Cisco, a leading networking and security technology vendor, has made progress towards achieving its vision of a unified, AI-driven, cross-domain security platform called Cisco Security Cloud. This platform is designed to help organizations defend the integrity of their entire IT environment with the help of Cisco's new XDR solution and improved Duo MFA capabilities.



Cisco's XDR approach combines its extensive experience and endpoint visibility into a single, fully functional, risk-based solution that enables security operations centers (SOCs) to rapidly investigate and eliminate threats. This cloud-first solution uses analytics to prioritize detections and automate processes, allowing SOC teams to react to attacks and take appropriate action.

By natively analyzing and combining six telemetry sources, including endpoint, network, firewall, email, identity, and DNS, Cisco XDR provides process-level awareness of the point at which the endpoint and the network converge. It produces results in minutes, unlike traditional Security Information and Event Management (SIEM) technology, which takes days to assess log-centric data.

Moreover, Cisco XDR offers interoperability, data exchange, and consistent results independent of vendor or technology by integrating with leading third-party suppliers. At the time of general release, the following integrations will be available out of the box:

- Microsoft Defender ATP
- Splunk
- Elastic Stack
- IBM QRadar
- McAfee ESM
- ServiceNow Security Operations.

Several solutions are available to provide security for different aspects of an organization's IT environment. Endpoint Detection and Response (EDR), Next-Generation Firewall (NGFW), Network Detection and Response (NDR), and Security Information and Event Management (SIEM) are all viable options provided by companies like Palo Alto Networks, Trend Vision One, CrowdStrike Falcon Insight XDR, Cybereason Endpoint Detection and Response, Microsoft Defender for Endpoint, Check Point Quantum, and Email Threat Defense.

Trend Micro's Senior Vice President of Global Services and Customer Success, Mike Gibson, stated that their vision for XDR is to deliver a comprehensive, consolidated view of customers' security posture. The integration of Trend Micro with Cisco XDR represents a significant step forward in cybersecurity, where both solutions can offer a unified approach to expanding telemetry insights and gaining a greater perspective of the security environment. This enables organizations to detect threats faster and respond more effectively.

According to Jesse Rothstein, Chief Technology Officer and Co-Founder of ExtraHop, partnering with Cisco offers enterprises an opportunity to integrate ExtraHop's high-fidelity detections with network decryption and support for more than 80 protocols with log and endpoint solutions to streamline investigations. As organizations recognize the network as the primary source for cybertruth, they can benefit from integrating ExtraHop's solution with other best-of-breed products for a more comprehensive view of their IT environments.

Cisco's Extended Detection and Response (XDR) solution and Duo Multi-Factor Authentication (MFA) are both key components of an IT environment that aims to enhance security and protect against threats.

Cisco's XDR solution is a comprehensive security platform that leverages advanced analytics and automation to detect, investigate, and respond to potential cyber threats across an entire network. It collects and correlates data from various sources, such as endpoint devices, network infrastructure, cloud environments, and even threat intelligence feeds, to provide a holistic view of the security landscape. This allows for the detection of sophisticated attacks that may go unnoticed by traditional security measures. XDR also enables security teams to respond effectively by providing actionable insights and automating response actions.

On the other hand, Duo MFA is a multi-factor authentication solution developed by Cisco's Duo Security. It adds an extra layer of security to the login process by requiring users to provide multiple forms of identification before granting access to systems or applications. This typically involves something the user knows (e.g., a password), something they have (e.g., a smartphone), or something they are (e.g., biometric authentication). By implementing Duo MFA, organizations can significantly reduce the risk of unauthorized access, even if an attacker manages to obtain a user's password.

Together, Cisco's XDR and Duo MFA provide a robust security framework for IT environments. XDR helps identify and respond to potential threats proactively, while Duo MFA ensures that only authorized individuals gain access to critical resources. This combination strengthens an organization's overall security posture and reduces the likelihood of successful attacks.

The marriage of Cisco's XDR and Duo MFA in an IT environment is a classic example of "security theater" – a lot of flash, but questionable substance. XDR's reliance on data aggregation and analysis can lead to alert fatigue, while Duo MFA's additional authentication step can introduce friction, potentially hindering user productivity.

Moreover, the integration of these two solutions may create new vulnerabilities, such as increased attack surfaces and potential single points of failure. It's crucial to reassess the actual security benefits and weigh them against the potential drawbacks and costs.