“And we don’t force the operator to leave their preferred security tool that their SOC is built around – it is the best of both worlds,” Shipley stated. “And for those organizations who are already Splunk ES users, the integration of Cisco XDR enables analytics on network, endpoint and cloud telemetry that were previously unavailable to them.”
In addition to the ES integration, Cisco’s XDR now adds Splunk’s Asset and Risk Intelligence package, which offers a constantly updated inventory of assets, such as devices, applications, cloud services and user identities, by correlating data across multiple sources within an organization. The idea is to offer customers proactive risk mitigation through continuous asset discovery and compliance monitoring, according to Splunk.
Cisco has also added an XDR AI Assistant to look over security information gathered by XDR and help customers coordinate and speed response decisions about evolving threats by tying together contextual insights, guided responses, recommended actions and automated workflows, Cisco stated.
Cisco bolsters Hypershield architecture, Duo software
Also at RSA, Cisco announced it has added the ability to detect and block attacks stemming from unknown vulnerabilities within runtime workload environments from its recently introduced Hypershield architecture. In addition, suspected workloads can be isolated to limit a vulnerability’s blast radius.
Hypershield basically implements a distributed security fabric that encompasses AI-based software, virtual machines, and other technology that Cisco says will ultimately be baked into core networking components, such as switches, routers or servers. The idea is that every network port can be made into a security policy-enforcement point, letting customers set security controls at the workload level and preventing lateral movement of threats, Cisco says.
In addition, Cisco its adding its Identity Intelligence technology to its Duo access-protection software. Cisco’s cloud-based Duo service helps protect organizations against cyber breaches by using adaptive multi-factor authentication (MFA) to verify the identity of users and the health of their devices before granting access to applications.