I use Cisco XDR for detection and response. I have an Insight license from Cisco XDR, which provides me with a powerful GUI on the cloud where I can see comprehensive insights from my machines. I also have an MDR service license from Cisco.

I use Cisco XDR for prioritizing incidents across multiple security controls. The second-best technical feature is incident correlation, which provides me centralized visibility and a single place to review incidents and investigate IPs, URLs, and domains. All log data is visible on one dashboard for managing incidents and taking actions with integrations and connectors to other products in my organization.

I have not yet run the DLP feature in Cisco XDR, but the XDR forensics capability provides evidence collection and forensics visibility, which works very well with incident correlation. Regarding DLP, I run an endpoint from Kaspersky, not Cisco. The integrations are strong, and I have purchased integrations from Cisco.

I have used the automation feature in Cisco XDR to improve workflows. I have connectors and direct integrations that allow Cisco to integrate with my firewalls using predefined integrations. I enable collectors and have connected firewalls, endpoints, and email systems, which allows me to take actions. For example, during a phishing incident, I run automations to investigate domains that trigger a phishing email, and I can block this domain on my email system through integration with Cisco XDR.

Cisco XDR has helped expose gaps in my security coverage. Since implementing it, I did not have NDR, and I opened a conversation with Cisco to implement the Cisco NDR module, which will be very useful to integrate with Cisco XDR. I receive detailed reports on traffic flow, so I can see on the Cisco XDR dashboard when user X attempts to connect to a malicious domain, for example.

The best feature of Cisco XDR, on which I based my decision to purchase it, is that Cisco XDR does not require an endpoint from Cisco. It can work with any endpoint. In my situation, I have an endpoint from Kaspersky, and Cisco XDR can integrate with it. It has predefined integrations based on the licensing model, so there is no need to have a Cisco endpoint to use Cisco XDR. This is not the typical use case for other XDR solutions like Trend Micro or Palo Alto Cortex, where you must obtain the endpoint from the same vendor.

In just four months, I have seen a good return on investment with Cisco XDR. I have reduced incidents and saved time because previously, if I encountered any incident, I would have spent considerably more time and effort reaching out to every security control on my network and checking logs across multiple systems. With Cisco XDR, I gain visibility on one dashboard where I can see extensive logs, resulting in time saved and reduced security incidents, which provides a strong return on my investment.

I believe the advanced insights module in Cisco XDR has room for improvement because it requires a separate license. If Cisco allowed me to access full data with a basic license, it would benefit many customers.

I have used Cisco XDR for four months.

I assess the stability of Cisco XDR as ten out of ten.

Although I have not yet tested scalability, I can say that theoretically it appears to support scalability, so I would rate it as ten out of ten.

I rate the technical support from Cisco as very professional with a strong support team. It is Cisco TAC, so I would rate it as ten out of ten.

The deployment of Cisco XDR is very simple and straightforward. I access the service, check the service, configure it, and I obtain the dashboard to begin configuring integrations. I receive logs and can take actions based on incidents easily.

In just four months, I have seen a good return on investment with Cisco XDR. I have reduced incidents and saved time because previously, if I encountered any incident, I would have spent considerably more time and effort reaching out to every security control on my network and checking logs across multiple systems. With Cisco XDR, I gain visibility on one dashboard where I can see extensive logs, resulting in time saved and reduced security incidents, which provides a strong return on my investment.

I believe the pricing of Cisco XDR is affordable compared to other solutions.

I believe Cisco XDR compares favorably with other XDR solutions such as Cortex XDR and Trend Micro Vision One. The best feature, as I mentioned earlier, is that Cisco XDR does not require its own endpoint. I have a Kaspersky endpoint, and I did not need an endpoint from Cisco to use Cisco XDR. In contrast, with other vendors such as Cortex or Trend Micro, you must obtain the same vendor endpoint.

My advice for others looking to implement Cisco XDR is to establish licensing agreements beforehand and list your products for integration with Cisco XDR. You need to know which email systems, DLP solutions, firewalls, and vendors you will use, as this helps identify the best licensing for your needs.

Regarding how many people use the solution, I can say that we are running it on our SOC, which has multiple shifts and approximately eight SOC analysts.

Cisco XDR does not require any maintenance, as this is provided by Cisco. My overall rating for Cisco XDR is ten out of ten.

We are system integrators working in a consultancy mode with a team of implementation engineers. Over the last two years, we have worked on several Cisco XDR cases. In data centers, Cisco XDR is definitely the primary requirement. Our first choice is always Cisco, and while one or two other solutions have come our way, Cisco cases primarily come to us. In a certain segment, Cisco XDR is definitely the first priority. I would say that about 80% of my customer base relies on Cisco XDR. We are partners of Cisco and we focus particularly on the implementation aspect, while also taking care of services.

Cisco XDR is one of the most matured systems available. It is quite user-friendly. The system has been very effective, and our customers receive sufficient reports demonstrating visible benefits. This helps maintain customer confidence, particularly in secure data center implementations. With the implementation we have deployed, our customers gain confidence in having their data center secure. The reporting capabilities are pretty extensive. Cisco XDR is keeping our customers protected.

It would be difficult for me to identify specific improvements at this moment. We have not really foreseen exactly what additional benefits might be needed. Given more thought, something could potentially come out, but we have not found any requirements for additional features.

The solution is working well for our needs.

There were some challenges initially, but with the technical support provided, we were able to resolve them and move forward successfully.

Scalability has been a consideration for our implementations.

The technical support has been very helpful. During implementation, we receive assistance from the technical support team and have obtained proper support from their side.

In a certain segment, Cisco XDR is definitely the first priority. I would say that about 80% of my customer base relies on Cisco XDR as the way to go.

We are partners of Cisco and focus particularly on the implementation aspect. We also take care of the services.

Cisco XDR has helped our customers achieve positive returns on their investment.

I strongly feel that Cisco XDR is more proactive rather than reactive compared to alternate solutions.

It would be difficult for me to provide additional advice at this moment. I would give Cisco XDR a nine out of ten. I would definitely recommend it. I

Cisco XDR serves as the main platform for threat detection and threat response in my organization.

We have integrated all of our internal devices including firewalls, servers, EDRs, and endpoints into Cisco XDR. In typical scenarios, we find blacklisted IP communication detected by our firewall, and Cisco XDR blocks these particular attempts made by blacklisted IPs, thereby helping us secure our environment from potential cyber threats.

We focus on the alerts generated by Cisco XDR and the threat intelligence reports available on the platform. Our security team reads through those reports and proactively blocks those IPs and the IOCs on our firewall rather than waiting for Cisco XDR to raise an alert about a particular IP or IOC attempting to communicate with the environment. The threat intelligence information available on the platform is quite useful for us to proactively take actions to better secure our environment and reduce our attack surface for potential cyber threats.

Cisco XDR offers a wide range of integrations and connectors where we can integrate a whole range of devices available in our on-premises environment as well as cloud sources which we have primarily on AWS and Azure. Those environment log sources are integrated with Cisco XDR and it helps provide a single pane of glass view in terms of our security posture, giving us visibility within a single platform rather than focusing on individual security devices such as firewalls or EDRs which would typically be working in silos.

These integrations are straightforward. Cloud workloads are easier to integrate compared to on-premises devices, primarily because the cloud workloads have readymade connectors and integration standard operating procedures for us to integrate with Cisco XDR. We have typically not faced challenges with integrations with Cisco XDR. There may be certain OEMs which are not well known and cannot be directly integrated without the help of vendor support or OEM support, which we were able to connect with and ensure they are integrated with Cisco XDR.

From the reporting perspective, the dashboards offer quite a lot of predefined and useful options which help with live threat monitoring and provide a high-level view of the current threats, incident reporting metrics, mean time to detect, and mean time to respond. These sorts of dashboards are available on the platform and help provide a good view even for someone at the leadership level.

Cisco XDR has definitely improved our security posture and our visualization, ensuring that we are protected and providing greater visibility for our SOC team.

Cisco XDR has definitely reduced our mean time to respond. Previously it used to be more than 24 hours, but we have been able to reduce it to less than 16 hours due to all the various integrations and automation capabilities.

Cisco XDR has been useful for us to gain visibility into gaps in our security posture and how those can be improved by conducting analysis on the platform itself. We have utilized the platform to improve our security posture and reduce blind spots.

