Cisco Introduces New XDR Capabilities for Automated Detection and Response
Cisco recently announced the launch of new Extended Detection and Response (XDR) capabilities aimed at automating the detection and response to common cyber attacks. According to a blog post by Shipley, these new capabilities leverage machine learning, machine reasoning, and LLMs to trigger multiple AI agents throughout the investigation lifecycle, providing a clear verdict for each investigation. This verdict then activates pre-built playbooks in Cisco XDR or Splunk SOAR, enabling instant response with or without human intervention based on the organization’s processes.
Enhancements to Splunk SOAR and Enterprise Security
Splunk SOAR, which stands for Security Orchestration, Automation, and Response, is a platform that automates and manages cyber threat responses. Cisco also mentioned that upcoming releases of SOAR and Splunk Enterprise Security 8.1 will enhance security operations by offering greater visibility, integrated workflows, improved detection, and automated response actions directly within the enterprise security interface. These enhancements will be available in the near future, providing organizations with advanced capabilities to combat cyber threats effectively.
New Automated Forensics Capability in XDR
The latest XDR update includes a new automated forensics capability that provides deeper visibility into endpoint activity, enhancing the accuracy of investigations. This feature triggers digital forensics to collect over 350 artifacts on endpoints, including compromised or partially encrypted devices. The collected evidence, such as registry files, memory dumps, and activity logs, is crucial for forensic investigations and can be triggered based on risk scoring, behavioral analytics, or a simple click on the incident page.
XDR Attack Storyboard for Visualizing Complex Attacks
Another new addition to XDR is the Attack Storyboard, which uses AI-driven investigations to visualize complex attacks and help security teams understand threats more efficiently. Cisco’s AI constructs a dynamic Attack Graph that maps events to MITRE ATT&CK tactics along an attack timeline, summarizing each step for easy comprehension by SOC analysts and IT professionals. This feature guides investigations, highlights root causes, and provides recommended containment and remediation steps, enabling faster decision-making with confidence. The Attack Storyboard also delivers audit-ready narratives in plain language, making technical complexity more understandable and actionable for auditors and executives.
Overall, Cisco’s new XDR capabilities are set to revolutionize automated detection and response for cyber attacks, providing organizations with advanced tools and insights to enhance their security operations.
