Cisco adds new ransomware recovery capabilities to XDR solution

Enterprise networking and security vendor Cisco has announced the addition of new ransomware recovery features to its extended detection and response (XDR) solution. The announcement brings near real-time recovery for business operations after a ransomware attack, according to the firm. The capabilities reduce the time between the beginnings of a ransomware outbreak and capturing a snapshot of business-critical information to enable enhanced levels of business continuity, the firm said.

Cisco also announced that it is expanding its set of third-party XDR integrations to include leading infrastructure and enterprise data backup and recovery vendors.

Effective and timely ransomware recovery can be challenging for a range of business amid an increasingly dangerous ransomware landscape. During the second quarter of 2023, the Cisco Talos Incident Response (IR) team responded to the highest number of ransomware engagements in more than a year. Likewise, the latest ReliaQuest Ransomware & Data-Leak Extortion report revealed a large surge in ransomware activity in Q2. This quarter set the record for the most victims ever recorded being named to ransomware data-leak sites, an increase of 540 victims compared to the previous quarter, according to the research.

New capabilities detect business-critical data at first signs of ransomware attack

The new capabilities in Cisco XDR allow security operations center (SOC) teams to automatically detect, snapshot, and restore the business-critical data at the very first signs of a ransomware attack, often before it moves laterally through the network to reach high-value assets, Cisco said in a press release.

"The exponential growth of ransomware and cyber extortion has made a platform approach crucial to effectively counter adversaries," said Jeetu Patel, executive VP and general manager of security and collaboration at Cisco. "Our objective is to build a resilient and open cybersecurity platform that can withstand ransomware assaults and recover with minimal impact, ensuring uninterrupted business operations."

Cisco XDR integrates Cohesity's recovery functions

Cisco is also expanding its initially released set of third-party XDR integrations to include Cohesity's DataProtect and DataHawk solutions, it said. Cohesity's products provide configurable recovery points and recovery for systems assigned to a protection plan. The new features enhance this core functionality by preserving potentially infected virtual machines for future forensic investigation, while simultaneously protecting data and workloads in the rest of the environment, according to Cisco.

Cohesity's engineers worked alongside Cisco technical teams to adapt data protection policies to offer organizations a stronger security posture. This complements Cisco XDR's detection, correlation, and integrated response capabilities and will enable customers to benefit from accelerated response for data protection and automated recovery, the vendor claimed.