Cisco XDR Reviews

I use Cisco XDR to automate all the threats which are coming in. It automatically isolates the particular endpoints, whether it's a laptop or a server. That helps and provides a good quality report which helps us to identify and then analyze according to it.

I have SIEM tools of CrowdStrike. I have third-party tools such as endpoints of Trellix endpoints and SentinelOne as well. I integrate this from this integration to Cisco XDR, and I can see all the reports on a single dashboard.

Cisco XDR helps to detect the threats in my organization. It prioritizes most of the critical incidents and responds to them faster as well.

Cisco XDR generates the alerts and reduces the false positive reports. It prioritizes automatically the risk and the impact which will be happening on my organization. It also helps the SOC team to act faster due to the automation.

The best features Cisco XDR offers are threat detection, incident response, automated investigation, and integration. There are many third-party tools which I can integrate with Cisco XDR.

I believe the false positive reports can be reduced through AI automation, as well as the duration while loading the software. I believe that is lacking.

I chose nine because we have to reduce the false positive reports and the time taken to load a page. That's the reason I gave the nine.

I have been using Cisco XDR for the past three years.

Cisco XDR is stable.

The scalability of Cisco XDR is good. I would say nine.

I believe customer support is also good.

We have not switched. Cisco XDR is the first solution we implemented. We took the POC and it was good to go.

I evaluated Cortex before choosing Cisco XDR.

I believe Cisco XDR is good and I think I can also recommend it to most of the companies to just try it out once to have a POC, just to make sure all the things get under control in a single dashboard. You have to try it once. So far, everything is going well. I gave this product a rating of nine out of ten.

Public Cloud

Amazon Web Services (AWS)

Cisco XDR is used for endpoint security, data protection across endpoints, network protection, advanced persistent threat (APT) detection, ransomware attack mitigation, and advanced threat detection. We use Data Loss Prevention (DLP) because it integrates with Cisco Secure Access and Cisco Umbrella, helping to protect sensitive data. Cisco XDR is the extended detection and response solution we have implemented.

Cisco XDR is appreciated as a SaaS-based platform for its user-friendliness with simple management tools that are easy for configuration. Its ability to reduce the Mean Time to Respond (MTTR) from hours to minutes and the option to use a customized dashboard are highly valued features.

The platform's AI-driven architecture, especially in Advanced Persistent Threat (APT) detection, is praised. Automation features streamline security operations by replacing manual and repetitive tasks.

Cisco XDR offers comprehensive security by identifying visibility across the network and protecting cloud endpoints. It has significant performance metrics and scalability, designed to handle a large number of endpoints and sessions.

While Cisco XDR is robust, it could benefit from improvements on the AI side. More features could be added to prioritize and automate traffic.

We have been using Cisco XDR for more than two to three years.

We have not found any stability issues or received complaints from customers, so as of now, there is no improvement needed.

Cisco XDR is designed to handle significant scaling of endpoints, allowing management of a large scale of environments with thousands of sessions. It is rated nine out of ten for scalability.

The customer service response time is very good, with a strong technical team providing proper solutions when support is needed.

We previously used Cortex XDR for Palo Alto. While the features are similar, Cisco XDR's AI-driven feature is more advanced, making it a better choice.

The deployment is considered simple and very user-friendly.

Cisco XDR has benefits on the user end and is easy to manage and deploy a large number of endpoints in a short time.

Alternate XDR solutions include Forcepoint and Zscaler.

As of now, there are no gaps identified, so I am not able to provide further advice. The review rating for Cisco XDR is nine out of ten.

Other

As a security consultant, I use multiple SIEM and XDR solutions, so cumulatively, I can say I have used Cisco XDR for around one year.

Cisco XDR is built primarily for enterprise endpoint security, integrated onto endpoints with logs integrated into SIEM, and it is used for security investigations, malware impact investigation, and tracking particular security incidents through integration of different logs, where endpoint logs are very important, providing detail about processes run by potential malware and any call-outs made to command and control.

The best features of Cisco XDR include its ability to integrate with multiple SIEM platforms, with visibility coming from a lot of Cisco's devices, and it syncs well with other XDRs and endpoint defenses such as Microsoft Defender, SentinelOne, and CrowdStrike, integrating well with other vendor products.

Cisco XDR helps prevent data loss during ransomware attacks by integrating with multiple levels of security, tying to identity management systems, and allowing placement of blocks at the endpoint level, which provides an additional layer of security, optimizing for detecting and preventing data loss based on how well the rules are placed and how well integrations are done for overall visibility of different stages of intrusion or data loss.

Improvements in Cisco XDR revolve around performance. The less performance it utilizes to run at high configuration levels, the better it becomes, so all vendors need to continue working on keeping resource utilization low while providing optimum performance, which is a defining point or deal breaker.

I have used Cisco XDR for around one year.

Stability is dependent on integration, since product-wise it is very stable, but performance-wise it is acceptable, so I would give it a rating of six.

In terms of scalability, I rate it as the best. For scalability, I would give it an eight out of ten.

I would rate technical support as a seven to eight because it is very great in current times. If I had to decide between seven or eight, I would say a seven.

Positive

I mostly use the AI assistance and automation feature for reporting, not for analysis because I do not trust AI for conclusions, only for inputs and reporting, which is how the AI component is utilized.

I do use the feature for prioritizing incidents across multiple security controls, but that needs to be configured, as I work mostly at the governance level for information security as a consultant, so the effectiveness depends on how well it is integrated and what the policy and operations are.

Cisco XDR streamlines incident response through its functionalities, being top of the stack and comparing well with other providers such as Palo Alto or the recently developed open-source Wazuh, which makes it very good.

I compare Cisco XDR with top-of-the-stack options available such as Palo Alto, Sophos XDR, and Secureye, an Indian company, and it lines up with all of them, providing a lot of other devices and software with Cisco's easy integration, making it one of the best for visibility.

I would definitely suggest Cisco XDR for enterprises and MSMEs who have a specified budget to fortify their defenses, and it stacks up well against other offerings in the market, naming CrowdStrike as somewhat better due to its knowledge base and R&D, with Tanium ranking just under it, making Cisco XDR probably number three in the XDR market.

I rate this review overall as a seven out of ten.

Public Cloud

Other

We use Cisco XDR for our network devices and data centers, as we are an internet provider. We deliver the internet to customers.

The feature I appreciate the most about Cisco XDR is the reliability. The reliability of Cisco XDR benefits my company by ensuring less downtime and less customer downtime, and it is also easier to keep everyone trained on Cisco because we are all more familiar with that than other vendors. 

My only complaint about Cisco XDR is related to licensing, which is complicated. 

I have been using Cisco XDR for probably three years.

Cisco XDR is very reliable, which is its big advantage.

Cisco XDR scales effectively with the growing needs of my company.

My experience with their technical support has been excellent. I would rate Cisco customer service a ten out of ten.

Positive

It is easy to implement.

The biggest return on investment when using Cisco XDR is the downtime aspect, specifically not having to roll out to sites and not having customers experience downtime.

I don't have the metrics, but the downtime reduction is definitely a lot compared to the other vendors that we've used in the past.

The licensing of Cisco XDR is a bit complicated. The cost can depend on what it is, and the process can be a little complicated. 

We did consider other solutions before choosing Cisco XDR. We went for Cisco XDR because we're all already trained in Cisco. Reliability is also a big reason. 

I would rate Cisco XDR a nine out of ten. The only thing that could make it a ten is better licensing. That's my only complaint.

Our main use case for Cisco XDR is to centralize security telemetry and correlated events across endpoints, the network, and email security tools. This solution helps us detect threats faster, reduce alert noise, and improve investigation efficiency.

