XDR, Channel partners, Content, Security Program Controls/Technologies

Cisco Adds Automated Ransomware Recovery to XDR Solution

BARCELONA, SPAIN – FEBRUARY 28: A logo sits illuminated outside the Cisco booth at the SK telecom booth on day 1 of the GSMA Mobile World Congress on February 28, 2022 in Barcelona, Spain. The annual Mobile World Congress hosts some of the world’s largest communications companies, with many unveiling their latest phones and wearables ga...

Cisco has integrated Cohesity DataProtect data protection and DataHawk ransomware protection capabilities into its extended detection and response (XDR) solution.

In doing so, organizations can use Cisco XDR to automatically recover from ransomware attacks, the company announced in a prepared statement.

What Cohesity DataProtect and DataHawk Offer

Organizations can utilize Cohesity DataProtect to secure their cloud-native, SaaS and on-premises data, the company said. DataProtect offers data backup, continuous data protection, disaster recovery and ransomware attack detection capabilities. It allows organizations to store backed-up data in a secured file system in immutable snapshots that cannot be directly accessed or mounted from outside the Cohesity cluster.

Meanwhile, organizations can leverage Cohesity DataHawk to identify threats, assess the impact of a cyberattack and recover their data, the company indicated. DataHawk provides threat protection and machine learning-powered data classification capabilities. It can be used with the Cohesity Security Center console, which provides organizations with security posture monitoring, anomaly and threat detection, data classification, user activity tracking and cyber vaulting capabilities.

Cohesity Brings Data Backup and Recovery Capabilities to Cisco XDR

Organizations can use Cohesity DataProtect and DataHawk with Cisco XDR to automatically identify, snapshot and restore data at the first sign of a ransomware attack, Cisco indicated. As such, organizations can mitigate ransomware attacks before they can move laterally across their networks.

DataProtect and DataHawk complement Cisco XDR's threat detection, correlation and response capabilities, Cisco noted. They provide configurable recovery points and mass recovery for systems assigned to a protection plan.

DataProtect and DataHawk help Cisco XDR users preserve potentially infected virtual machines (VMs) for future forensic investigations, Cisco said. At the same time, they protect user data and workloads.

A Closer Look at Cisco XDR

Cisco in April 2023 announced its XDR solution at the RSA Conference in San Francisco, California. The solution lets organizations use analytics to quickly detect and address threats, Cisco said. It works in combination with various security solutions, including:

  • Endpoint detection and response (EDR) solutions such as CrowdStrike Falcon Insight XDR and Microsoft Defender for Endpoint
  • Email threat protection solutions including Microsoft Defender for Office and Proofpoint Email Protection
  • Next-generation firewall solutions like Check Point Quantum and Palo Alto Networks Next-Generation Firewall
  • Network detection and response (NDR) solutions such as Darktrace DETECT and Darktrace RESPOND
  • Security information and event management (SIEM) solutions including Microsoft Sentinel

Cisco XDR is generally available worldwide. MSSPs, MSPs and other technology providers can join Cisco's partner program to integrate Cisco XDR into their offerings.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.