Cisco XDR uses Cohesity to help protect your org from ransomware

Cisco has added ransomware detection and recovery support to its recently unveiled Extended Detection and Response (XDR) system.

Ransomware is a type of malicious software that encrypts the end user’s device and data and demands a ransom for its decryption. Ransomware attacks can cause considerable damage to businesses and organisations, disrupting their operations and compromising their data. To combat this threat, Cisco has now introduced a new solution that integrates with their new Extended Detection and Response (XDR) solution with Cohesity’s DataProtect and DataHawk offerings.

Cisco’s XDR system is a cloud-based platform that combines multiple security products and telemetry sources to detect, analyse, and respond to threats across the network and endpoints. As Cisco announced the General Availability of their XDR platform, they also announce that they have added ransomware detection and recovery support to their XDR system, enabling Security Operations Center (SOC) teams to automatically protect and restore business-critical data in the event of a ransomware attack.

This feature is made possible by integrating Cisco’s XDR system with Cohesity’s DataProtect and DataHawk offerings, which are well established and trusted, infrastructure and enterprise data backup and recovery solutions. These provide configurable recovery points and mass recovery for systems assigned to a protection plan and can preserve potentially infected virtual machines for forensic investigation and protect enterprise workloads from future attacks.

Cisco said that the exponential growth of ransomware and cyber extortion has made a platform approach crucial to effectively counter adversaries. It also noted that during the second quarter of 2023, the Cisco Talos Incident Response team responded to the highest number of ransomware engagements in more than a year.

The integration of Cisco’s XDR system and Cohesity’s solutions is designed to help Security Operations Centre (SOC) teams and IT to automatically detect, snapshot, and restore business-critical data at the very first signs of a ransomware outbreak; often before it has had a chance to move laterally through the network to reach the high–value assets.

In the announcement, Cisco and Cohesity said that they already have a long-standing partnership, with over 460 joint customers. Cisco have said that the Cohesity Cloud Services package will also be able to be sold by their Cisco channel partners like Cisilion later in 2023. The Cohesity Cloud Services include data security and management as well as threat defense, data isolation and backup/recovery. Cisco have also said that the software can be deployed and hosted on both Microsoft Azure and Amazon Web Services (AWS) via their marketplaces.

This brings more features to Cisco’s XDR service (a competitive landscape where they compete against the likes of Microsoft, Sentinel One and Palo Alto) and brings together a myriad first-party Cisco, and third-party security products to control network access, analyse incidents, remediate threats, and automate response all from a single cloud-based interface. The offering gathers six telemetry sources that SOC operators say are critical for an XDR solution: endpoint, network, firewall, email, identity, and DNS, Cisco stated in the announcement.

Part of Cisco’s growing Security Portfolio

The Cisco Security portfolio is a comprehensive set of solutions that work together to provide seamless interoperability with your security infrastructure, including third-party technologies. Their growing portfolio covers various aspects of security, such as network security, user and endpoint protection, cloud edge, advanced malware protection, email security, web security and workload security. The Cisco XDR system is part of this portfolio and integrates with other Cisco products and services to detect, analyse, and respond to threats across the network and endpoints.

Cisco XDR system can leverage the threat intelligence from Cisco Talos – the cloud-based platform known as Cisco SecureX, as well as the backup and recovery solutions from Cohesity to provide a powerful and proactive defense against ransomware and other advanced threats. Cisco XDR system also supports third-party integrations with other security vendors, including Microsoft, Splunk and many others.

Cisco have, and continue to invest heavily in their end-to-end security portfolio and their XDR solution (as of December 2022) is on the cusp of moving into the Leaders Quadrant in the Gartner Magic Quadrant for Endpoint Protection.

Cisco's XDR play competes against other industry leading XDR vendors including Sentinel One Microsoft Defender, Crowdstrike Falcon, Palo Alto Cortex XDR and Trend Micro Vision One.  

Cisco are on the verge of become a leader in the Gartner Magic Quadrant for Endpoint Protection.

Conclusion

Ransomware is a serious threat that requires a comprehensive and proactive solution. Cisco’s XDR system, integrated with Cohesity’s DataProtect and DataHawk offerings, provides a powerful way to detect, prevent, and recover from ransomware attacks.

For organisations with a fragmented security portfolio and those heavily invested in Cisco infrastructure, Cisco’s XDR can be an excellent choice for organisations that need to increase visibility and simplify the detection and remediation time with the integration of XDR with the rest of their Cisco Security portfolio – enhancing the visibility, automation, and effectiveness of security operations.

Microsoft Defender “top of the class” for ransomware detection and blocking.

Microsoft Defender for Endpoint has just received top marks for the latest Advanced Threat Protection Test carried out by AV-Test in Feb 2022.

The report (which tested many of the top products including Microsoft Defender in both the home and commercial space) found that it was best-in-class in terms of its ransomware detection and blocking.

The Advanced Threat Protection tests provide vendors and users with substantial findings as to how securely a product can protect against ransomware in real-life scenarios.

… All the products have to successfully defend against ransomware in 10 real-life scenarios under Windows. The test involves threats such as files containing hidden malware in archives, PowerPoint files with scripts or HTML files with malicious content.

AV-TEST

Top Marks

The tests were carried out amongst 14 of the top anti virus and endpoint protection products in the consumer and commercial space including:

  • Acronis
  • AVG
  • Avast
  • Bitdefender
  • Kaspersky
  • F-Secure
  • McAfee (Trellix)
  • Microsoft
  • Symantec

Whilst Microsoft came out joint top for all the tests in the corporate space, the lowest of the scores were McAfee / Trellix who AV-TEST claim were unable to fully block ransomware attacks in multiple different attack scenarios:

Microsoft Defender AV-TEST ransomware tests 02-22
McAfee AV-TEST ransomware tests 02-22

You can access the full reports from AV-TEST here.

Good news for consumers and corporate

In short this should be good news for corporate customers that use Microsoft Defender (which is built into Windows 10 and Windows 11) as well as consumers.

Consumers in particular are often sold additional third party antivirus and anti ransomware products when they buy a new computer, buy software or through advertising and whilst there may be good reasons to buy additional products, these results should demonstrate just how good Microsoft are at protecting consumers and corporate clients who use their products.

Defender is part of a much bigger family

In the corporate space at least, Microsoft Defender is a an entire multiplatform, multi vendor platform suite of. Integrated services for protecting corporate systems and data from attack, breach, ransomware and theft. Their product suite extends across Identity (Defender for Identity), Cloud, Endpoint, IoT and Office 365 to name just a few.

You can find out more about the Microsoft Defender suite of products for corporate customers here.

Microsoft also annouced last month the release of Microsoft Defender for individuals which provides enterprise grade protection for Microsoft 365 consumers and family users. Microsoft Defender is a cross-device security app that helps individuals and families protect their data and devices, and stay safer online with malware protection, real-time security notifications, and security tips. You can read more here.

Microsoft and Rubrik Partner to bolster Zero Trust,and Ransomware protection

MICROSOFT and Rubrik (a US-based, Gartner leading data backup and protection company) have announced a new strategic partnership which will see them working together to providing Zero Trust data protection to help organisations protect and mitigate against the rising threat and risks of ransomware attacks across cloud and hybrid cloud environments, including or course Azure and Microsoft 365.

This work will address the rising customer needs to protect against surging ransomware attacks, which are growing 150% year on year.

As part of the partnership, Microsoft has also made an equity investment in Rubrik.

Who are Rubrik?

Rubrik work with enterprise customers, helping them protect and recover from ransomware attacks, automate data security operations, and transition data from on premises data centres to the cloud.

Like Microsoft, Rubrik takes a Zero Trust approach to data management, which follows the NIST principles of Zero Trust. Zero Trust is based on the concept of “never trust, always verify.” In practice, this means that access to any resource within the network must be subject to specified trust dimensions, or parameters. Failure to meet these parameters results in denial or revocation of access. This is in complete contrast to previous security models that assumed implicit trust within the network perimeter.

Rubrik said in an annoucement that;

“As the pioneer of Zero Trust Data Management, Rubrik is helping the world’s leading organizations manage their data and recover from ransomware. Together with Microsoft, we are delivering tightly integrated data protection while accelerating and simplifying our customer’s journey to the cloud.”

Bipul Sinha | Co-founder and CEO |Rubrik

The better together story

Rubrik and Microsoft are already partners and according to Microsoft in their press statement, have been working together with over 2,000 mutual customers using Azure across six continents. In a press release announcing this new strategic partnership, Microsoft said that “the two companies will be providing Zero Trust data protection for hybrid cloud environments, including Microsoft 365“.

End-to-end application and data management is critical to business success, and we believe that integrating Rubrik’s Zero Trust Data Management solutions with Microsoft Azure and Microsoft 365 will make it easy for customers to advance their Zero Trust journey and increase their digital resilience.

Nick Parker, Microsoft CVP Global Partner Solutions.

Summary and Thoughts

The data backup and recovery market is a big and crowded marketplace with leading companies like Veeam, Acronis, Veritas, ArcSerce, Commvault etc, making data backup and recovery their market and currency.

Magic Quadrant for Enterprise Backup & Recovery

Microsoft uses a “shared responsibility” model for data and availability in that they take responsibility for the services being available, online and resilient, but it’s up to the customer delivered online to govern, secure, backup, and maintain their data and content which has been where the traditional backup and recovery vendors have stepped in.

This investment could signal a new longer term area of focus and growth for Microsoft which could put pressure on the other vendors in this space especially if Microsoft now have a vetted interest to have a “preferred” partner / vendor for data protection and recovery.


What do you think?

Do you work with or use Rubrik for data protection? How do you see this playing out. Good or bad for the market?

New WannaCry-type exploit threatens XP, Server 2003 and Windows 7… What do you need to do?

Microsoft has started warning users of older versions of Windows desktop and Sever to urgently apply a Windows Update today to protect against a potential widespread attack similar to the infamous WannaCry attack.

“Windows 7 users are still vast.. Make sure you are patched..”

Microsoft have yet again issues patched to close the critical remote code execution vulnerability that can be exploited in Remote Desktop Services that exists in Windows XP, Windows 7, and server versions including Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008.

Microsoft seems to be continually “doing the right thing” of still releasing critical patches for Windows XP and Windows Server 2003 even though both operating systems have been out of support for some time.

Anyone still running Windows XP, (yes I know) will need to manually download the update from Microsoft’s website.

As you know Windows 7 reaches end of extended support in just 7 months. #Windows10 offers more than 30 odd significant advances in security and OS hardening compared to its older siblings and whilst many organisations are rapidly migrating to #Windows10 there are still many organisations that have not.

Microsoft did announce yesterday extended support for Windows10E5 subscribers for another 12 months as a benefit to their “commitment” to move to Windows 10.