Recently, a phishing email triggered an alert in Cisco XDR through email security, while the endpoint detected suspicious execution. The firewall logged unusual traffic, and Cisco XDR correlated all signals into a single incident, showing the full attack chain.

The best features Cisco XDR offers are cross-domain visibility, encompassing endpoint, network, and email in one place, and incident prioritization, which highlights high-risk events.

The threat correlation that links related alerts automatically is the feature I rely on the most because it converts multiple alerts into one actionable incident, which has significantly reduced investigation time.

Cisco XDR has positively impacted our organization by providing faster detection of complex threats, reducing alert fatigue, and giving us better visibility.

Cisco XDR is working well, but the solution could be more cost-effective for mid-sized and small organizations. Apart from this consideration, everything is excellent.

I have been using Cisco XDR for more than three years.

I highly recommend Cisco XDR, and my advice would be to deploy this solution by integrating the maximum number of security tools for full visibility and to start with key use cases. It is important to train your SOC team so that they can effectively handle this solution. I am providing this review with a rating of eight out of ten.

Public Cloud

Microsoft Azure

I use Cisco XDR because I'm a SOC analyst. It's something I use every single day. The majority of my work has been in Cisco XDR looking through incidents, reading reports that it gives, and making automations. 

I use Cisco XDR as more of an integration tool for all of our Cisco tools. I work in a Cisco Suite. We have AMP, Umbrella, Firepower, and all these different tools connected to Cisco XDR, and I can get all my data in one place. It's easier to look at just one tool versus the eight to ten other tools that we have to get data. It saves time and puts us ahead of different threats since it's all in one spot.

I saw the benefits of Cisco XDR immediately after the tool came out. We had meetings with Cisco where they were telling us about the tool. The higher-ups that I work for saw a need for it first, and then they came to the SOC group. When we sat in on the first meeting, we immediately knew that this was a tool we needed to help us save time and get ahead.

One of my favorite features of Cisco XDR is the automation tool, which saves a lot of time because we can craft these automations and workflows. If we get a phishing email, I can set up a workflow that can be initiated the minute the email comes in. If it suspects that to be malicious, it goes ahead and quarantines the file so that it can't spread through our network.

An issue that we have with Cisco XDR is the observable list. These observables are basically similar to a chess board where you have a certain number of spots to put pieces. It's the same concept when we're doing investigations. We're only allowed 2,000 characters and up to 1,000 observables when we do investigations. If we have a list of domains we need to block, such as 4,000 domains, I can only block 100 domains at a time because if I put in more than 100 domains, I hit that 2,000 character max and can't continue with an investigation. Being able to put in all 4,000 domains, without a character limit or observable limit, would make doing those case books a whole lot easier and blocking those domains a whole lot easier too.

I have been using Cisco XDR for about a year and a half.

When we first started with Cisco XDR in August, everybody was having issues. There were three people in our organization, including me, who couldn't even log in to Cisco XDR. We were constantly in meetings and contacting them by sending network logs or through calls. They were remotely looking at our screens. 

For about three months, our machines would freeze, and it wasn't just Cisco XDR. It was also integrated with AMP, and both sides would just freeze and lock up. We couldn't do anything, and even when we deleted the tabs, it would just crash out. That lasted for about three months, but once they got it fixed and figured out the issue with the observables and with the character limit, it's been flawless.

I have contacted the technical support for Cisco XDR. They answered pretty quickly, and they were always willing to get into a meeting with us. I didn't really have any issues with them besides minor things where they would tell me to do something that I had already tried or done. Other than that, they responded quickly, they were always willing to meet, and they were always willing to work as per my schedule.

Positive

Deployment went fine, but when it came to integration with tools, I was definitely the test guinea pig in terms of system failures. For two months, my Cisco XDR did not work because I was the one who found the observable issue and reported it to Cisco. There were multiple meetings and constant back and forth with engineers, telling them the things they were telling me to do were not working. They were not able to understand that I could not even log in to the application without it freezing. So, the deployment went well, but for the next two months, we had issues, which is normal with a new tool. We got it as soon as it hit the market, so we knew that there were going to be some complications.

