Cisco brings ransomware protection to XDR SaaS package

Cisco has added ransomware detection and recovery support to its recently unveiled Extended Detection and Response (XDR) system.

The new features target recovery from ransomware attacks and come courtesy of integration with Cohesity’s DataProtect and DataHawk offerings which offer configurable ransomware recovery and rescue support for systems assigned to a protection plan. Cohesity’s platform can preserve potentially infected virtual machines for forensic investigation and protect enterprise workloads from future attacks.

Cisco said that the exponential growth of ransomware and cyber extortion has made a platform approach crucial to effectively counter adversaries.  It also noted that during the second quarter of 2023, the Cisco Talos Incident Response team responded to the highest number of ransomware engagements in more than a year.

The idea of integrating Cohesity ransomware features with its now available XDR platform, is to help Security Operations Center (SOC) teams automatically detect, snapshot, and restore business-critical data at the very first signs of a ransomware outbreak; often before it has had a chance to move laterally through the network to reach the high–value assets, wrote AJ Shipley, vice president of Customer Experience Product Management with Cisco in a blog about the Cohesity integration.

Cohesity is very familiar with Cisco recently stating the vendor’s share over 460 joint customers. The companies recently announced that Cohesity’s Cohesity Cloud Services package will be sold by Cisco channel partners later this year.

Cohesity Cloud Services include data security and management as well as threat defense, data isolation and backup/recovery.  The package can be hosted on services such as Microsoft Azure and Amazon Web Services (AWS).

Cisco’s XDR service brings together myriad Cisco and third-party security products to control network access, analyze incidents, remediate threats, and automate response all from a single cloud-based interface. The offering gathers six telemetry sources that SOC operators say are critical for an XDR solution: endpoint, network, firewall, email, identity, and DNS, Cisco stated.

The idea is to enable security teams in real time, detect threats and remediate them before they have a chance to cause significant damage to the network and business, Cisco stated.

The XDR platform includes support for a variety of third party products including  Microsoft Defender for Endpoint and Office, Palo Alto Networks Cortex XDR and its Next-Generation Firewall, Trend Micro Vision One, SentinelOne Singularity, and ExtraHop Reveal. The service also supports security information and event management (SIEM) systems including Microsoft Sentinel Zero Trust and Access Management. 

XDR platforms are the most current attempt at an all-in-one detection-and-response platform, industry experts say.  In a recent webinar, Christopher Steffen, research director for Enterprise Management Associates defined XDR as a cybersecurity solution that:

• Integrates with existing and future security and operations tools
• Provides in-depth insights and reporting to technicians and decisionmakers
• Streamlines security operations across users, endpoints, data, networks, cloudresources, applications and other workloads
• Applies analytics and automation to detect, analyze, hunt, and mitigate threats.

“XDR solutions are in line to replace underperforming legacy security solutions. But it isn’t always because a solution is underperforming, solution complexity, deployment and maintenance, and resource requirements are important factors,” Steffen  said.  “If an XDR solution can easily supplant these solutions and about 1/3 of the annual cost, security leaders are forced to pay attention.”

Technology leaders are looking for an XDR solution to mimic the capabilities of the solutions that they are looking to replace, namely SIEM and security orchestration, automation and response (SOAR), solutions. XDR takes the core capabilities of SIEM and SOAR solutions and provides those insights in a simple and easy manner to digest, Steffen said.

“For many organizations, having a simpler and less expensive XDR solution to achieve those same capabilities is likely the right decision,” Steffen said.   

“It is not enough to just point out threats and low-level attacks: organizations are looking to their XDR solution to provide advanced insights into the threat landscape,” Steffen said.   “Organizations looking to evaluate and deploy an XDR solution would do well to make the vendor prove these core capabilities – not just as a point in time, but from a tactical and long-term perspective.”