Cisco Threat Response automates integrations across select Cisco Security products and accelerates key security operations functions: detection, investigation, and remediation. Threat Response integrates threat intelligence from Cisco Talos and third-party sources, which adds context from integrated Cisco Security products automatically so you know instantly which of your systems was targeted and how.
N/A
Palo Alto Networks Cortex XDR
Score 8.4 out of 10
N/A
Cortex XDR (formerly Traps) replaces traditional antivirus with multi-method prevention, a proprietary combination of malware and exploit prevention methods that protect users and endpoints from known and unknown threats.
It's well suited with any security operation center. So if someone is doing anything with security, whether it be firewalling, endpoint security whether it be email security, it's certainly suited to any type of security that can roll up security events. So this is a single pane of glass where you can view all your security events. So what it's doing is it's taking all your security silos that have historically been very difficult to manage and it's rolling everything up into one dashboard, so it makes it much easier to manage.
In a scenario where EDR is a requirement or necessity XDR performs well with or without a SIEM. There are millions of events and logs to parse through and XDR is capable of handling the large load. On top of the large data that is being parsed, features such as Live Terminal, File Retrieval, OS support, and general Metrics, the tool has room to grow and provide a lot for a Security team or organization. Incident Response is a great example of how XDR can shine
So the product enables end users to get visibility into their security environment, not only across the Cisco products but across the third-party products as well. The product also automates detection and response. So the product really offers end-user efficiency in the security operations center.
Of course, many companies prefer to obtain security from the cloud; however, not all of them prefer it, which is why having a local implementation would allow these companies to also use said software as their ally for their security.
Working with this software can be simple, that is, any threat can be visualized with greater precision, but when it comes to managing its orchestration, it is a bit complex.
Its integration with other software can be simple but with others it is not, that is why it would be ideal if all of them could be carried out in the same way.
Integrating with a larger number of third party software would be of great help, to further enhance the analysis and detection of threats.
We encountered some glitch in a certain version of the agent. When we deployed newer version, the policy set on the previous version was white-listed/overwritten.
Moving to encrypted based connection (communication between agent to server) is troublesome, coz we need to uninstall the agent first.
Need to have a more flexible reports/dashboard where we can customize it
We feed Traps log to our SIEM, however the information sent to the SIEM was not complete, but we need to investigate more probably some faults are on us
Cortex XDR does a very good job of blocking suspicious and threatening items. However, as with all software of this nature, it will sometimes block known-good items. The difficulty is in manually whitelisting these known-good items. The interface to whitelist is confusing even for a seasoned IT professional and has been the single most frustrating experience of using Cortex XDR
The support we receive from Palo Alto is one of the best aspects of Traps. It is very easy to recommend their support. It seems much easier to connect directly with someone with a deep understanding of the product rather than other companies where you basically have to make an airtight case that it is some kind of non-standard issue that can't be solved with existing documentation. Palo Alto digs deep and helps with advanced troubleshooting to get things working.
A lot of the look and feel of both products is quite similar. There's several best practices on visualization that are followed in both and integration of common telemetry is comfortable and quick. But while Microsoft ATP offers deep insights into mostly the Microsoft environment and a limited view into other common sources, SecureX shines in all the non-client areas Microsoft's product seems lackluster in.
Traps provided us with a cloud-based platform that made our lives a lot simpler. Nothing like Traps exists in the market and I've never used anything like it. Others, on the other hand, were a lot slower to respond. Malwarebytes and other enterprise-level malware software are also available, but they do not fall under the same heading.
It is a solution that is of great help to reduce threats and their powerful damage, thanks to its high threat identification.
Its workflow automation saves time and money, that is, it makes possible a better performance in the team that handles corporate security because it helps them with the tasks.
By unifying security solutions, it gives the advantage of reducing operating costs and greatly improving responses to threats.
Their analyzes are vital to carry out a quick remediation and thus reduce the time in which the company is under threat.