Cisco XDR can be improved in terms of out-of-the-box integrations and standard operating procedures available on the platform where we would not have to refer to documents outside of the platform to integrate. Having these standard operating procedures or integration methods available within the platform for most devices will help improve our experience with Cisco XDR.

The primary area for improvement is the integrations itself.

I have been working in my current field for about ten plus years.

Cisco XDR is stable in our environment and we have not found major issues in terms of downtime or lack of monitoring coverage.

In terms of scalability, Cisco XDR is quite scalable in terms of a licensing model and the number of assets we have integrated with it. It is seamless.

The customer support has been quite good. When we raise a ticket on technical support, they reach out to us within a couple of hours to listen to our issue and provide us with solutions. I would rate customer support at nine out of ten.

We used IBM QRadar before we switched to Cisco XDR primarily because IBM QRadar was more a legacy system and customizations, connector building, parser building, and integrations were taking a long time where we had to reach out to IBM for support. With Cisco XDR, we found a quicker turnaround time.

Our team required extra training and onboarding support during the initial phase, but as of now they are using it seamlessly. I would rate it at approximately eight out of ten.

We have experienced return on investment since we have been utilizing this platform for the last five years. Over time as the platform has evolved and more automations have been put in place, the number of human resources required has drastically reduced. Previously, we used to require four people in each shift to manage all of the incidents and workloads, which would essentially be about twelve people per day. We have been able to cut them down to six people per day, which is roughly half the team size required as of now. This helps in saving cost and time.

In terms of licensing and support cost, it is quite seamless. Based on the number of users we require, we have purchased as many licenses, and the setup is also a one-time cost which we received support for from Cisco's technical support team.

Before choosing Cisco XDR, we evaluated Splunk, IBM QRadar which was already existing in the environment, and Microsoft Sentinel. Cisco XDR was the best option in terms of overall feature capabilities and pricing.

In terms of DLP, Cisco XDR is quite useful. We are using a different DLP as well within our organization, so we are not extensively relying upon Cisco XDR for DLP, but it is a good solution to fall back upon. In terms of pricing, it is not the cheapest but it is also not the most expensive compared to other products we have experienced in the past.

Cisco XDR is hosted on private cloud.

We are typically deployed on AWS and have utilized automation workflows to improve our mean time to respond, reducing it from over 24 hours to less than 16 hours.

We prioritize incidents based on its criticality in terms of which devices or environments are affected that we have integrated with this platform. This has definitely helped in prioritizing incidents and ensuring that we have good coverage twenty-four hours a day, seven days a week across business hours and non-business hours by looking at the trend of what incident types occur and how often they occur, as well as what kind of team support is required across multiple shifts during the day and night.

The platform helps our SOC team access the platform across the entire shifts. We follow three shifts, and it helps with the shift handover when we transition from the morning shift to the afternoon shift or from the afternoon shift to the night shift. The platform helps seamlessly hand over from the previous analyst in the previous shift to the new analyst in the next shift.

My advice to other potential buyers of Cisco XDR would be to always conduct an evaluation or a proof of concept before actually purchasing because each environment is different and while Cisco XDR may be useful in most environments, there are potentially some environments where it may not be useful. It is always good to try before you buy. I would rate this product an eight out of ten.

Cisco XDR is used for endpoint security, data protection across endpoints, network protection, advanced persistent threat (APT) detection, ransomware attack mitigation, and advanced threat detection. We use Data Loss Prevention (DLP) because it integrates with Cisco Secure Access and Cisco Umbrella, helping to protect sensitive data. Cisco XDR is the extended detection and response solution we have implemented.

Cisco XDR is appreciated as a SaaS-based platform for its user-friendliness with simple management tools that are easy for configuration. Its ability to reduce the Mean Time to Respond (MTTR) from hours to minutes and the option to use a customized dashboard are highly valued features.

The platform's AI-driven architecture, especially in Advanced Persistent Threat (APT) detection, is praised. Automation features streamline security operations by replacing manual and repetitive tasks.

Cisco XDR offers comprehensive security by identifying visibility across the network and protecting cloud endpoints. It has significant performance metrics and scalability, designed to handle a large number of endpoints and sessions.

