Cisco has added ransomware detection and recovery support to its recently unveiled Extended Detection and Response (XDR) system.
Ransomware is a type of malicious software that encrypts the end user’s device and data and demands a ransom for its decryption. Ransomware attacks can cause considerable damage to businesses and organisations, disrupting their operations and compromising their data. To combat this threat, Cisco has now introduced a new solution that integrates with their new Extended Detection and Response (XDR) solution with Cohesity’s DataProtect and DataHawk offerings.
Cisco’s XDR system is a cloud-based platform that combines multiple security products and telemetry sources to detect, analyse, and respond to threats across the network and endpoints. As Cisco announced the General Availability of their XDR platform, they also announce that they have added ransomware detection and recovery support to their XDR system, enabling Security Operations Center (SOC) teams to automatically protect and restore business-critical data in the event of a ransomware attack.
This feature is made possible by integrating Cisco’s XDR system with Cohesity’s DataProtect and DataHawk offerings, which are well established and trusted, infrastructure and enterprise data backup and recovery solutions. These provide configurable recovery points and mass recovery for systems assigned to a protection plan and can preserve potentially infected virtual machines for forensic investigation and protect enterprise workloads from future attacks.
Cisco said that the exponential growth of ransomware and cyber extortion has made a platform approach crucial to effectively counter adversaries. It also noted that during the second quarter of 2023, the Cisco Talos Incident Response team responded to the highest number of ransomware engagements in more than a year.
The integration of Cisco’s XDR system and Cohesity’s solutions is designed to help Security Operations Centre (SOC) teams and IT to automatically detect, snapshot, and restore business-critical data at the very first signs of a ransomware outbreak; often before it has had a chance to move laterally through the network to reach the high–value assets.
In the announcement, Cisco and Cohesity said that they already have a long-standing partnership, with over 460 joint customers. Cisco have said that the Cohesity Cloud Services package will also be able to be sold by their Cisco channel partners like Cisilion later in 2023. The Cohesity Cloud Services include data security and management as well as threat defense, data isolation and backup/recovery. Cisco have also said that the software can be deployed and hosted on both Microsoft Azure and Amazon Web Services (AWS) via their marketplaces.
This brings more features to Cisco’s XDR service (a competitive landscape where they compete against the likes of Microsoft, Sentinel One and Palo Alto) and brings together a myriad first-party Cisco, and third-party security products to control network access, analyse incidents, remediate threats, and automate response all from a single cloud-based interface. The offering gathers six telemetry sources that SOC operators say are critical for an XDR solution: endpoint, network, firewall, email, identity, and DNS, Cisco stated in the announcement.
Part of Cisco’s growing Security Portfolio
The Cisco Security portfolio is a comprehensive set of solutions that work together to provide seamless interoperability with your security infrastructure, including third-party technologies. Their growing portfolio covers various aspects of security, such as network security, user and endpoint protection, cloud edge, advanced malware protection, email security, web security and workload security. The Cisco XDR system is part of this portfolio and integrates with other Cisco products and services to detect, analyse, and respond to threats across the network and endpoints.
Cisco XDR system can leverage the threat intelligence from Cisco Talos – the cloud-based platform known as Cisco SecureX, as well as the backup and recovery solutions from Cohesity to provide a powerful and proactive defense against ransomware and other advanced threats. Cisco XDR system also supports third-party integrations with other security vendors, including Microsoft, Splunk and many others.
Cisco have, and continue to invest heavily in their end-to-end security portfolio and their XDR solution (as of December 2022) is on the cusp of moving into the Leaders Quadrant in the Gartner Magic Quadrant for Endpoint Protection.
Cisco's XDR play competes against other industry leading XDR vendors including Sentinel One Microsoft Defender, Crowdstrike Falcon, Palo Alto Cortex XDR and Trend Micro Vision One.
Cisco are on the verge of become a leader in the Gartner Magic Quadrant for Endpoint Protection.
Conclusion
Ransomware is a serious threat that requires a comprehensive and proactive solution. Cisco’s XDR system, integrated with Cohesity’s DataProtect and DataHawk offerings, provides a powerful way to detect, prevent, and recover from ransomware attacks.
For organisations with a fragmented security portfolio and those heavily invested in Cisco infrastructure, Cisco’s XDR can be an excellent choice for organisations that need to increase visibility and simplify the detection and remediation time with the integration of XDR with the rest of their Cisco Security portfolio – enhancing the visibility, automation, and effectiveness of security operations.