Cisco XDR Reviews

Our main use case for Cisco XDR is to centralize security telemetry and correlated events across endpoints, the network, and email security tools. This solution helps us detect threats faster, reduce alert noise, and improve investigation efficiency.

Recently, a phishing email triggered an alert in Cisco XDR through email security, while the endpoint detected suspicious execution. The firewall logged unusual traffic, and Cisco XDR correlated all signals into a single incident, showing the full attack chain.

The best features Cisco XDR offers are cross-domain visibility, encompassing endpoint, network, and email in one place, and incident prioritization, which highlights high-risk events.

The threat correlation that links related alerts automatically is the feature I rely on the most because it converts multiple alerts into one actionable incident, which has significantly reduced investigation time.

Cisco XDR has positively impacted our organization by providing faster detection of complex threats, reducing alert fatigue, and giving us better visibility.

Cisco XDR is working well, but the solution could be more cost-effective for mid-sized and small organizations. Apart from this consideration, everything is excellent.

I have been using Cisco XDR for more than three years.

I highly recommend Cisco XDR, and my advice would be to deploy this solution by integrating the maximum number of security tools for full visibility and to start with key use cases. It is important to train your SOC team so that they can effectively handle this solution. I am providing this review with a rating of eight out of ten.

Public Cloud

Microsoft Azure

I use Cisco XDR because I'm a SOC analyst. It's something I use every single day. The majority of my work has been in Cisco XDR looking through incidents, reading reports that it gives, and making automations. 

I use Cisco XDR as more of an integration tool for all of our Cisco tools. I work in a Cisco Suite. We have AMP, Umbrella, Firepower, and all these different tools connected to Cisco XDR, and I can get all my data in one place. It's easier to look at just one tool versus the eight to ten other tools that we have to get data. It saves time and puts us ahead of different threats since it's all in one spot.

I saw the benefits of Cisco XDR immediately after the tool came out. We had meetings with Cisco where they were telling us about the tool. The higher-ups that I work for saw a need for it first, and then they came to the SOC group. When we sat in on the first meeting, we immediately knew that this was a tool we needed to help us save time and get ahead.

One of my favorite features of Cisco XDR is the automation tool, which saves a lot of time because we can craft these automations and workflows. If we get a phishing email, I can set up a workflow that can be initiated the minute the email comes in. If it suspects that to be malicious, it goes ahead and quarantines the file so that it can't spread through our network.

An issue that we have with Cisco XDR is the observable list. These observables are basically similar to a chess board where you have a certain number of spots to put pieces. It's the same concept when we're doing investigations. We're only allowed 2,000 characters and up to 1,000 observables when we do investigations. If we have a list of domains we need to block, such as 4,000 domains, I can only block 100 domains at a time because if I put in more than 100 domains, I hit that 2,000 character max and can't continue with an investigation. Being able to put in all 4,000 domains, without a character limit or observable limit, would make doing those case books a whole lot easier and blocking those domains a whole lot easier too.

I have been using Cisco XDR for about a year and a half.

When we first started with Cisco XDR in August, everybody was having issues. There were three people in our organization, including me, who couldn't even log in to Cisco XDR. We were constantly in meetings and contacting them by sending network logs or through calls. They were remotely looking at our screens. 

For about three months, our machines would freeze, and it wasn't just Cisco XDR. It was also integrated with AMP, and both sides would just freeze and lock up. We couldn't do anything, and even when we deleted the tabs, it would just crash out. That lasted for about three months, but once they got it fixed and figured out the issue with the observables and with the character limit, it's been flawless.

I have contacted the technical support for Cisco XDR. They answered pretty quickly, and they were always willing to get into a meeting with us. I didn't really have any issues with them besides minor things where they would tell me to do something that I had already tried or done. Other than that, they responded quickly, they were always willing to meet, and they were always willing to work as per my schedule.

Positive

Deployment went fine, but when it came to integration with tools, I was definitely the test guinea pig in terms of system failures. For two months, my Cisco XDR did not work because I was the one who found the observable issue and reported it to Cisco. There were multiple meetings and constant back and forth with engineers, telling them the things they were telling me to do were not working. They were not able to understand that I could not even log in to the application without it freezing. So, the deployment went well, but for the next two months, we had issues, which is normal with a new tool. We got it as soon as it hit the market, so we knew that there were going to be some complications.

I wouldn't say we have it fully set up right now. We're still integrating tools and workflows into it. We have it in working condition where we're able to do investigations in it, so we have it 95% set up now.

I'd rate Cisco XDR a nine out of ten overall.

