Cisco today officially joined many other major security vendors in the competitive extended detection and response (XDR) market. The move combines its expertise and visibility across the network and endpoint and consumes telemetry from leading third-party vendors.

Raj Chopra, SVP and chief product officer at Cisco Security, called the new XDR service the first fulfillment of the vendor’s Security Cloud vision, which is a unified platform that integrates security and networking services across hybrid multi-cloud environments for the entire IT ecosystem.

According to Gartner, XDR combines elements of endpoint detection and response (EDR), security information and event management (SIEM), security orchestration, automation, and response (SOAR), and network traffic analysis (NTA) in a software-as-a-service (SaaS) platform.

Chopra noted traditionally, SIEM focuses more on the “after-the-fact” such as log aggregation and forensics, while the scope of EDR narrows within the endpoints. XDR, on the other hand, consumes more information for full-context and higher-fidelity detection and prioritizes appropriate response and remediation.

Cisco’s XDR service aims to correlate and analyze native and third-party telemetry sources including endpoint, network, firewall, email, identity and domain name system (DNS) to deliver detection and response “near real time.”

It uses insight from 200 million endpoints with Cisco Secure Client (formerly AnyConnect) to provide visibility on where the endpoint meets the network.

Gartner named Cisco as a “visionary” in last year’s Magic Quadrant report for endpoint protection platforms. Despite lower EDR market share, “our footprint with AnyConnect is two-and a-half-times larger than the largest EDR vendor out there,” Chopra told SDxCentral.

On top of its own telemetry, Cisco works with third-party vendors to share telemetry and deliver consistent outcomes for multi-vendor environments. And the initial integrations for its XDR include:

•  EDR: CrowdStrike Falcon Insight XDR, Cybereason Endpoint Detection and Response, Microsoft Defender for Endpoint, Palo Alto Networks Cortex XDR, SentinelOne Singularity, Trend Vision One
• Email threat defense: Microsoft Defender for Office, Proofpoint Email Protection
• Next-generation firewall (NGFW): Check Point Quantum, Palo Alto Networks Next-Generation Firewall
• Network detection and response: Darktrace DETECT™ and Darktrace RESPOND™,  ExtraHop Reveal(x)
• SIEM: Microsoft Sentinel

Chopra noted Cisco is taking the ecosystem-building approach for its XDR and partnering with security vendors and as-a-service providers. “We are providing you far more value on top of whatever you're using. ”

And the networking and security giant plans to add more telemetry sources and partners in the future. “There are three or four very big vectors that we are already working on that will also be part of the XDR which is going to make this even more helpful in even more environments going forward,” he added.

Cisco XDR is now in beta and will be generally available in July.