While Cisco XDR is robust, it could benefit from improvements on the AI side. More features could be added to prioritize and automate traffic.

We have been using Cisco XDR for more than two to three years.

We have not found any stability issues or received complaints from customers, so as of now, there is no improvement needed.

Cisco XDR is designed to handle significant scaling of endpoints, allowing management of a large scale of environments with thousands of sessions. It is rated nine out of ten for scalability.

The customer service response time is very good, with a strong technical team providing proper solutions when support is needed.

We previously used Cortex XDR for Palo Alto. While the features are similar, Cisco XDR's AI-driven feature is more advanced, making it a better choice.

The deployment is considered simple and very user-friendly.

Cisco XDR has benefits on the user end and is easy to manage and deploy a large number of endpoints in a short time.

Alternate XDR solutions include Forcepoint and Zscaler.

As of now, there are no gaps identified, so I am not able to provide further advice. The review rating for Cisco XDR is nine out of ten.

As a security consultant, I use multiple SIEM and XDR solutions, so cumulatively, I can say I have used Cisco XDR for around one year.

Cisco XDR is built primarily for enterprise endpoint security, integrated onto endpoints with logs integrated into SIEM, and it is used for security investigations, malware impact investigation, and tracking particular security incidents through integration of different logs, where endpoint logs are very important, providing detail about processes run by potential malware and any call-outs made to command and control.

The best features of Cisco XDR include its ability to integrate with multiple SIEM platforms, with visibility coming from a lot of Cisco's devices, and it syncs well with other XDRs and endpoint defenses such as Microsoft Defender, SentinelOne, and CrowdStrike, integrating well with other vendor products.

Cisco XDR helps prevent data loss during ransomware attacks by integrating with multiple levels of security, tying to identity management systems, and allowing placement of blocks at the endpoint level, which provides an additional layer of security, optimizing for detecting and preventing data loss based on how well the rules are placed and how well integrations are done for overall visibility of different stages of intrusion or data loss.

Improvements in Cisco XDR revolve around performance. The less performance it utilizes to run at high configuration levels, the better it becomes, so all vendors need to continue working on keeping resource utilization low while providing optimum performance, which is a defining point or deal breaker.

I have used Cisco XDR for around one year.

Stability is dependent on integration, since product-wise it is very stable, but performance-wise it is acceptable, so I would give it a rating of six.

In terms of scalability, I rate it as the best. For scalability, I would give it an eight out of ten.

I would rate technical support as a seven to eight because it is very great in current times. If I had to decide between seven or eight, I would say a seven.

I mostly use the AI assistance and automation feature for reporting, not for analysis because I do not trust AI for conclusions, only for inputs and reporting, which is how the AI component is utilized.

I do use the feature for prioritizing incidents across multiple security controls, but that needs to be configured, as I work mostly at the governance level for information security as a consultant, so the effectiveness depends on how well it is integrated and what the policy and operations are.

Cisco XDR streamlines incident response through its functionalities, being top of the stack and comparing well with other providers such as Palo Alto or the recently developed open-source Wazuh, which makes it very good.

I compare Cisco XDR with top-of-the-stack options available such as Palo Alto, Sophos XDR, and Secureye, an Indian company, and it lines up with all of them, providing a lot of other devices and software with Cisco's easy integration, making it one of the best for visibility.

I would definitely suggest Cisco XDR for enterprises and MSMEs who have a specified budget to fortify their defenses, and it stacks up well against other offerings in the market, naming CrowdStrike as somewhat better due to its knowledge base and R&D, with Tanium ranking just under it, making Cisco XDR probably number three in the XDR market.

I rate this review overall as a seven out of ten.

My primary use case for Cisco XDR is log review from devices, and then doing analytics for quicker responses in the future to security incidents.

The feature I appreciate the most about Cisco XDR is the flexibility for a user to be able to create their own reporting and dashboards. I would say I got to stop beta testing myself. I am testing what can be customized the most with it. Being able to ingest all the analytics and make it something that's either meaningful to them or to their own leadership is a big plus. It's not just what the product is at launch; you have the ability to customize and make it useful to your business to actually get real, purposeful information out of just a swamp of data.

