Cisco XDR

My primary use case for Cisco XDR  is log review from devices, and then doing analytics for quicker responses in the future to security incidents.

The feature I appreciate the most about Cisco XDR  is the flexibility for a user to be able to create their own reporting and dashboards. I would say I got to stop beta testing myself. I am testing what can be customized the most with it. Being able to ingest all the analytics and make it something that's either meaningful to them or to their own leadership is a big plus. It's not just what the product is at launch; you have the ability to customize and make it useful to your business to actually get real, purposeful information out of just a swamp of data.

The features of Cisco XDR  have actually benefited the organization significantly by allowing us to do the outputs of specific data and even filtered subsets of the data. We can do the same reporting but only deliver in either reports or dashboards the information about the systems that a specific team is responsible for, or the larger teams that multiple departments or IT silos roll up into. We're basically able to just modify the filters and have the same reports in the same dashboards where it's all the same; 99% of the work is the same.

To improve Cisco XDR , I can't think of anything super meaningful because a couple of features I'm interested in are actually ones that integrate with Duo, but that's not widely used. I'm fine with the features that are on their way into the product based on the roadmap I've seen, so I can't suggest any other features from a user perspective.

I have been using Cisco XDR for 18 months.

My assessment of the stability and reliability of Cisco XDR is positive. Any perceived performance issues were traced back to specific users attempting to process too much data at once. We clarified optimal procedures, which encouraged people to interact with the system more efficiently and avoided traditional outdated workflows.

My experience with customer service and technical support has been fantastic. We've only needed to contact them twice for our security team, and each time was mainly to understand how something was functioning.

Prior to adopting Cisco XDR, we were using four products, three of which stayed in evaluation while dropping others. We recognized that Cisco XDR could replace multiple systems, making it an appealing choice.

My experience with the deployment of Cisco XDR was that it was simple. During the proof of concept, the setup was straightforward, and for the most part, we provided systems access to the security team, allowing them to tie everything together without needing additional help.

I have expanded the usage of Cisco XDR. The process of expanding usage has been smooth and easy. Since we frequently work with Cisco, it makes it hassle-free to justify needing more and explaining why.

Having proven its value and capability to quickly ramp up our operations has simplified expanding licensing and replacing systems. I know of several incidents that demonstrate Cisco XDR's return on investment (ROI). Two customers faced a network breach and a bad configuration incident, but unlike in the past where recovery took days, they managed to shut down access points quickly. Their ability to divert a crypto attack within 30 minutes saved them from a multi-day outage that previously had entire staff doing nothing but recovering systems.

Within our teams, I absolutely see the ROI with Cisco XDR. We have effectively identified gaps in our incident response processes and what information we need. Security is one of the most cost-effective insurance policies, and Cisco XDR serves as our magnifying glass to understand our security contract better. It has provided us with a tool that enhances visibility and interactivity among our teams.

My experience with pricing, setup costs, and licensing has been intriguing. I used to work for a Cisco partner, and I still have friends there with whom I discuss comparisons regarding some hardware products we sold. The shift I've seen is the elimination of the need for professional service packages. Users can customize their use of Cisco XDR significantly from the onset, which has resulted in a lower total cost of ownership compared to when we sold hardware and multiple systems.

I don't recall every product we considered before selecting Cisco XDR, but we looked at about nine alternatives. Our security team discovered details about Cisco XDR through integration work as a partner, which led us to realize that it could address many features we were interested in but were not initially evaluating. The aspect that stood out most during the evaluation process of Cisco XDR was its ease of use. Seeing how quickly we set up a proof of concept, along with the internal demos we received, made me confident about its implementation. Once we allowed everyone hands-on experience, it further affirmed how much smoother and more intuitive it was compared to others.

The impact of AI assistance and Cisco XDR on productivity is massive. We're no longer tied to just our reporting that was created for either looking at information specifically requested, or in response to a past event that we knew about. Now, security administrators can just go look and chat with the bot to get back a much more instant response and almost a live view of the data. They can navigate through breadcrumbs to get to the details of an event without causing hours of delays for someone to dig through that data or involve someone more conversationally versed in specific hardware products to look at the data.

The feature for prioritizing incidents across multiple security controls in Cisco XDR has affected my incident management process significantly. Even on the vendor side, as a traditional IT shop, we have silos of excellence where all these teams don't necessarily work together until there is an incident. Having our security and specified incident response leads from each team be able to get this data quickly allows security to determine if an incident is a mistake, a script triggering alarms, or just a bad network change.

My experience with using Cisco XDR to evaluate gaps in security coverage has been quite beneficial. Giving our security team and the first few end-user leads that own specific systems access to the AI chatbot has been crucial. We did reviews to determine what they are asking of the bot, how often they prompt it, and the types of responses they are getting back. This helped us identify that many of the teams in the middle that own connecting pieces did not realize that the security team was more responsive and concerned about certain issues than they thought.

My advice for other organizations considering Cisco XDR is to evaluate if they're already using a platform that meets all their needs. Think about what additional capabilities you desire, and envision what could be possible if everyone had access to pertinent data. Engaging directly with someone at Cisco to demonstrate how XDR can meet those needs is crucial to instill excitement and clarity among teams about data, workflows, and security. On a scale of 1-10, I rate Cisco XDR a 9.

We use Cisco XDR  for our network devices and data centers, as we are an internet provider. We deliver the internet to customers.

The feature I appreciate the most about Cisco XDR  is the reliability. The reliability of Cisco XDR  benefits my company by ensuring less downtime and less customer downtime, and it is also easier to keep everyone trained on Cisco because we are all more familiar with that than other vendors.

My only complaint about Cisco XDR is related to licensing, which is complicated.

I have been using Cisco XDR for probably three years.

Cisco XDR  is very reliable, which is its big advantage.

Cisco XDR scales effectively with the growing needs of my company.

My experience with their technical support has been excellent. I would rate Cisco customer service a ten out of ten.

It is easy to implement.

The biggest return on investment when using Cisco XDR is the downtime aspect, specifically not having to roll out to sites and not having customers experience downtime.

I don't have the metrics, but the downtime reduction is definitely a lot compared to the other vendors that we've used in the past.

The licensing of Cisco XDR is a bit complicated. The cost can depend on what it is, and the process can be a little complicated.

We did consider other solutions before choosing Cisco XDR. We went for Cisco XDR because we're all already trained in Cisco. Reliability is also a big reason.

I would rate Cisco XDR a nine out of ten. The only thing that could make it a ten is better licensing. That's my only complaint.

We are a small ISP, and it mainly use it just basically for routing and insights into wherever our traffic goes through.

My job is to put out fires all day. The features of Cisco XDR  benefit my company since time is money. When outages happen and when a customer can't reach the internet, they get agitated. Therefore, the quicker we can mitigate an issue, our customers get happier in a quicker fashion.

I appreciate the granularity of what I get from Cisco XDR  the most. It provides so much information that I can troubleshoot in a more detailed fashion. I get all this information and can comb through it to figure out exactly where the source of the trouble comes from.

Between the clarity, the granularity, and the dashboard, it just works.

It does its job by helping evaluate gaps and mitigating in a timely fashion.

Cisco XDR  can be improved by addressing the upfront cost. Everything matters for us since we're small, mom and pop, so every dollar counts.

I have been using Cisco XDR for about two years, two and a half years.

The stability and reliability of Cisco XDR, similar to most Cisco products, are bulletproof. As long as I keep it with ramp patching and updates, they just work.

Regarding scalability, since we're smaller, I don't know if we'll ever grow bigger than what we are now, being landlocked in Bixby, Oklahoma. However, if we were blessed to get bigger, it would be easy.

My experience with customer service and technical support for Cisco XDR is that the tech support is excellent and easy to work with.

I considered other solutions before choosing Cisco XDR, such as FortiGate  and Juniper, and those were two that we had a proof of concept with. FortiGate  was good, but it was actually a blessing because Cisco XDR was technically cheaper than FortiGate.

My experience with the deployment of Cisco XDR is that it was extremely easy. We worked with our VAR, Net Fabric .

