Cybersecurity protection requires visibility throughout an organization to detect attacks in progress. Extended detection and response (XDR) solutions, such as Cisco’s SecureX, expand upon endpoint detection and response (EDR) solutions to include IT infrastructure, such as cloud resources, IT network devices, and more.
This product review provides a full review of SecureX and what makes this product an effective XDR solution:
SecureX and the XDR Market
The XDR market is currently valued at over $500 million in revenue and expected to grow at a compound annual growth rate (CAGR) of approximately 20% to over $2 billion by 2028.
Product solutions account for 60% of market revenue. XDR products currently focus on large enterprises with North American customers, representing more than 50% of the current sales.
The major competitors in this market include Broadcom Symantec, Cisco SecureX, Crowdstrike Falcon, Cybereason Cyber Defense Platform, Cynet 360, McAfee MVision, Mandiant, SentinelOne Singularity, Sophos Intercept X, and Trend Micro Vision One.
SecureX Key Features
XDR products seek to integrate additional functions beyond current endpoint detection and response products to create a more overarching security solution. SecureX’s open platform permits integration with third-party solutions and increases visibility and effectiveness for SecureX users.
The key features of SecureX are:
- Centrally manage and protect credentials across applications
- Cloud-native platform connecting on-premises, remote, and cloud resources
- Comprehensive endpoint inventory and security configuration analysis
- Custom workflow options
- Improved awareness of potential and actual threats
- Integrated operations and security functions
- Investigation of threats with full context through multiple tools and applications
- Prebuilt workflows for common use cases
- Prioritized incidents with metrics and operational measures
- Threat response aggregation and integration across IT technologies
- Unified and customizable dashboard
SecureX Key Benefits
The number and variety of items to secure in an organization continue to balloon. Many IT security teams find themselves falling behind even as they add new tools to keep tabs on networking equipment, web servers, cloud resources, and more. Each tool and each resource adds complexity for integration and monitoring.
Through integration, SecureX simplifies the workload for security operations (SecOps), IT operations (ITOps), and network operations (NetOps). Combining many resources into a single tool drives efficiency and visibility throughout the support infrastructure.
Improve Operations and Security
SecureX enables faster, more informed decision making to reduce dwell time for threats. Pre-programmed and built-in workflows can be triggered to speed up incident response times and automate security functions.
SecureX creates a single application window to view operational and security status for the complex architecture of the modern IT environment. Networks, endpoints, cloud resources, and applications integrate feeds and connect to identity management, third-party IT services, IT intelligence, security information and event management (SIEM), and security orchestration automation and response (SOAR) solutions.
Network and operations issues can signal security issues and incident response can cause operations and network issues. Thus, SecureX provides a single platform for SecOps, ITOps, and NetOps to coordinate activities and control resources.
The more resources and tools added to SecureX, the less time teams must spend juggling tool navigation and the more time that can be used for critical tasks. SecOps, ITOps, and NetOps can save even more time by pre-programing workflows or using prebuilt workflows for repetitive tasks.
SecureX helps organizations to reduce incident response time by making all tools and assets a few mouse clicks away. The increased efficiency allows an organization to increase speed and accuracy while using less resources than managing many solutions separately.
SecureX extends visibility throughout the IT ecosystem integrating feeds from endpoints, networks, cloud resources, and applications. Different systems and solutions can generate conflicting alerts, but SecureX puts those alerts into context to enable more informed and accurate decisions.
SecureX also delivers meaningful metrics with a dashboard customizable to match the organization’s priorities and concerns. Any issues of concern can be investigated immediately and with the full context of all integrated systems and applications.
SecureX Use Cases
Allied Beverage Group
As one of the 10 largest wholesale wine and spirits distributors in the U.S., Allied Beverage Group needs to protect users, endpoints, and the data of a 1,000-employee firm. Allied wanted a solution that integrated their security and operations tools into a single screen while also retaining the ability to dig into details when needed.
“The [SecurityX] console allows us to see where else in the network a threat may have touched and then to investigate those other endpoints or areas,” Rodriguez says.
“It gives us detailed information about files that may have been compromised, sites that these individuals have visited, sites that may be communicating back and forth with the endpoints, and what endpoints are affected.”
As one of Australia’s largest universities, Deakin University maintains four campuses in Australia and offices in three other countries. The small IT team struggled to keep up with 100,000 daily devices and the accompanying alerts triggered by their staff of 12,000 as well as 64,000 students.
SecureX “saves a significant amount of time for analysts to do their job and they can solve more incidents more quickly and with a level of certainty that might not be there if these products weren’t integrated,” says Fadi Aljafari, information security and risk manager, Deakin University.
For an incident involving a state-sponsored attacker, “in one hour, we were able to search all our network and block all the indicators of compromise from a single application (SecureX threat response),” Aljafari says. “We didn’t even need to switch screens.”
Marine Credit Union
The 400 staff members of the Marine Credit Union service 90,000 members across Wisconsin, Iowa, Minnesota, and Illinois. As a financial institution, the credit union sees constant attacks, so their small IT team needed to deploy strong security in an efficient and effective way.
“I get a realistic 15% time savings of not having to do manual, mundane tasks,” says Elliott Bujan, IT security manager at Marine Credit Union.
“I save about an hour a day by reducing threat investigation/hunting tasks. … I don’t have to update the allow or deny lists. …
“I can also go to the Talos blogs, cut and paste the IOCs, and quickly add them into SecureX Threat Response. … I can copy text — quickly identify IP addresses, domain names, hashes, etc. with no need to do any formatting.”
As the IT environment grows more complicated, many solutions attempt to create more expansive XDR solutions. Cisco’s SecureX stands out because of their key differentiators: no- and low-code customization, quick integrations, and a transport framework.
No- and Low-Code Customization
SecureX uses a drag-and-drop canvas to build custom workflows to automate routine tasks or standardized incident response requirements. Operations and security teams can accelerate remediation time, free up resources from repetitive tasks, and reduce the risk of errors easily without having to write or debug code.
Cisco, the world’s leader in networking solutions, developed the SecureX platform to work with their enormous range of product offerings. Also, the SecureX open framework allows for API connections with any tool or solution willing to integrate with the platform. Moreover, SecureX can begin functioning in less than 15 minutes.
The SecureX Ribbon transport framework connects SecureX and integrated products to share functionality and information between tools. Users can dig into a tool to investigate alerts without losing the context of the source and with the ability to take action facilitated by Ribbon.
Cisco provides a no-cost SecureX license with any SecureX-capable product:
- Defense Orchestrator: security management solution
- Orbital: system state inspection query language
- Secure Access by Duo: multi-factor authentication (MFA)
- Secure Cloud Analytics
- Secure Email
- Secure Endpoint
- Secure Firewall
- Secure Malware Analytics: malware inspection and threat intelligence
- Secure Network Analytics: network detection and response
- Secure Resources: threat intelligence sources, such as TALOS
- Secure Web Appliance
- Secure Workload: hybrid-cloud workload protection and microsegmentation
- Umbrella: DNS and cloud security
Cisco’s SecureX solution puts many different applications and devices behind a single dashboard with an integrated security and operations solution. The APIs allow for users to begin with a handful of integrations and expand as needed by integrating Cisco products and other compatible third-party products as needed.
As enterprise IT architecture continues to become more complex, XDR solutions such as SecureX will simplify tasks and coordinate team efforts for SecOps, NetOps, and ITOps. The single collection point for information, investigation, and response will drive efficiency and effectiveness.