Ransomware attacks exploded after COVID-19 according to several reports, and so have solutions accelerating detection. Restoring ransomed enterprise and customer data from recent backups can give organizations a leg up on recovery while making it possible to avoid paying attackers to unlock operational data.
SEE: Ransomware attacks increased 91% in March, as threat actors find new vulnerabilities (TechRepublic)
- Data snapshots key to recovery
- Using AI to tune the cadence of backups
- Cisco acquires trio of companies for networking cloud business
Data snapshots key to recovery
One key to Cisco’s updated XDR platform is that when attackers hold an organization’s data for ransom, they lose leverage if the organization has recent backups that can be easily and rapidly restored. Cisco and security and data management platform Cohesity, one of several third-party alliances driving Cisco’s XDR, announced this week that the XDR platform is able to do quick “snapshots” of data for rapid backup through Cohesity DataProtect and DataHawk solutions.
The new technology is designed to minimize the time between the beginning of a ransomware outbreak and capturing a snapshot of business-critical information to near zero, according to Cisco.
Raj Chopra, SVP, chief product officer for Cisco Security, said that while the market is rife with detection capabilities — and indeed, XDR, touted for rapid, comprehensive telemetry, was a major talking point at RSA this year — there are few ways to remediate attacks with near-zero time latency. He said the new capabilities in Cisco XDR will allow security operations teams to automate the process of detection while taking “snapshots” of critical information for restoration at the very first signs of a ransomware attack before it even reaches sensitive assets.
“Because we have been instructing Cohesity to take snapshots, we have isolated infected systems, and Cohesity reconstitutes those systems to the last known good configuration,” Chopra said.
Using AI to tune the cadence of backups
Chopra added that the capabilities include artificial intelligence processes that allow fine-tuning of snapshot timing based on historical training data, including from Cisco Talos Threat Intelligence around sensitive endpoints and user behavior.
“We have 25 years’ worth of incident playbooks in Talos. Outside of the U.S. government, we are the largest corpus of threat intel in the world around incident response, which is where a lot of nuance in the AI models for our XDR comes from,” he said.
SEE: At Cisco LIVE, new security platforms with AI under the hood (TechRepublic)
Cohesity is just one of several alliances behind Cisco’s XDR platform, noted Chopra. “One of the key things new for Cisco has to do with the fact that, with cybersecurity, we were not going to win as an island,” said Chopra, adding that the role of XDR for enhancing comprehensive detection telemetry was enhanced with third-party partnerships. “When we launched in April, we already had 13 vendors we had done pre-built integrations with. So for us, ‘extended’ also means other vendors. It means receiving telemetry from wherever vendors happen to be,” he said.
Microsoft Defender, Palo Alto Networks, CrowdStrike and SentinelOne are also aligned with Cisco XDR. “This is the start of remediation becoming more mainstream. That’s what this is about,” said Chopra.
Cisco acquires trio of companies for networking cloud business
Separately, Cisco has acquired Code BGP, a privately held company based in Greece that monitors border gateway protocols, an internet data routing protocol that finds the most efficient network route for transmissions across the web.
Cisco said the acquisition is designed to enhance the network monitoring capabilities of Cisco ThousandEyes network monitoring. Cisco also recently acquired network performance monitoring company Accedian and internet performance platform SamKnows.