The features of Cisco XDR have actually benefited the organization significantly by allowing us to do the outputs of specific data and even filtered subsets of the data. We can do the same reporting but only deliver in either reports or dashboards the information about the systems that a specific team is responsible for, or the larger teams that multiple departments or IT silos roll up into. We're basically able to just modify the filters and have the same reports in the same dashboards where it's all the same; 99% of the work is the same.

To improve Cisco XDR, I can't think of anything super meaningful because a couple of features I'm interested in are actually ones that integrate with Duo, but that's not widely used. I'm fine with the features that are on their way into the product based on the roadmap I've seen, so I can't suggest any other features from a user perspective.

I have been using Cisco XDR for 18 months.

My assessment of the stability and reliability of Cisco XDR is positive. Any perceived performance issues were traced back to specific users attempting to process too much data at once. We clarified optimal procedures, which encouraged people to interact with the system more efficiently and avoided traditional outdated workflows.

My experience with customer service and technical support has been fantastic. We've only needed to contact them twice for our security team, and each time was mainly to understand how something was functioning.

Prior to adopting Cisco XDR, we were using four products, three of which stayed in evaluation while dropping others. We recognized that Cisco XDR could replace multiple systems, making it an appealing choice.

My experience with the deployment of Cisco XDR was that it was simple. During the proof of concept, the setup was straightforward, and for the most part, we provided systems access to the security team, allowing them to tie everything together without needing additional help.

I have expanded the usage of Cisco XDR. The process of expanding usage has been smooth and easy. Since we frequently work with Cisco, it makes it hassle-free to justify needing more and explaining why.

Having proven its value and capability to quickly ramp up our operations has simplified expanding licensing and replacing systems. I know of several incidents that demonstrate Cisco XDR's return on investment (ROI). Two customers faced a network breach and a bad configuration incident, but unlike in the past where recovery took days, they managed to shut down access points quickly. Their ability to divert a crypto attack within 30 minutes saved them from a multi-day outage that previously had entire staff doing nothing but recovering systems.

Within our teams, I absolutely see the ROI with Cisco XDR. We have effectively identified gaps in our incident response processes and what information we need. Security is one of the most cost-effective insurance policies, and Cisco XDR serves as our magnifying glass to understand our security contract better. It has provided us with a tool that enhances visibility and interactivity among our teams.

My experience with pricing, setup costs, and licensing has been intriguing. I used to work for a Cisco partner, and I still have friends there with whom I discuss comparisons regarding some hardware products we sold. The shift I've seen is the elimination of the need for professional service packages. Users can customize their use of Cisco XDR significantly from the onset, which has resulted in a lower total cost of ownership compared to when we sold hardware and multiple systems.

I don't recall every product we considered before selecting Cisco XDR, but we looked at about nine alternatives. Our security team discovered details about Cisco XDR through integration work as a partner, which led us to realize that it could address many features we were interested in but were not initially evaluating. The aspect that stood out most during the evaluation process of Cisco XDR was its ease of use. Seeing how quickly we set up a proof of concept, along with the internal demos we received, made me confident about its implementation. Once we allowed everyone hands-on experience, it further affirmed how much smoother and more intuitive it was compared to others.

The impact of AI assistance and Cisco XDR on productivity is massive. We're no longer tied to just our reporting that was created for either looking at information specifically requested, or in response to a past event that we knew about. Now, security administrators can just go look and chat with the bot to get back a much more instant response and almost a live view of the data. They can navigate through breadcrumbs to get to the details of an event without causing hours of delays for someone to dig through that data or involve someone more conversationally versed in specific hardware products to look at the data.

The feature for prioritizing incidents across multiple security controls in Cisco XDR has affected my incident management process significantly. Even on the vendor side, as a traditional IT shop, we have silos of excellence where all these teams don't necessarily work together until there is an incident. Having our security and specified incident response leads from each team be able to get this data quickly allows security to determine if an incident is a mistake, a script triggering alarms, or just a bad network change.

My experience with using Cisco XDR to evaluate gaps in security coverage has been quite beneficial. Giving our security team and the first few end-user leads that own specific systems access to the AI chatbot has been crucial. We did reviews to determine what they are asking of the bot, how often they prompt it, and the types of responses they are getting back. This helped us identify that many of the teams in the middle that own connecting pieces did not realize that the security team was more responsive and concerned about certain issues than they thought.