I wouldn't say we have it fully set up right now. We're still integrating tools and workflows into it. We have it in working condition where we're able to do investigations in it, so we have it 95% set up now.

I'd rate Cisco XDR a nine out of ten overall.

Public Cloud

Other

We are system integrators working in a consultancy mode with a team of implementation engineers. Over the last two years, we have worked on several Cisco XDR cases. In data centers, Cisco XDR is definitely the primary requirement. Our first choice is always Cisco, and while one or two other solutions have come our way, Cisco cases primarily come to us. In a certain segment, Cisco XDR is definitely the first priority. I would say that about 80% of my customer base relies on Cisco XDR. We are partners of Cisco and we focus particularly on the implementation aspect, while also taking care of services.

Cisco XDR is one of the most matured systems available. It is quite user-friendly. The system has been very effective, and our customers receive sufficient reports demonstrating visible benefits. This helps maintain customer confidence, particularly in secure data center implementations. With the implementation we have deployed, our customers gain confidence in having their data center secure. The reporting capabilities are pretty extensive. Cisco XDR is keeping our customers protected.

It would be difficult for me to identify specific improvements at this moment. We have not really foreseen exactly what additional benefits might be needed. Given more thought, something could potentially come out, but we have not found any requirements for additional features.

The solution is working well for our needs.

There were some challenges initially, but with the technical support provided, we were able to resolve them and move forward successfully.

Scalability has been a consideration for our implementations.

The technical support has been very helpful. During implementation, we receive assistance from the technical support team and have obtained proper support from their side.

Negative

In a certain segment, Cisco XDR is definitely the first priority. I would say that about 80% of my customer base relies on Cisco XDR as the way to go.

We are partners of Cisco and focus particularly on the implementation aspect. We also take care of the services.

Cisco XDR has helped our customers achieve positive returns on their investment.

I strongly feel that Cisco XDR is more proactive rather than reactive compared to alternate solutions.

It would be difficult for me to provide additional advice at this moment. I would give Cisco XDR a nine out of ten. I would definitely recommend it. I

On-premises

Other

We are integrators, and we also resell Cisco XDR. Global customers are the primary users of Cisco XDR, while local customers often don't request it. For global customers, they directly request Cisco XDR and share all the part codes with us.

The single point of maintenance and dashboards are the strong points of Cisco XDR. The visibility of the network is the main valuable feature. Customers frequently request features that offer better system visibility. The solution also offers automated response capability, which I would rate around eight out of ten.

One area that needs improvement is the limited visibility due to the licensing structure. For more visibility, customers need the advantage or premier licensing, which involves additional costs. Competitors offer more visibility without any additional licensing, which is a significant drawback for Cisco.

We have been using Cisco XDR for more than three years.

Cisco XDR is stable. Customers have mentioned that the stability and scalability are good compared to competitors.

Technical support from Cisco is good and very helpful. We usually do not contact tech support unless we encounter issues. I would rate the support as nine out of ten.

Positive

The initial setup is not difficult and is very easy to command. We can easily find all the guidelines and necessary documentation online or from the Cisco site.

One person is enough for installation, but we typically allocate two engineers. For maintenance, one person can handle it, though we generally allocate one or two engineers for each site for convenience.

Costs vary depending on dollar fluctuations. Cisco requires conversion to dollars, which affects the cost compared to local competitors who bill in local currency. Overall, the price is a bit expensive compared to local competitors.

Some alerts before incidents occur would be a beneficial AI feature. Customers expect alerts for potential problems so they can take preventive measures. I rate Cisco XDR as eight out of ten. Our experience indicates that additional features or licensing options could enrich the overall experience.

Other