Public Cloud

Other

We are system integrators working in a consultancy mode with a team of implementation engineers. Over the last two years, we have worked on several Cisco XDR cases. In data centers, Cisco XDR is definitely the primary requirement. Our first choice is always Cisco, and while one or two other solutions have come our way, Cisco cases primarily come to us. In a certain segment, Cisco XDR is definitely the first priority. I would say that about 80% of my customer base relies on Cisco XDR. We are partners of Cisco and we focus particularly on the implementation aspect, while also taking care of services.

Cisco XDR is one of the most matured systems available. It is quite user-friendly. The system has been very effective, and our customers receive sufficient reports demonstrating visible benefits. This helps maintain customer confidence, particularly in secure data center implementations. With the implementation we have deployed, our customers gain confidence in having their data center secure. The reporting capabilities are pretty extensive. Cisco XDR is keeping our customers protected.

It would be difficult for me to identify specific improvements at this moment. We have not really foreseen exactly what additional benefits might be needed. Given more thought, something could potentially come out, but we have not found any requirements for additional features.

The solution is working well for our needs.

There were some challenges initially, but with the technical support provided, we were able to resolve them and move forward successfully.

Scalability has been a consideration for our implementations.

The technical support has been very helpful. During implementation, we receive assistance from the technical support team and have obtained proper support from their side.

Negative

In a certain segment, Cisco XDR is definitely the first priority. I would say that about 80% of my customer base relies on Cisco XDR as the way to go.

We are partners of Cisco and focus particularly on the implementation aspect. We also take care of the services.

Cisco XDR has helped our customers achieve positive returns on their investment.

I strongly feel that Cisco XDR is more proactive rather than reactive compared to alternate solutions.

It would be difficult for me to provide additional advice at this moment. I would give Cisco XDR a nine out of ten. I would definitely recommend it. I

On-premises

Other

We are integrators, and we also resell Cisco XDR. Global customers are the primary users of Cisco XDR, while local customers often don't request it. For global customers, they directly request Cisco XDR and share all the part codes with us.

The single point of maintenance and dashboards are the strong points of Cisco XDR. The visibility of the network is the main valuable feature. Customers frequently request features that offer better system visibility. The solution also offers automated response capability, which I would rate around eight out of ten.

One area that needs improvement is the limited visibility due to the licensing structure. For more visibility, customers need the advantage or premier licensing, which involves additional costs. Competitors offer more visibility without any additional licensing, which is a significant drawback for Cisco.

We have been using Cisco XDR for more than three years.

Cisco XDR is stable. Customers have mentioned that the stability and scalability are good compared to competitors.

Technical support from Cisco is good and very helpful. We usually do not contact tech support unless we encounter issues. I would rate the support as nine out of ten.

Positive

The initial setup is not difficult and is very easy to command. We can easily find all the guidelines and necessary documentation online or from the Cisco site.

One person is enough for installation, but we typically allocate two engineers. For maintenance, one person can handle it, though we generally allocate one or two engineers for each site for convenience.

Costs vary depending on dollar fluctuations. Cisco requires conversion to dollars, which affects the cost compared to local competitors who bill in local currency. Overall, the price is a bit expensive compared to local competitors.

Some alerts before incidents occur would be a beneficial AI feature. Customers expect alerts for potential problems so they can take preventive measures. I rate Cisco XDR as eight out of ten. Our experience indicates that additional features or licensing options could enrich the overall experience.

Other

We have four thousand endpoints, and I have installed XDR on these endpoints. They are integrated with Cisco Firepower Threat Defense. XDR can also integrate with Cisco Meraki solutions. Any issue in a PC will send a message to Meraki, the Firewall, and email security systems, ensuring that a PC will be isolated from the network if necessary.

Cisco XDR offers threat intelligence and links with the Firewall. I can see the Cisco XDR feature in the Firewall with Threat Intelligence. The integration with XDR and Cisco Meraki solutions allows detection of zero-day attacks. XDR connects with Cisco's cloud for updates on zero-day attacks. There is good integration with Splunk, which Cisco acquired, providing comprehensive log management and analysis.

They need to provide better pricing and bundle XDR licenses with products like Meraki solutions or Firepower Threat Defense. Offering some free XDR licenses for testing features, similar to VPN licenses, could have a significant impact on costs.

I have been familiar with Cisco XDR for the last two years.

I haven't thought about the return on investment since I am too busy.

We focus on one vendor, Cisco, which provides us with excellent discounts when we buy multiple products. This integration and discounting are something we cannot get from competitors, leading to reduced security costs.

I rate Cisco XDR as eight out of ten. They need to improve their pricing strategy for a higher rating.

On-premises