Cisco XDR: Open Ecosystem Accelerated at Black Hat Occasions

Cisco XDR is an Open Platform

Cisco XDR turns one yr previous this week, and it’s a good time to share the backstory of how we developed relationships and alliances with “opponents” to have the open ecosystem of at present.

The story begins within the Black Hat Community Operations Middle, which offers a excessive safety, excessive availability community in some of the demanding environments on the planet – the Black Hat occasion. That is achieved with the assistance of better of breed options suppliers and seasoned safety and engineering groups led by Black Hat’s NOC Group Leads. The Safety Operations Middle is throughout the NOC.

That is our eighth yr supporting Black Hat USA. Cisco is the Official Cellular Machine Administration, Malware Evaluation and DNS (Area Title Service) Supplier. We work with different official suppliers to deliver the {hardware}, software program and engineers to construct and safe the community, for our joint buyer Black Hat: Arista, Corelight, Lumen, NetWitness and Palo Alto Networks.

The NOC Group Leads permit Cisco (and the opposite NOC companions) to herald further software program to make our inside work extra environment friendly and have better visibility; nevertheless, Cisco just isn’t the official supplier for Prolonged Detection & Response, Community Detection & Response or Collaboration. The Cisco crew brings the Breach Safety Suite, together with:

• Cisco XDR: Menace Looking / Menace Intelligence Enrichment / Government dashboards / Automation with Webex
• Cisco XDR Analytics (Previously Safe Cloud Analytics / Stealthwatch Cloud): community visitors visibility and risk detection

It Began at Black Hat

Whereas working side-by-side with the Palo Alto Networks engineers yr after yr deployed to Singapore, London and Las Vegas, we developed belief and the need to work nearer collectively and construct extra integrations between the merchandise within the NOC/SOC. A reporter with The Register toured the Black Hat USA 2023 NOC and wrote an article about this shut collaboration between companions. The working relationship with Palo Alto Networks opened doorways with Test Level and Fortinet, as we publicly demonstrated our dedication to cooperation within the SOC.

The Black Hat experiences expanded into constructing the RSA Convention SOC. Throughout his keynote at RSAC 2022, Cisco Safety Government VP and GM Jeetu Patel acknowledged, “Everyone knows it is a hypercompetitive business. However beating opponents is nowhere close to as essential as stopping the unhealthy actors. Collectively, we are able to work collectively to defeat our actual adversaries.” We implement this problem on a regular basis with Cisco XDR.

We took our experiences at Black Hat and RSAC SOC to the Nationwide Soccer League SOC for the Tremendous Bowl and Draft. Defending these giant occasions required cooperation with corporations akin to Microsoft and CrowdStrike, now two of probably the most strong integration companions with Cisco XDR. We took these abilities and know-how integrations to Paris, actively defending the Paris 2024 Video games at present.

We engaged different business leaders, together with SentinelOne, Pattern Micro, Cybereason, Darktrace and Proofpoint; constructing relationships and integrations with Cisco XDR.

New Palo Alto Networks (and different) Integrations

From proof-of-concept connections at Black Hat, we took these concepts and constructed them into the XDR product. The newest additions embrace Cisco Meraki MX, Cisco Umbrella DNS detections and now Palo Alto Networks firewall.

Latest and upcoming third-party integration additions embrace:

• Detections and Incident Era
  • Palo Alto Cortex-enabled Subsequent-Era Firewall
  • Microsoft Defender for Workplace 365
  • Proofpoint Menace Safety
• Menace Investigation
  • Palo Alto Cortex-enabled Subsequent-Era Firewall
  • Test Level Quantum
  • Microsoft Defender for Workplace 365
• Workflows
  • Palo Alto Networks Panorama – Add IP, Area, or URL to Group or Class
    • This workflow seems within the pivot menu and permits you to add a URL, IP, or area identify to a bunch or class in Palo Alto Networks Panorama.
  • Jira Cloud, Xmatters, ZenDesk
    • These workflows permit SOCs/NOCs to collaborate extra successfully utilizing the crew collaboration instruments they have already got
  • Elastic
    • Integrations with SIEMs and information storage apps permit for long-term retention of incident historical past for compliance and coverage functions
• Asset Insights
• Automated Ransomware Restoration

New Integration Alternatives

Cisco Companions can publish their very own integrations within the Cisco XDR Integrations “Trade”, with our new Verified Integrations Program. A number of the first integrations dropped at XDR by individuals on this program are:

• Menace Investigation
  • Crimson Sift Pulse
  • Bastille Networks
  • Radware Cloud WAF Service
  • Radware Cloud DDoS Safety Service
  • Sign Sciences Subsequent-Gen WAF

• Workflows
  • Radware Cloud DDoS Safety Service
  • Rubrik Safety Cloud

When you have a product that you just wish to make Cisco XDR appropriate, e mail our Cisco Safety Technical Alliance at [email protected]

Test Out the NOC and SOC Dashboards at Black Hat

While you’re at Black Hat USA, plan to go to the Cisco Sales space, 7-8 August, the place you’ll be able to communicate with one of many engineers from the Black Hat SOC contained in the Community Operations Middle and take a look at the Cisco XDR and ThousandEyes dashboards up shut.

You too can attend a scheduled NOC Presentation to be taught extra concerning the know-how companions who come collectively to construct and defend the Black Hat community:

• Wednesday, August 7:
  • 10:20 AM – 10:50 AM in Lagoon G, Degree 2
  • 4:45 PM – 5:35 PM in Enterprise Corridor Theater E
• Thursday, August 8:
  • 10:20 AM – 10:50 AM in Lagoon G, Degree 2
  • 2:35 PM – 3:25 PM in Enterprise Corridor Theater E

Make sure you attend the tenth Annual Black Hat USA Community Operations Middle (NOC) Report, afternoon of Thursday, August 8, 3:20pm-4:00pm (Oceanside A, Degree 2).

We’re excited for the two^nd yr of Cisco XDR innovation, accelerating the evolution of the SOC of the Future. We are going to proceed to construct upon the teachings discovered and relationships developed at Black Hat occasions globally.

About Black Hat

Black Hat is the cybersecurity business’s most established and in-depth safety occasion collection. Based in 1997, these annual, multi-day occasions present attendees with the newest in cybersecurity analysis, improvement, and traits. Pushed by the wants of the neighborhood, Black Hat occasions showcase content material straight from the neighborhood via Briefings shows, Trainings programs, Summits, and extra. Because the occasion collection the place all profession ranges and educational disciplines convene to collaborate, community, and focus on the cybersecurity subjects that matter most to them, attendees can discover Black Hat occasions in america, Canada, Europe, Center East and Africa, and Asia. For extra data, please go to www.blackhat.com.

We’d love to listen to what you suppose. Ask a Query, Remark Beneath, and Keep Related with Cisco Safety on social!

Cisco Safety Social Channels

Instagram
Fb
Twitter
LinkedIn

Share: