Cisco XDR Reviews

I use Cisco XDR primarily for emails and endpoints. I use Cisco XDR features for prioritizing incidents across multiple security controls, mainly focusing on emails but also on threat analysis such as phishing and malware. This enables rapid investigations and automated responses, blocking senders and isolating endpoints from threats collectively.

The best feature about Cisco XDR is that when it comes to email security, the centralized visibility is superb. For example, it gathers email data from various gateways, offering a centralized view of threats, which is very useful.

I assess the effectiveness of the DLP (Data Loss Prevention) capabilities in Cisco XDR as very useful. For example, it analyzes outbound and inbound web traffic and provides unified control. I have centralized control over data going out of the organization, so I can control what to send and what not to send. Such functionalities are very useful.

The main benefits I see from using Cisco XDR include its proactive security measures. For example, it allows advanced threat hunting and analysis, working proactively instead of just focusing on reactive measures. If a threat comes, it blocks the threat, but this solution proactively activates and alerts me, so it is very helpful in terms of security. Another benefit is that the integration is very good with third-party security tools or other Cisco products; I can integrate this very easily.

Cisco XDR has streamlined incident response by quickly notifying me, even through emails. I have set up phone messages, so normally I get alerts through my service provider if any threats arise. It is quick to send notifications if anything occurs, even notifying me of the preventive measures taken, such as blocking IPs and isolating devices.

If I could see improvements in Cisco XDR in the future, I would like to see a stronger focus on AI-driven solutions. For example, it has a feature called advanced threat detection, and if it can capture threats from worldwide new threats and publish them into a particular database linked with an AI-driven system that can immediately alert people, that would be very good for zero-day threats. The second improvement I suggest is reducing the subscription price a bit more.

I would like to see enhanced features in Cisco XDR, such as demo sessions with the product, and supporting multiple languages would be great.

Regarding the pricing aspect of Cisco XDR, I think the price is a bit expensive.

I have been working with Cisco XDR for almost one year.

I would rate Cisco technical support as extended, but their service is very unresponsive. It is very difficult to get in touch with them, so I would rate it a four out of ten.

Before Cisco XDR, I did not use any other products for XDR purposes.

The deployment aspect of Cisco XDR is smooth. Since I was new to this product, I did not do it in-house; I had a third party do it for me. My contribution was about 40 percent, and they did 60 percent of the work, so it went smoothly.

The deployment aspect of Cisco XDR is smooth. Since I was new to this product, I did not do it in-house; I had a third party do it for me. My contribution was about 40 percent, and they did 60 percent of the work, so it went smoothly.

I find it does bring a return on investment, but that will take a long period. I would say it is not in a short span; probably two to three years or more.

I thought of going with Check Point intrusion prevention system, but that product needs more technical knowledge, so I skipped it because it is also a bit more expensive than Cisco XDR.

My advice for other organizations considering Cisco XDR is that it offers proactive security measures that are really very helpful. It is also a unified control system where all emails and endpoints are visible on one dashboard, making it easy to understand, even for a non-technical person to quickly grab information by just seeing that. I would rate Cisco XDR as a product an eight out of ten overall.

I have used Cisco XDR to detect and respond to malicious activities on my client's endpoint. For instance, the last time I used it was when a client downloaded a malicious executable file, and when the endpoint picked it up as suspicious activity, I investigated and discovered using a threat intelligence platform, VirusTotal, that the hash of the executable file is malicious. I quarantined the endpoint and deleted the malicious executable file afterward, using it to block the malware.

It has positively affected our incident management process because Cisco XDR helps with early detection and does not allow room for escalation of malicious activities before remediation starts.

One function that Cisco XDR streamlines incident response through is its containment feature, which speeds up response time and demonstrates how it is useful in incident response.

For data loss prevention, I find it really helpful because it monitors email activities for some clients and reports suspicious data exfiltration activities, capturing and reporting instances when there is communication to a public IP suspicious for data exfiltration, allowing me to verify legitimacy with the client.

I find Cisco XDR really useful and interesting, and I believe that with time, it is going to get even better.

I appreciate the fact that Cisco XDR detects malicious activity as fast as it can and notifies me when suspicious executable files are downloaded in the client's environment, providing all the information needed for investigation, which is a feature I really enjoy.

When the alerts come in, they bring context, which is helpful. The alert comes in with context such as the file hash, sometimes with the source IP address or the destination IP address, and this context helps bring a suspicious activity to resolution quickly.

Before using Cisco XDR, I sometimes did not detect malicious activities in my client's environment, but since implementing this solution, my mean time to detect has actually reduced, and my mean time to respond has fallen within the acceptable threshold, positively impacting my organization as I can detect and respond to threats in time.

At the moment, I am still exploring Cisco XDR, and while it seems well built and the team has done good work on it, I cannot point out any specific errors or make generic suggestions for now, but I believe in six months I will be able to detail improvements.

For now, I really cannot think of anything that needs improvement because what I need for investigation comes with the alert, and I perform remediation activities on the solution.

The interface of Cisco XDR can be improved. I can navigate it, but I am still exploring and believe it can be made easier to interact with.

I have been using Cisco XDR for about close to eight months.

Cisco XDR is stable in my experience.

Cisco XDR is really scalable. For example, you can start with less than 10 endpoints and expand as results appear, and it is applicable not only to endpoints but can also be used on servers.

The customer support for Cisco XDR is fantastic. I have not had a reason to call them, but based on client information, they seem readily available whenever needed.

For this specific client, they have not used an XDR before, so Cisco XDR is the first one they are using in their environment.

They were convinced to try Cisco XDR due to the value they received from other Cisco products, such as Cisco ISE and Cisco ASA Firewall.

Regarding pricing, setup cost, and licensing for Cisco XDR, it was my client that did the licensing and costing, so I cannot speak much about that as I only manage the solution on their behalf.

Based on feedback from my client, they seem very satisfied with the output of Cisco XDR solution, so I assume they are content.

I recommend Cisco XDR to any client that may be interested because I have used a number of Cisco products and have no negative reservations at this point.

I would rate this product an 8 out of 10.

We are a small ISP, and it mainly use it just basically for routing and insights into wherever our traffic goes through.

My job is to put out fires all day. The features of Cisco XDR benefit my company since time is money. When outages happen and when a customer can't reach the internet, they get agitated. Therefore, the quicker we can mitigate an issue, our customers get happier in a quicker fashion.

I appreciate the granularity of what I get from Cisco XDR the most. It provides so much information that I can troubleshoot in a more detailed fashion. I get all this information and can comb through it to figure out exactly where the source of the trouble comes from. 

Between the clarity, the granularity, and the dashboard, it just works.

It does its job by helping evaluate gaps and mitigating in a timely fashion. 

Cisco XDR can be improved by addressing the upfront cost. Everything matters for us since we're small, mom and pop, so every dollar counts.

I have been using Cisco XDR for about two years, two and a half years.

The stability and reliability of Cisco XDR, similar to most Cisco products, are bulletproof. As long as I keep it with ramp patching and updates, they just work.

Regarding scalability, since we're smaller, I don't know if we'll ever grow bigger than what we are now, being landlocked in Bixby, Oklahoma. However, if we were blessed to get bigger, it would be easy.

My experience with customer service and technical support for Cisco XDR is that the tech support is excellent and easy to work with.

Positive

I considered other solutions before choosing Cisco XDR, such as FortiGate and Juniper, and those were two that we had a proof of concept with. FortiGate was good, but it was actually a blessing because Cisco XDR was technically cheaper than FortiGate.

My experience with the deployment of Cisco XDR is that it was extremely easy. We worked with our VAR, Net Fabric.

The representative we worked with helped us set it up and it just worked.

The biggest return on investment when using Cisco XDR is that, being a small company where everybody has multiple roles, the quicker I can mitigate something, the faster I can return to my scheduled tasks for that day.

My experience with the costs, including setup costs and licensing for Cisco XDR, is that it's now a subscription base, with options for one year, three year, or five year terms. 

It would be preferable to return to the old model where you just buy it once without having to pay a renewing fee, however, I don't think they're going to implement that.

I considered other solutions before choosing Cisco XDR, such as FortiGate and Juniper, and those were two that we had a proof of concept with. FortiGate was good, however, it was actually a blessing because Cisco XDR was technically cheaper than FortiGate.

Cisco XDR streamlines incident response through its provided functionalities because, based on the clarity of the dashboard and the granularity, it works effectively. 

I would rate Cisco XDR overall a nine out of ten, based on the price point.

I use Cisco XDR for detection and response. I have an Insight license from Cisco XDR, which provides me with a powerful GUI on the cloud where I can see comprehensive insights from my machines. I also have an MDR service license from Cisco.

I use Cisco XDR for prioritizing incidents across multiple security controls. The second-best technical feature is incident correlation, which provides me centralized visibility and a single place to review incidents and investigate IPs, URLs, and domains. All log data is visible on one dashboard for managing incidents and taking actions with integrations and connectors to other products in my organization.

I have not yet run the DLP feature in Cisco XDR, but the XDR forensics capability provides evidence collection and forensics visibility, which works very well with incident correlation. Regarding DLP, I run an endpoint from Kaspersky, not Cisco. The integrations are strong, and I have purchased integrations from Cisco.

I have used the automation feature in Cisco XDR to improve workflows. I have connectors and direct integrations that allow Cisco to integrate with my firewalls using predefined integrations. I enable collectors and have connected firewalls, endpoints, and email systems, which allows me to take actions. For example, during a phishing incident, I run automations to investigate domains that trigger a phishing email, and I can block this domain on my email system through integration with Cisco XDR.

Cisco XDR has helped expose gaps in my security coverage. Since implementing it, I did not have NDR, and I opened a conversation with Cisco to implement the Cisco NDR module, which will be very useful to integrate with Cisco XDR. I receive detailed reports on traffic flow, so I can see on the Cisco XDR dashboard when user X attempts to connect to a malicious domain, for example.

The best feature of Cisco XDR, on which I based my decision to purchase it, is that Cisco XDR does not require an endpoint from Cisco. It can work with any endpoint. In my situation, I have an endpoint from Kaspersky, and Cisco XDR can integrate with it. It has predefined integrations based on the licensing model, so there is no need to have a Cisco endpoint to use Cisco XDR. This is not the typical use case for other XDR solutions like Trend Micro or Palo Alto Cortex, where you must obtain the endpoint from the same vendor.

In just four months, I have seen a good return on investment with Cisco XDR. I have reduced incidents and saved time because previously, if I encountered any incident, I would have spent considerably more time and effort reaching out to every security control on my network and checking logs across multiple systems. With Cisco XDR, I gain visibility on one dashboard where I can see extensive logs, resulting in time saved and reduced security incidents, which provides a strong return on my investment.

I believe the advanced insights module in Cisco XDR has room for improvement because it requires a separate license. If Cisco allowed me to access full data with a basic license, it would benefit many customers.

I have used Cisco XDR for four months.

I assess the stability of Cisco XDR as ten out of ten.

Although I have not yet tested scalability, I can say that theoretically it appears to support scalability, so I would rate it as ten out of ten.

I rate the technical support from Cisco as very professional with a strong support team. It is Cisco TAC, so I would rate it as ten out of ten.

Positive

The deployment of Cisco XDR is very simple and straightforward. I access the service, check the service, configure it, and I obtain the dashboard to begin configuring integrations. I receive logs and can take actions based on incidents easily.

In just four months, I have seen a good return on investment with Cisco XDR. I have reduced incidents and saved time because previously, if I encountered any incident, I would have spent considerably more time and effort reaching out to every security control on my network and checking logs across multiple systems. With Cisco XDR, I gain visibility on one dashboard where I can see extensive logs, resulting in time saved and reduced security incidents, which provides a strong return on my investment.

I believe the pricing of Cisco XDR is affordable compared to other solutions.

I believe Cisco XDR compares favorably with other XDR solutions such as Cortex XDR and Trend Micro Vision One. The best feature, as I mentioned earlier, is that Cisco XDR does not require its own endpoint. I have a Kaspersky endpoint, and I did not need an endpoint from Cisco to use Cisco XDR. In contrast, with other vendors such as Cortex or Trend Micro, you must obtain the same vendor endpoint.

My advice for others looking to implement Cisco XDR is to establish licensing agreements beforehand and list your products for integration with Cisco XDR. You need to know which email systems, DLP solutions, firewalls, and vendors you will use, as this helps identify the best licensing for your needs.

Regarding how many people use the solution, I can say that we are running it on our SOC, which has multiple shifts and approximately eight SOC analysts.

Cisco XDR does not require any maintenance, as this is provided by Cisco. My overall rating for Cisco XDR is ten out of ten.

I use Cisco XDR to automate all the threats which are coming in. It automatically isolates the particular endpoints, whether it's a laptop or a server. That helps and provides a good quality report which helps us to identify and then analyze according to it.

I have SIEM tools of CrowdStrike. I have third-party tools such as endpoints of Trellix endpoints and SentinelOne as well. I integrate this from this integration to Cisco XDR, and I can see all the reports on a single dashboard.

Cisco XDR helps to detect the threats in my organization. It prioritizes most of the critical incidents and responds to them faster as well.

Cisco XDR generates the alerts and reduces the false positive reports. It prioritizes automatically the risk and the impact which will be happening on my organization. It also helps the SOC team to act faster due to the automation.

The best features Cisco XDR offers are threat detection, incident response, automated investigation, and integration. There are many third-party tools which I can integrate with Cisco XDR.

I believe the false positive reports can be reduced through AI automation, as well as the duration while loading the software. I believe that is lacking.

I chose nine because we have to reduce the false positive reports and the time taken to load a page. That's the reason I gave the nine.

I have been using Cisco XDR for the past three years.

Cisco XDR is stable.

The scalability of Cisco XDR is good. I would say nine.

I believe customer support is also good.

We have not switched. Cisco XDR is the first solution we implemented. We took the POC and it was good to go.

I evaluated Cortex before choosing Cisco XDR.

I believe Cisco XDR is good and I think I can also recommend it to most of the companies to just try it out once to have a POC, just to make sure all the things get under control in a single dashboard. You have to try it once. So far, everything is going well. I gave this product a rating of nine out of ten.

Cisco XDR is used for endpoint security, data protection across endpoints, network protection, advanced persistent threat (APT) detection, ransomware attack mitigation, and advanced threat detection. We use Data Loss Prevention (DLP) because it integrates with Cisco Secure Access and Cisco Umbrella, helping to protect sensitive data. Cisco XDR is the extended detection and response solution we have implemented.

Cisco XDR is appreciated as a SaaS-based platform for its user-friendliness with simple management tools that are easy for configuration. Its ability to reduce the Mean Time to Respond (MTTR) from hours to minutes and the option to use a customized dashboard are highly valued features.

The platform's AI-driven architecture, especially in Advanced Persistent Threat (APT) detection, is praised. Automation features streamline security operations by replacing manual and repetitive tasks.

Cisco XDR offers comprehensive security by identifying visibility across the network and protecting cloud endpoints. It has significant performance metrics and scalability, designed to handle a large number of endpoints and sessions.

While Cisco XDR is robust, it could benefit from improvements on the AI side. More features could be added to prioritize and automate traffic.

We have been using Cisco XDR for more than two to three years.

We have not found any stability issues or received complaints from customers, so as of now, there is no improvement needed.

Cisco XDR is designed to handle significant scaling of endpoints, allowing management of a large scale of environments with thousands of sessions. It is rated nine out of ten for scalability.

The customer service response time is very good, with a strong technical team providing proper solutions when support is needed.

We previously used Cortex XDR for Palo Alto. While the features are similar, Cisco XDR's AI-driven feature is more advanced, making it a better choice.

The deployment is considered simple and very user-friendly.

Cisco XDR has benefits on the user end and is easy to manage and deploy a large number of endpoints in a short time.

Alternate XDR solutions include Forcepoint and Zscaler.

As of now, there are no gaps identified, so I am not able to provide further advice. The review rating for Cisco XDR is nine out of ten.

As a security consultant, I use multiple SIEM and XDR solutions, so cumulatively, I can say I have used Cisco XDR for around one year.

Cisco XDR is built primarily for enterprise endpoint security, integrated onto endpoints with logs integrated into SIEM, and it is used for security investigations, malware impact investigation, and tracking particular security incidents through integration of different logs, where endpoint logs are very important, providing detail about processes run by potential malware and any call-outs made to command and control.

The best features of Cisco XDR include its ability to integrate with multiple SIEM platforms, with visibility coming from a lot of Cisco's devices, and it syncs well with other XDRs and endpoint defenses such as Microsoft Defender, SentinelOne, and CrowdStrike, integrating well with other vendor products.

Cisco XDR helps prevent data loss during ransomware attacks by integrating with multiple levels of security, tying to identity management systems, and allowing placement of blocks at the endpoint level, which provides an additional layer of security, optimizing for detecting and preventing data loss based on how well the rules are placed and how well integrations are done for overall visibility of different stages of intrusion or data loss.

Improvements in Cisco XDR revolve around performance. The less performance it utilizes to run at high configuration levels, the better it becomes, so all vendors need to continue working on keeping resource utilization low while providing optimum performance, which is a defining point or deal breaker.

I have used Cisco XDR for around one year.

Stability is dependent on integration, since product-wise it is very stable, but performance-wise it is acceptable, so I would give it a rating of six.

In terms of scalability, I rate it as the best. For scalability, I would give it an eight out of ten.

I would rate technical support as a seven to eight because it is very great in current times. If I had to decide between seven or eight, I would say a seven.

Positive

I mostly use the AI assistance and automation feature for reporting, not for analysis because I do not trust AI for conclusions, only for inputs and reporting, which is how the AI component is utilized.

I do use the feature for prioritizing incidents across multiple security controls, but that needs to be configured, as I work mostly at the governance level for information security as a consultant, so the effectiveness depends on how well it is integrated and what the policy and operations are.

Cisco XDR streamlines incident response through its functionalities, being top of the stack and comparing well with other providers such as Palo Alto or the recently developed open-source Wazuh, which makes it very good.

I compare Cisco XDR with top-of-the-stack options available such as Palo Alto, Sophos XDR, and Secureye, an Indian company, and it lines up with all of them, providing a lot of other devices and software with Cisco's easy integration, making it one of the best for visibility.

I would definitely suggest Cisco XDR for enterprises and MSMEs who have a specified budget to fortify their defenses, and it stacks up well against other offerings in the market, naming CrowdStrike as somewhat better due to its knowledge base and R&D, with Tanium ranking just under it, making Cisco XDR probably number three in the XDR market.

I rate this review overall as a seven out of ten.

We use Cisco XDR for our network devices and data centers, as we are an internet provider. We deliver the internet to customers.

The feature I appreciate the most about Cisco XDR is the reliability. The reliability of Cisco XDR benefits my company by ensuring less downtime and less customer downtime, and it is also easier to keep everyone trained on Cisco because we are all more familiar with that than other vendors. 

My only complaint about Cisco XDR is related to licensing, which is complicated. 

I have been using Cisco XDR for probably three years.

Cisco XDR is very reliable, which is its big advantage.

Cisco XDR scales effectively with the growing needs of my company.

My experience with their technical support has been excellent. I would rate Cisco customer service a ten out of ten.

Positive

It is easy to implement.

The biggest return on investment when using Cisco XDR is the downtime aspect, specifically not having to roll out to sites and not having customers experience downtime.

I don't have the metrics, but the downtime reduction is definitely a lot compared to the other vendors that we've used in the past.

The licensing of Cisco XDR is a bit complicated. The cost can depend on what it is, and the process can be a little complicated. 

We did consider other solutions before choosing Cisco XDR. We went for Cisco XDR because we're all already trained in Cisco. Reliability is also a big reason. 

I would rate Cisco XDR a nine out of ten. The only thing that could make it a ten is better licensing. That's my only complaint.