Cisco adds automated ransomware recovery to its XDR solution

Cisco is enhancing its Extended Detection and Response (XDR) solution. By adding recovery to the response process, Cisco XDR is redefining what customers should expect from security products. This announcement brings near real-time recovery for business operations after a ransomware attack.

Cisco continues to drive momentum towards its vision of the Cisco Security Cloud—a unified, AI-driven, cross-domain security platform. With the launch of Cisco XDR at the RSA Conference this year, Cisco delivered deep telemetry and unmatched visibility across the network and endpoints. Now, by reducing the crucial time between the beginnings of a ransomware outbreak and capturing a snapshot of business-critical information to near-zero, Cisco XDR will further support that vision, while enabling new levels of business continuity.

“The exponential growth of ransomware and cyber extortion has made a platform approach crucial to effectively counter adversaries. Our objective is to build a resilient and open cybersecurity platform that can withstand ransomware assaults and recover with minimal impact, ensuring uninterrupted business operations,” said Jeetu Patel, EVP and GM of Security and Collaboration at Cisco. “As a global infrastructure provider that built the network, Cisco is redefining what a security product should deliver. Our innovations with automated ransomware recovery are a significant step towards achieving truly unified detection and response data, turning security insights into action.”

During the second quarter of 2023, the Cisco Talos Incident Response (IR) team responded to the highest number of ransomware engagements in more than a year. With the new capabilities in Cisco XDR, Security Operations Center (SOC) teams will be able to automatically detect, snapshot, and restore the business-critical data at the very first signs of a ransomware attack, often before it moves laterally through the network to reach high-value assets.

“Cisco is quickly disrupting the security landscape across their entire portfolio and their XDR solution could become the de facto reference architecture organizations turn to,” said Chris Konrad, Area Vice President, Global Cyber, World Wide Technology.

“Not only does it provide broad visibility by integrating data across endpoints, network, cloud, and other sources – this extensive attack surface insight allows for superior threat detection using advanced analytics. Organizations should strongly consider the implementation of Cisco XDR to bolster their security posture and safeguard assets effectively. Cisco undoubtedly is contributing to the overall resilience of any organization,” added Konrad.

Cisco is expanding its initially released, extensive set of third-party XDR integrations to include leading infrastructure and enterprise data backup and recovery vendors. Cisco announcedOrganizations can now automatically recover from ransomware attacks with first-of-its-kind capabilities in Cisco Extended Detection and Response (XDR) the first integration of this kind with Cohesity’s DataProtect and DataHawk solutions.

“Cybersecurity is a board-level concern, and every CIO and CISO is under pressure to reduce risks posed by threat actors. To this end, Cisco and Cohesity have partnered to help enterprises around the world strengthen their cyber resilience,” said Sanjay Poonen, CEO and President, Cohesity. “Our first-of-its-kind proactive response is a key piece of our data security and management vision, and we’re excited to bring these capabilities to market first with Cisco.”

Cohesity has a proven track record of innovation in data backup and recovery capabilities. Cohesity’s products provide configurable recovery points and mass recovery for systems assigned to a protection plan. The new features take this core functionality to the next level by preserving potentially infected virtual machines for future forensic investigation, while simultaneously protecting data and workloads in the rest of the environment.

Cohesity’s engineers worked alongside Cisco technical teams to dynamically adapt data protection policies to offer organizations a stronger security posture. This complements Cisco XDR’s robust detection, correlation, and integrated response capabilities and will enable customers to benefit from accelerated response for data protection and automated recovery.

Cisco XDR is now available globally to simplify security operations in today’s hybrid, multi-vendor, multi-threat landscape.