My advice for other organizations considering Cisco XDR is to evaluate if they're already using a platform that meets all their needs. Think about what additional capabilities you desire, and envision what could be possible if everyone had access to pertinent data. Engaging directly with someone at Cisco to demonstrate how XDR can meet those needs is crucial to instill excitement and clarity among teams about data, workflows, and security. On a scale of 1-10, I rate Cisco XDR a 9.

We use Cisco XDR for our network devices and data centers, as we are an internet provider. We deliver the internet to customers.

The feature I appreciate the most about Cisco XDR is the reliability. The reliability of Cisco XDR benefits my company by ensuring less downtime and less customer downtime, and it is also easier to keep everyone trained on Cisco because we are all more familiar with that than other vendors.

My only complaint about Cisco XDR is related to licensing, which is complicated.

I have been using Cisco XDR for probably three years.

Cisco XDR is very reliable, which is its big advantage.

Cisco XDR scales effectively with the growing needs of my company.

My experience with their technical support has been excellent. I would rate Cisco customer service a ten out of ten.

It is easy to implement.

The biggest return on investment when using Cisco XDR is the downtime aspect, specifically not having to roll out to sites and not having customers experience downtime.

I don't have the metrics, but the downtime reduction is definitely a lot compared to the other vendors that we've used in the past.

The licensing of Cisco XDR is a bit complicated. The cost can depend on what it is, and the process can be a little complicated.

We did consider other solutions before choosing Cisco XDR. We went for Cisco XDR because we're all already trained in Cisco. Reliability is also a big reason.

I would rate Cisco XDR a nine out of ten. The only thing that could make it a ten is better licensing. That's my only complaint.

We are a small ISP, and it mainly use it just basically for routing and insights into wherever our traffic goes through.

My job is to put out fires all day. The features of Cisco XDR benefit my company since time is money. When outages happen and when a customer can't reach the internet, they get agitated. Therefore, the quicker we can mitigate an issue, our customers get happier in a quicker fashion.

I appreciate the granularity of what I get from Cisco XDR the most. It provides so much information that I can troubleshoot in a more detailed fashion. I get all this information and can comb through it to figure out exactly where the source of the trouble comes from.

Between the clarity, the granularity, and the dashboard, it just works.

It does its job by helping evaluate gaps and mitigating in a timely fashion.

Cisco XDR can be improved by addressing the upfront cost. Everything matters for us since we're small, mom and pop, so every dollar counts.

I have been using Cisco XDR for about two years, two and a half years.

The stability and reliability of Cisco XDR, similar to most Cisco products, are bulletproof. As long as I keep it with ramp patching and updates, they just work.

Regarding scalability, since we're smaller, I don't know if we'll ever grow bigger than what we are now, being landlocked in Bixby, Oklahoma. However, if we were blessed to get bigger, it would be easy.

My experience with customer service and technical support for Cisco XDR is that the tech support is excellent and easy to work with.

I considered other solutions before choosing Cisco XDR, such as FortiGate and Juniper, and those were two that we had a proof of concept with. FortiGate was good, but it was actually a blessing because Cisco XDR was technically cheaper than FortiGate.

My experience with the deployment of Cisco XDR is that it was extremely easy. We worked with our VAR, Net Fabric.

The representative we worked with helped us set it up and it just worked.

The biggest return on investment when using Cisco XDR is that, being a small company where everybody has multiple roles, the quicker I can mitigate something, the faster I can return to my scheduled tasks for that day.

My experience with the costs, including setup costs and licensing for Cisco XDR, is that it's now a subscription base, with options for one year, three year, or five year terms.

It would be preferable to return to the old model where you just buy it once without having to pay a renewing fee, however, I don't think they're going to implement that.

I considered other solutions before choosing Cisco XDR, such as FortiGate and Juniper, and those were two that we had a proof of concept with. FortiGate was good, however, it was actually a blessing because Cisco XDR was technically cheaper than FortiGate.

Cisco XDR streamlines incident response through its provided functionalities because, based on the clarity of the dashboard and the granularity, it works effectively.

I would rate Cisco XDR overall a nine out of ten, based on the price point.