XDR and the Importance of Cross-Domain Correlated Telemetry
It’s that time of the year again! Today kicks off the world’s largest security gathering, the RSA Conference. I’m excited to be back in person in San Francisco with so many of our customers, partners, analysts, and colleagues. As you go around the show floor this week, you’re going to see a few themes from security vendors across the industry, namely extended detection and response (XDR) and AI. And I have a prediction – XDR will actually be the talk of the show, not AI.
The reason everyone is talking about XDR is because the signal-to-noise ratio in any one domain is too low. Which sounds like it should be a good thing, but what it really means is that there isn’t enough data to correlate lateral attacks. This has resulted in point solutions being the norm in our industry. It’s been easy to adopt solutions that are specific to email, or the endpoint, or web, or network, yet organizations continue to struggle to identify attacks.
In the latest Cybersecurity Readiness Index, only 15% of organizations globally have a cybersecurity posture ‘Mature’ enough to defend against risks of a hybrid world.
So how do we solve this problem? Organizations have to start looking across these multiple domains. Relying on SIEM data or single domain analytics will only get you so far. You need to see and correlate across email, web, endpoint, and the network. And that last one – the network – is probably one of the most overlooked defense tools.
If you want to spot a lateral movement attack, you must have visibility into the network end-to-end. As Cisco and our decades of experience building secure networks, we have first-hand experience of what that level of visibility means to protection.
Cisco XDR is as close to real-time as possible. It’s dealing with very high-fidelity data. It’s looking at every mailbox, every forward, every packet, every process. Cisco XDR is focused on response, identifying attacks, and doing something about it.
If you’re ready to learn more about why cross-domain correlated telemetry is the differentiator for XDR, I encourage you to join us for our RSA Conference keynote on Monday, April 24 at 3:55pm PT. Also, join our session, Why Extended Detection & Response Must Unite Our Industry on Wednesday, April 26 at 9:30am PT. Or stop by one of our booths in both the North and South halls (North Expo, Cisco Booth N-5845 / South Expo, Cisco Booth S-1027).
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Instagram
Facebook
Twitter
LinkedIn
Share: