I use Cisco XDR for detection and response. I have an Insight license from Cisco XDR, which provides me with a powerful GUI on the cloud where I can see comprehensive insights from my machines. I also have an MDR service license from Cisco.

I use Cisco XDR for prioritizing incidents across multiple security controls. The second-best technical feature is incident correlation, which provides me centralized visibility and a single place to review incidents and investigate IPs, URLs, and domains. All log data is visible on one dashboard for managing incidents and taking actions with integrations and connectors to other products in my organization.

I have not yet run the DLP feature in Cisco XDR, but the XDR forensics capability provides evidence collection and forensics visibility, which works very well with incident correlation. Regarding DLP, I run an endpoint from Kaspersky, not Cisco. The integrations are strong, and I have purchased integrations from Cisco.

I have used the automation feature in Cisco XDR to improve workflows. I have connectors and direct integrations that allow Cisco to integrate with my firewalls using predefined integrations. I enable collectors and have connected firewalls, endpoints, and email systems, which allows me to take actions. For example, during a phishing incident, I run automations to investigate domains that trigger a phishing email, and I can block this domain on my email system through integration with Cisco XDR.

Cisco XDR has helped expose gaps in my security coverage. Since implementing it, I did not have NDR, and I opened a conversation with Cisco to implement the Cisco NDR module, which will be very useful to integrate with Cisco XDR. I receive detailed reports on traffic flow, so I can see on the Cisco XDR dashboard when user X attempts to connect to a malicious domain, for example.

The best feature of Cisco XDR, on which I based my decision to purchase it, is that Cisco XDR does not require an endpoint from Cisco. It can work with any endpoint. In my situation, I have an endpoint from Kaspersky, and Cisco XDR can integrate with it. It has predefined integrations based on the licensing model, so there is no need to have a Cisco endpoint to use Cisco XDR. This is not the typical use case for other XDR solutions like Trend Micro or Palo Alto Cortex, where you must obtain the endpoint from the same vendor.

In just four months, I have seen a good return on investment with Cisco XDR. I have reduced incidents and saved time because previously, if I encountered any incident, I would have spent considerably more time and effort reaching out to every security control on my network and checking logs across multiple systems. With Cisco XDR, I gain visibility on one dashboard where I can see extensive logs, resulting in time saved and reduced security incidents, which provides a strong return on my investment.

I believe the advanced insights module in Cisco XDR has room for improvement because it requires a separate license. If Cisco allowed me to access full data with a basic license, it would benefit many customers.

I have used Cisco XDR for four months.

I assess the stability of Cisco XDR as ten out of ten.

Although I have not yet tested scalability, I can say that theoretically it appears to support scalability, so I would rate it as ten out of ten.

I rate the technical support from Cisco as very professional with a strong support team. It is Cisco TAC, so I would rate it as ten out of ten.

The deployment of Cisco XDR is very simple and straightforward. I access the service, check the service, configure it, and I obtain the dashboard to begin configuring integrations. I receive logs and can take actions based on incidents easily.

In just four months, I have seen a good return on investment with Cisco XDR. I have reduced incidents and saved time because previously, if I encountered any incident, I would have spent considerably more time and effort reaching out to every security control on my network and checking logs across multiple systems. With Cisco XDR, I gain visibility on one dashboard where I can see extensive logs, resulting in time saved and reduced security incidents, which provides a strong return on my investment.

I believe the pricing of Cisco XDR is affordable compared to other solutions.

I believe Cisco XDR compares favorably with other XDR solutions such as Cortex XDR and Trend Micro Vision One. The best feature, as I mentioned earlier, is that Cisco XDR does not require its own endpoint. I have a Kaspersky endpoint, and I did not need an endpoint from Cisco to use Cisco XDR. In contrast, with other vendors such as Cortex or Trend Micro, you must obtain the same vendor endpoint.

My advice for others looking to implement Cisco XDR is to establish licensing agreements beforehand and list your products for integration with Cisco XDR. You need to know which email systems, DLP solutions, firewalls, and vendors you will use, as this helps identify the best licensing for your needs.

Regarding how many people use the solution, I can say that we are running it on our SOC, which has multiple shifts and approximately eight SOC analysts.

Cisco XDR does not require any maintenance, as this is provided by Cisco. My overall rating for Cisco XDR is ten out of ten.