Cisco is introducing automated recovery into the ransomware response process of its Cisco Extended Detection and Response (XDR) solution.
In what Cisco describes as AI-powered “first-of-its-kind capabilities”, the vendor significantly enhances its XDR offering by adding near real-time recovery for company operations after a ransomware attack.
The update marks Cisco’s next stage in building towards a fully secure Cisco Security Cloud — a unified, AI-powered, cross-domain security platform.
Jeetu Patel, Executive Vice President and General Manager of Security and Collaboration at Cisco, commented:
The exponential growth of ransomware and cyber extortion has made a platform approach crucial to effectively counter adversaries. Our objective is to build a resilient and open cybersecurity platform that can withstand ransomware assaults and recover with minimal impact, ensuring uninterrupted business operations.”
Cisco XDR was first launched at the RSA Conference this year, providing comprehensive telemetry and visibility across the network and its endpoints. The XDR’s functionality has been dramatically enhanced by minimising the critical time between the beginnings of a ransomware outbreak and capturing a snapshot of business-critical information to almost zero. Cisco XDR empowers new, unprecedented degrees of business continuity.
“As a global infrastructure provider that built the network, Cisco is redefining what a security product should deliver,” Patel added. “Our innovations with automated ransomware recovery are a significant step towards achieving truly unified detection and response data, turning security insights into action.”
Cisco’s Talos Incident Response (IR) team trialled the solution during the second quarter of 2023. They responded to the highest number of ransomware engagements in more than a year. The new features in Cisco XDR enable Security Operations Center (SOC) teams to automatically detect, snapshot, and restore the business-critical data at the initial signs of a ransomware attack. This means SOC teams can even isolate the attack before it moves laterally through the network to find high-value data.
Exciting New Third-Party XDR Integrations Around Data Backup and Recovery
Cisco is also expanding its set of third-party XDR integrations to encompass industry-leading infrastructure and enterprise data backup and recovery businesses, with Cisco announcing a partnership with Cohesity and its DataProtect and DataHawk solutions.
“Cybersecurity is a board-level concern, and every CIO and CISO is under pressure to reduce risks posed by threat actors. To this end, Cisco and Cohesity have partnered to help enterprises around the world strengthen their cyber resilience,” explained Sanjay Poonen, CEO and President, Cohesity. “Our first-of-its-kind proactive response is a key piece of our data security and management vision, and we’re excited to bring these capabilities to market first with Cisco.”
For systems assigned to a Cohesity protection plan, its products offer configurable recovery points and mass recovery. Cisco XDR’s new features enhance that core feature set by preserving possibly infected virtual machines for forensic investigation while securing data and workloads in the rest of the environment.
Cohesity’s engineers collaborated with Cisco technical teams to adapt data protection policies to give businesses a more assertive security posture. This expands Cisco XDR’s detection, correlation, and integrated response functionalities for customers to benefit from the rapid response for data protection and automated recovery.
Cisco’s Security Focus in 2023
Cisco has recently announced a variety of security-conscious partnerships and launches.
June’s Cisco Live featured a variety of security-based announcements, including additions to Cisco Security Cloud and a solution for secure leveraging of AI products and features.
Cisco previewed new generative AI capabilities to streamline security policy management and bolster threat response to deliver on its Security Cloud ambition. Cisco AI and machine learning investments plan on empowering security staff by simplifying operations and increasing effectiveness.
The Cisco Security Cloud will leverage a generative AI Policy Assistant to address the issue of security policy management complexity. The Security Cloud will enable security and IT admins to produce detailed security policy prompts and assess how to best establish them across every corner aspect of a business’s security infrastructure.
A new Cisco security service edge (SSE) solution was also revealed at Cisco Live. The Cisco Secure Access offering intends to support better hybrid work experiences and simplify access across any location, device, and application.
Cisco Secure Access offers a standard user access experience, delivering simple access to all applications and resources by smartly and securely steering traffic to private and public destinations. The service simplifies security operations by collating multiple functions into one easy-to-use solution that protects all traffic. It also provides analysis to improve threat detection and response investigations and blocking, supported by Cisco Talos’s AI-driven threat intelligence.
In May, Spectrum Enterprise partnered with Cisco to enhance business cybersecurity solutions. Spectrum introduced Secure Access with Cisco Duo and Cloud Security with Cisco+ Secure Connect to its suite. The ambition was to allow businesses to provide secure and simple ways for employees and stakeholders to access business-sensitive information and applications on private networks and public clouds.
In April, Cisco sought to address national security concerns by announcing it was adding air-gapping to Webex in 2024. Cisco’s Webex for Government air-gapping solution will establish a U.S.-based cloud environment isolated from public networks and operated by local staff with specific security authorizations to access sensitive data.
from UC Today https://ift.tt/GMx0vUH
0 Comments