Security analysts must break out of their vicious cycle by leveraging effective security tools, building better workflows, and discovering the shortest path from detection to response to reduce friction. Credit: poba With the world ever more digital and interconnected, the need for robust cybersecurity measures has never been more critical. But security analysts are overwhelmed with alerts and incidents, struggling to prioritize events amidst the rising sophistication and frequency of attacks. That’s why organizations need an Extended Detection and Response (XDR) solution that delivers on its promises.XDR is a unified security incident detection and response solution, enabling visibility and context across your environment into even the most advanced threats. It applies analytics to detect malicious activity, and then responds to and remediates threats.To be effective, XDR solutions must be comprehensive and automatically collect and correlate telemetry from multiple security tools across all vectors — email, endpoints, servers, cloud workloads, and networks. That’s easier said than done.Overcoming SIEM/SOAR limitationsUnderstandably, many organizations thought their detection and response needs would be covered by Security Information and Event Management (SIEM) solutions analyzing event logs to provide visibility into events and Security Orchestration and Response (SOAR) solutions helping to automate response and remediation.But run the numbers: with organizations experiencing on average 11,000 events per day, the security analyst has no hope of keeping up. Even with full automation that reduces the events to only 30 seconds to process, that only provides the ability to handle 2880 events per 24-hour period. What’s needed is improved prioritization and focus on the most important assets that need protection.SIEM/SOAR solutions still have a relevant place in mature environments where organizations are in command of all the processes, procedures, and runbooks of their Security Operations Centers (SOC). But few can boast of such expertise, hence the need for innovation that makes integrated detection and response equitable for all security teams.Analysts are dealing with an average of 45 tools, without the effective integrations needed to manage them effectively. “Drop by your analyst’s desktop and see how many tabs they have open — it’s a lot,” says Rob Gresham, Cisco principal technical marketing engineer specializing in security operations, response, automation, and threat intelligence. “The capabilities they need aren’t integrated and they don’t work together out of the box. It takes time and expertise to put those tools to work.”Security analysts find themselves on an endless treadmill of trying to integrate patchwork coverage from an industry supersaturated with point solutions. With Endpoint Detection and Response (EDR) tools, organizations have seen the value of adding detection and response into a single solution, but it’s not enough.Comprehensive, integrated viewsSome EDR vendors are attempting to extend their products by incorporating Network Detection and Response (NDR), but lack the expertise to provide a comprehensive, integrated viewpoint.Cisco’s approach to XDR is to provide a bridge to more integrated detections and responses, so organizations can act fast before the adversary sets in. They are doing so by providing an XDR environment to which customers can plug in APIs to their existing EDR and other security tools.“So long as you’ve got your API keys in,” says Gresham, “Cisco starts pulling your data into our XDR analytics environment and starts creating the insights into your devices that allow you to categorize your assets and focus on those with the most risk to provide you a standardized response plan.” Cisco protects all the Fortune 100 and takes the responsibility of protecting customers’ assets seriously. Learn how Cisco is taking the fear, frustration, and friction out of SecOps with Cisco XDR.Learn more about Cisco XDR. Related content brandpost Partnering up on XDR: A rising tide lifts all security teams Security practitioners must employ XDR tools to focus on the bigger picture and the larger threats at hand. By Pete Bartolik Sep 13, 2023 4 mins Security brandpost Insights from a CISO Survival Guide Cisco's CISO Survival Guide set out to uncover how modern enterprises should be secured given the uniquely evolving challenges of Identity management, data protection, software supply chain integrity, and ongoing cloud migration—all in the By Pete Bartolik Aug 24, 2023 4 mins Security brandpost Navigating the AI frontier: cybercrime's evolution and defense strategies This article focuses on the dual effects of AI on cybercrime and its implications for defense. By Dr. Giannis Tziakouris, Senior Incident Responder at Cisco Talos Intelligence Group Aug 23, 2023 4 mins Security brandpost Adapting tools & tactics to fight modern ransomware Many backup solutions rely on snapshots taken every 24 hours, but that leaves a substantial amount of data at risk in the event of an attack. That's where extended detection and response (XDR) comes in. By Pete Bartolik Aug 22, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe