Ransomware attacks are still one of the greatest threats to corporate and government networks. Cisco is presenting automated data recovery after ransomware attacks for its Extended Detection and Response (XDR) solution at the Black Hat IT security conference. In addition, the XDR service should automatically recognize, backup and restore business-critical data through an integration of Cohesity.
Overview of XDR extension
The complete avoidance of a ransomware attack is still the preferred goal; However, if an attack is successful, companies usually react either by manually recovering a backup that is hopefully not yet compromised, or by paying a ransom. Cisco’s XDR tool typically correlates telemetry from endpoints, network components, firewalls, email, identity, and DNS. The Cisco product also comes with service APIs for integrating third-party solutions.
With the now announced function in Cisco XDR, IT and security teams or the experts in a Security Operations Center (SOC) can have business-critical data automatically recognized, backed up as snapshots and restored. According to Cisco, this should happen at the first sign of ransomware. The manufacturer even promises that the software will often take effect before the attacker can access valuable data. The also announced integration of products from Cohesity, a manufacturer of backup and recovery software, is intended to complement the detection, correlation and reaction functions of Cisco’s XDR. The provider describes its offer as the first solution on the market with automated recovery processes and fast response. In addition, the new software package should minimize the effort involved in restoring data and open up the option of immediately converting security findings into active measures.
Cohesity integration for configurable recovery points
Cisco already presented numerous third-party integrations in XDR at the RSA Conference in April 2023. These are now expanding providers for backup and recovery of infrastructure and company data. It starts with two tools from Cohesity: DataProtect for data resiliency and DataHawk for threat protection and response – new functions for data protection and recovery. With the Cohesity integrations, Cisco customers can set configurable recovery points and bulk recovery for systems according to a predefined security plan. The new capabilities should be able to secure potentially infected virtual machines for future forensic investigations while protecting data and workloads in the rest of the environment.
Cohesity engineers worked with Cisco engineering teams to dynamically adjust policies for backing up and restoring business-critical data—that is, automating control based on data importance. Ultimately, every unpaid “ransom” thins out the criminals’ business model.
#Cisco #XDR #Automated #recovery #ransomware #attacks