 10:20 AM – 10:50 AM in Lagoon G, Level 2
- 2:35 PM – 3:25 PM in Business Hall Theater E
Be sure to attend the 10th Annual Black Hat USA Network Operations Center (NOC) Report, afternoon of Thursday, August 8, 3:20pm-4:00pm (Oceanside A, Level 2).
We are excited for the 2nd year of Cisco XDR innovation, accelerating the evolution of the SOC of the Future. We will continue to build upon the lessons learned and relationships developed at Black Hat events globally.
About Black Hat
Black Hat is the cybersecurity industry’s most established and in-depth security event series. Founded in 1997, these annual, multi-day events provide attendees with the latest in cybersecurity research, development, and trends. Driven by the needs of the community, Black Hat events showcase content directly from the community through Briefings presentations, Trainings courses, Summits, and more. As the event series where all career levels and academic disciplines convene to collaborate, network, and discuss the cybersecurity topics that matter most to them, attendees can find Black Hat events in the United States, Canada, Europe, Middle East and Africa, and Asia. For more information, please visit www.blackhat.com.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!
Cisco Security Social Channels
Instagram
Facebook
Twitter
LinkedIn
Share: