Cisco XDR: Open Ecosystem Accelerated at Black Hat Events


Cisco XDR is an Open Platform

Cisco XDR turns one year old this week, and it is a good time to share the backstory of how we developed relationships and alliances with “competitors” to have the open ecosystem of today.

The story begins in the Black Hat Network Operations Center, which provides a high security, high availability network in one of the most demanding environments in the world – the Black Hat event. This is accomplished with the help of best of breed solutions providers and seasoned security and engineering teams led by Black Hat’s NOC Team Leads. The Security Operations Center is within the NOC.

Cisco XDR at the Black Hat USA 2023 NOC/SOC

This is our eighth year supporting Black Hat USA. Cisco is the Official Mobile Device Management, Malware Analysis and DNS (Domain Name Service) Provider. We work with other official providers to bring the hardware, software and engineers to build and secure the network, for our joint customer Black Hat: Arista, Corelight, Lumen, NetWitness and Palo Alto Networks.

The NOC Team Leads allow Cisco (and the other NOC partners) to bring in additional software to make our internal work more efficient and have greater visibility; however, Cisco is not the official provider for Extended Detection & Response, Network Detection & Response or Collaboration. The Cisco team brings the Breach Protection Suite, including:

  • Cisco XDR: Threat Hunting / Threat Intelligence Enrichment / Executive dashboards / Automation with Webex
  • Cisco XDR Analytics (Formerly Secure Cloud Analytics / Stealthwatch Cloud): network traffic visibility and threat detection
Integrations at Black Hat Asia SOC in the NOC, to be implemented at Black Hat USA 2024

It Started at Black Hat

While working side-by-side with the Palo Alto Networks engineers year after year deployed to Singapore, London and Las Vegas, we developed trust and the desire to work closer together and build more integrations between the products in the NOC/SOC. A reporter with The Register toured the Black Hat USA 2023 NOC and wrote an article about this close collaboration between partners. The working relationship with Palo Alto Networks opened doors with Check Point and Fortinet, as we publicly demonstrated our commitment to cooperation in the SOC.

The Black Hat experiences expanded into building the RSA Conference SOC. During his keynote at RSAC 2022, Cisco Security Executive VP and GM Jeetu Patel stated, “We all know this is a hypercompetitive industry. But beating competitors is nowhere near as important as stopping the bad actors. Collectively, we can work together to defeat our real adversaries.” We implement this challenge everyday with Cisco XDR.

Tour at the RSAC 2024 Security Operations Center

We took our experiences at Black Hat and RSAC SOC to the National Football League SOC for the Super Bowl and Draft. Protecting these large events required cooperation with companies such as Microsoft and CrowdStrike, now two of the most robust integration partners with Cisco XDR. We took those skills and technology integrations to Paris, actively protecting the Paris 2024 Games today.

We engaged other industry leaders, including SentinelOne, Trend Micro, Cybereason, Darktrace and Proofpoint; building relationships and integrations with Cisco XDR.

New Palo Alto Networks (and other) Integrations

From proof-of-concept connections at Black Hat, we took these ideas and built them into the XDR product. The most recent additions include Cisco Meraki MX, Cisco Umbrella DNS detections and now Palo Alto Networks firewall.

Recent and upcoming third-party integration additions include:

  • Detections and Incident Generation
    • Palo Alto Cortex-enabled Next-Generation Firewall
    • Microsoft Defender for Office 365
    • Proofpoint Threat Protection
  • Threat Investigation
    • Palo Alto Cortex-enabled Next-Generation Firewall
    • Check Point Quantum
    • Microsoft Defender for Office 365
  • Workflows
    • Palo Alto Networks Panorama – Add IP, Domain, or URL to Group or Category
      • This workflow appears in the pivot menu and allows you to add a URL, IP, or domain name to a group or category in Palo Alto Networks Panorama.
    • Jira Cloud, Xmatters, ZenDesk
      • These workflows allow SOCs/NOCs to collaborate more effectively using the team collaboration tools they already have
    • Elastic
      • Integrations with SIEMs and data storage apps allow for long-term retention of incident history for compliance and policy purposes
  • Asset Insights
  • Automated Ransomware Recovery

New Integration Opportunities

Cisco Partners can publish their own integrations in the Cisco XDR Integrations “Exchange”, with our new Verified Integrations Program. Some of the first integrations brought to XDR by participants in this program are:

  • Threat Investigation
    • Red Sift Pulse
    • Bastille Networks
    • Radware Cloud WAF Service
    • Radware Cloud DDoS Protection Service
    • Signal Sciences Next-Gen WAF
  • Workflows
    • Radware Cloud DDoS Protection Service
    • Rubrik Security Cloud

If you have a product that you want to make Cisco XDR compatible, email our Cisco Security Technical Alliance at partnering-csta@cisco.com

Check Out the NOC and SOC Dashboards at Black Hat

While you are at Black Hat USA, plan to visit the Cisco Booth, 7-8 August, where you can speak with one of the engineers from the Black Hat SOC inside the Network Operations Center and check out the Cisco XDR and ThousandEyes dashboards up close.

Cisco XDR Dashboard – Black Hat USA 2023

You can also attend a scheduled NOC Presentation to learn more about the technology partners who come together to build and protect the Black Hat network:

  • Wednesday, August 7:
    • 10:20 AM – 10:50 AM in Lagoon G, Level 2
    • 4:45 PM – 5:35 PM in Business Hall Theater E
  • Thursday, August 8:
    • 10:20 AM – 10:50 AM in Lagoon G, Level 2
    • 2:35 PM – 3:25 PM in Business Hall Theater E

Be sure to attend the 10th Annual Black Hat USA Network Operations Center (NOC) Report, afternoon of Thursday, August 8, 3:20pm-4:00pm (Oceanside A, Level 2).

The 9th Annual Black Hat USA NOC Report 2023

We are excited for the 2nd year of Cisco XDR innovation, accelerating the evolution of the SOC of the Future. We will continue to build upon the lessons learned and relationships developed at Black Hat events globally.

About Black Hat

Black Hat is the cybersecurity industry’s most established and in-depth security event series. Founded in 1997, these annual, multi-day events provide attendees with the latest in cybersecurity research, development, and trends. Driven by the needs of the community, Black Hat events showcase content directly from the community through Briefings presentations, Trainings courses, Summits, and more. As the event series where all career levels and academic disciplines convene to collaborate, network, and discuss the cybersecurity topics that matter most to them, attendees can find Black Hat events in the United States, Canada, Europe, Middle East and Africa, and Asia. For more information, please visit www.blackhat.com.


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels

Instagram
Facebook
Twitter
LinkedIn

Share:





Source link