An expansive collaboration strategy for extended discovery and response (XDR) enables enterprises to leverage the complete capabilities of their security environments. This open strategy gives security analysts the flexibility to utilize the finest tools and access the top information to safeguard their specific setups. This not only enhances team effectiveness but also the pace at which they can respond to potential risks and minimizes residence time. Cisco XDR excels in this domain by offering unparalleled integration features not only with Cisco solutions but a wide range of third-party utilities. This is an ongoing effort that necessitates consistent planning and implementation from dedicated product management and development teams, introducing new and enhancing existing integrations.
Up to now, there has been substantial demand for this strategy and over 900 organizations globally are now employing Cisco XDR to safeguard the integrity of their IT infrastructure. One of the reasons for this widespread appeal is that we engage security practitioners where they are, granting them the utmost value from the individuals and the tools they already possess. This capability is, naturally, based on our capacity to collaborate with those tools, irrespective of the vendor.
In the latest six months, Cisco XDR has incorporated or considerably improved 21 integrations with items from Cisco and ten distinct third-party technical partners, exchanging telemetry and security detections while boosting interoperability to provide potent results in minutes rather than days.
The fresh integrations are mainly aligned with five product areas – Endpoint Detection and Response (EDR), Email Threat Defense, Network Detection and Response (NDR), Next-Generation Firewall (NGFW), and Security Information and Event Management (SIEM) – that are essential for Security Operations Center (SOC) operators. They also cover other critical security and collaboration tools to enhance the understanding of security operators and incident responders while amplifying team effectiveness and reducing residence time. The features these integrations bring to Cisco XDR include:
- Event Detection — In case the tool captures system or network telemetry or identifies security-critical activities or incidents, Cisco XDR can absorb that data into the analysis data pool or incorporate those identifications into the customer’s collective incident queue, enabling the threat to be neutralized utilizing the complete range of Cisco XDR’s incident response tools.
- Security Measures and Response — If the tool directs access to systems, networks, data, or other organizational resources, Cisco XDR empowers responders and operators to leverage those functionalities to defend those resources from known and unknown threats, both reactively and proactively (e.g. initiating a rule-setting on a firewall by clicking a button in Cisco XDR that blocks an IP).
- Threat Examination — If the tool possesses information about threat elements, whether collected from within the customer environment (e.g. DNS logs demonstrating communication with a recognized C&C) or from threat intelligence utilities such as a malware sandbox or botnet tracker (e.g. discovering the specifics of the malware likely originating the connection), Cisco XDR can incorporate that data. This can be crucial for an organization’s necessity to be informed about present and potential future threats in meaningful ways to stimulate optimal defenses.
- Cooperation — If the team is presently utilizing any of the leading chat or collaboration tools, Cisco XDR can engage or even build channels to announce information about fresh or updated incidents and can even receive commands and exhibit the outcomes via those channels.
- Automation — All the aforementioned security outcomes, and more, can be harnessed by Cisco XDR in both automated and semi-automated manners to expedite response times to various threats and conditions.
All these crucial roles are executed by every SOC. Cisco XDR assists these teams in making superior use of the tools driving those roles by supplying a universal framework from which to exploit the distinct contributions of each product. The greater number of tools our customers can leverage in that framework, the smoother and quicker their performance will be.
Transparent > Indigenous
Due to this fact, ever since the beginning, Cisco XDR has followed a Transparent XDR philosophy, or to be more exact, Hybrid XDR. Given Cisco’s extensive selection of top-notch security utilities, we could have gone the Native XDR path and mandated customers to purchase the Cisco stack to realize any reasonable level of XDR benefits. However, that would not be in the best interests of customers who pursue a superior approach, appreciate vendor diversity, or are shifting to Cisco security suites but wish to avail the benefits of XDR immediately.
Cisco XDR has open and well-documented protocols founded on industry standards. We possess open and well-documented RESTful APIs with API prototyping tools integrated into the product. Our objective is not only to provide a wide assortment of out-of-the-box integrations but also to enable our partners and customers to easily include their own integrations, rendering their products and even customized in-house tools XDR-capable.
Boost Momentum with High Confidence
For this purpose, last year we launched a program for Cisco Validated integrations. These integrations are formulated by accredited Cisco partners to introduce their products into the Cisco XDR ecosystem and are verified by Cisco XDR Engineering and Quality Assurance teams prior to release. You can view the origin details of all integrations on the Administration/Integrations page.
Partially steered by the effectiveness emanating from these capabilities, the recent list of new or enhanced Cisco XDR integrations comprises some integrations penned by Cisco, and some by our partners. The releases in the first half of the Cisco fiscal year (August 2024 to January 2025) include:
- App, Identification, and Device Management: Cisco Secure Access, Jamf Pro, Microsoft Intune
- Cloud Discovery and Response: Cisco Secure DDoS Protection, Cisco Secure WAF
- EDR: SentinelOne Singularity
- Email Security: Microsoft Defender for Office365
- Enterprise Backup: Rubrik
- IT Service Management (ITSM): ServiceNow
- NDR: Cisco Secure Network Analytics, NETSCOUT Omnis Cyber Intelligence (OCI)
- NGFW: Cisco Meraki MX, Palo Alto Networks
- SIEM: Cisco Splunk Cloud
- Weakness Management: Cisco Weakness Management (CVM) — formerly Kenna
- Other: Endace, our first integration with a packet capture product
Stay tuned for forthcoming declarations regarding more integrations, including from Safe Security and many more!
For further details on the existing list of supported integrations, visit the Cisco XDR Integrations page.
If your cybersecurity firm wishes to create an integration with Cisco XDR, kindly reach out to the alliance team at partnering-csta@cisco.com.
We’d be delighted to know your thoughts. Ask a Query, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Security Social Channels
Instagram
Facebook
Twitter
LinkedIn
About Author