The representative we worked with helped us set it up and it just worked.

The biggest return on investment when using Cisco XDR is that, being a small company where everybody has multiple roles, the quicker I can mitigate something, the faster I can return to my scheduled tasks for that day.

My experience with the costs, including setup costs and licensing for Cisco XDR, is that it's now a subscription base, with options for one year, three year, or five year terms.

It would be preferable to return to the old model where you just buy it once without having to pay a renewing fee, however, I don't think they're going to implement that.

I considered other solutions before choosing Cisco XDR, such as FortiGate and Juniper, and those were two that we had a proof of concept with. FortiGate was good, however, it was actually a blessing because Cisco XDR was technically cheaper than FortiGate.

Cisco XDR streamlines incident response through its provided functionalities because, based on the clarity of the dashboard and the granularity, it works effectively.

I would rate Cisco XDR overall a nine out of ten, based on the price point.

I use Cisco XDR  because I'm a SOC analyst. It's something I use every single day. The majority of my work has been in Cisco XDR  looking through incidents, reading reports that it gives, and making automations.

I use Cisco XDR  as more of an integration tool for all of our Cisco tools. I work in a Cisco Suite. We have AMP, Umbrella, Firepower, and all these different tools connected to Cisco XDR, and I can get all my data in one place. It's easier to look at just one tool versus the eight to ten other tools that we have to get data. It saves time and puts us ahead of different threats since it's all in one spot.

I saw the benefits of Cisco XDR immediately after the tool came out. We had meetings with Cisco where they were telling us about the tool. The higher-ups that I work for saw a need for it first, and then they came to the SOC group. When we sat in on the first meeting, we immediately knew that this was a tool we needed to help us save time and get ahead.

One of my favorite features of Cisco XDR is the automation tool, which saves a lot of time because we can craft these automations and workflows. If we get a phishing email, I can set up a workflow that can be initiated the minute the email comes in. If it suspects that to be malicious, it goes ahead and quarantines the file so that it can't spread through our network.

An issue that we have with Cisco XDR is the observable list. These observables are basically similar to a chess board where you have a certain number of spots to put pieces. It's the same concept when we're doing investigations. We're only allowed 2,000 characters and up to 1,000 observables when we do investigations. If we have a list of domains we need to block, such as 4,000 domains, I can only block 100 domains at a time because if I put in more than 100 domains, I hit that 2,000 character max and can't continue with an investigation. Being able to put in all 4,000 domains, without a character limit or observable limit, would make doing those case books a whole lot easier and blocking those domains a whole lot easier too.

I have been using Cisco XDR for about a year and a half.

When we first started with Cisco XDR in August, everybody was having issues. There were three people in our organization, including me, who couldn't even log in to Cisco XDR. We were constantly in meetings and contacting them by sending network logs or through calls. They were remotely looking at our screens.

For about three months, our machines would freeze, and it wasn't just Cisco XDR. It was also integrated with AMP, and both sides would just freeze and lock up. We couldn't do anything, and even when we deleted the tabs, it would just crash out. That lasted for about three months, but once they got it fixed and figured out the issue with the observables and with the character limit, it's been flawless.

I have contacted the technical support for Cisco XDR. They answered pretty quickly, and they were always willing to get into a meeting with us. I didn't really have any issues with them besides minor things where they would tell me to do something that I had already tried or done. Other than that, they responded quickly, they were always willing to meet, and they were always willing to work as per my schedule.

Deployment went fine, but when it came to integration with tools, I was definitely the test guinea pig in terms of system failures. For two months, my Cisco XDR did not work because I was the one who found the observable issue and reported it to Cisco. There were multiple meetings and constant back and forth with engineers, telling them the things they were telling me to do were not working. They were not able to understand that I could not even log in to the application without it freezing. So, the deployment went well, but for the next two months, we had issues, which is normal with a new tool. We got it as soon as it hit the market, so we knew that there were going to be some complications.

I wouldn't say we have it fully set up right now. We're still integrating tools and workflows into it. We have it in working condition where we're able to do investigations in it, so we have it 95% set up now.

I'd rate Cisco XDR a nine out of ten overall.