At RSA Convention 2025, one theme echoed throughout the present flooring: safety groups don’t want extra alerts—they want extra certainty. As threats transfer sooner and operations get leaner, organizations are shifting from reactive investigation to proactive, automated forensics. That’s why we’re excited to announce a serious leap ahead in Cisco XDR: automated forensics constructed into the detection and response workflow.
The Fashionable SOC Struggles with Confidence, Not Simply Complexity
It’s not about simply figuring out suspicious exercise. At present’s safety instruments can floor anomalies similar to a rogue login, a wierd course of, or a lateral motion try. The actual problem? Proving what occurred—and the way far it went—earlier than harm spreads.
Guide investigations delay motion and important questions go unanswered:
- What actually occurred?
- How far did it go?
- What’s subsequent?
With out clear proof, groups stall. Investigations drag on. And uncertainty turns into the best danger. Guide Digital Forensics and Incident Response (DFIR) has historically lived outdoors the core detection and response loop. That hole is not sustainable.
A New Mandate: TDIR and DFIR Should Work as One
Cisco’s imaginative and prescient is obvious: Menace Detection, Investigation, and Response (TDIR) and forensics have to be a unified movement.
Safety groups have to validate threats and act with confidence—with out ready for handbook processes or digging via disconnected logs. And now, Cisco XDR makes this attainable by operationalizing forensics straight into the AI-assisted TDIR circulation.
Finest-in-class safety operations doesn’t cease at detection; it closes the loop. Assured SOCs have embraced a steady, linked workflow the place detection, response, investigation, verification, and remediation are all a part of the identical movement.
Analysis corporations agree that merging menace detection and response with prompt, automated investigation is the long run. In keeping with a report from the SANS Institute, “64% of organizations have built-in automated response mechanisms, however solely 16% have absolutely automated processes. This discovering underscores a shift in direction of automation in menace detection and response.”
“64% of organizations have built-in automated response mechanisms, however solely 16% have absolutely automated processes. This discovering underscores a shift in direction of automation in menace detection and response.”
Cisco XDR is operationalizing this shift—making forensics an embedded functionality, not an elite ability.
What’s New: Prompt, Automated Forensics on the Level of Detection
Sooner or later, Cisco XDR will be capable of seize forensic proof routinely when a suspicious occasion is detected—earlier than analysts even start their investigation.
Highlights:
- Automated Triggers —Actual-time forensic snapshotting of reminiscence, processes, and file information throughout impacted endpoints
- Incident Timeline Enrichment — Collected artifacts are built-in alongside the XDR storyboard for end-to-end visibility
- AI-Powered Summarization — Cisco XDR interprets forensic findings and suggests seemingly root trigger and response actions
- Guided Analyst Workflow — Visible assault graphs and step-by-step remediation paths speed up time to response
That is investigation with out friction. Forensics with out pivoting. Proof directly.
Designed for Each Staff—from Lean IT to World SOC
Whether or not you might have a small workforce with restricted workers or a worldwide SOC supporting a hybrid enterprise, Cisco XDR adapts to your setting:
- For smaller groups — One-click forensics reduces dependency on specialists. Prebuilt AI workflows speed up validation and containment.
- For enterprises with Splunk or different SIEMs — Cisco XDR enriches your SIEM with validated forensic information—enhancing correlation, compliance reporting, and post-incident documentation.
No third-party agent. No separate console. No studying curve.
The Final result: Confidence on the Velocity of SecOps
By embedding forensic seize into each validated menace, Cisco XDR helps safety groups:
- Remove ambiguity with concrete, machine-captured proof
- Speed up decision-making by eradicating the guesswork from investigations
- Guarantee consistency throughout shifts, roles, and groups
- Enhance audit readiness with forensically backed incident documentation
It’s not nearly responding quick—it’s about responding proper.
Powered by Cisco’s Open Requirements Structure
This new functionality is deeply built-in into Cisco’s broader safety platform, leveraging native telemetry from:
- Cisco Safe Consumer
- Meraki MX
- Safe Entry (SSE)
- Safe Endpoint
- Umbrella DNS and Cloud Firewall
- Public Cloud Logs
And it’s enriched by the worldwide menace intelligence of Cisco Talos, together with pre-built integrations into 100+ different safety merchandise from Cisco and third events. Collectively, this basis offers Cisco XDR the deepest native visibility and broadest assault floor protection of any XDR resolution available on the market.
Able to Increase Your SecOps Confidence?
Solely Cisco unifies real-time detection, AI-led investigation, and automatic proof seize in a single XDR resolution. There isn’t a third-party instrument dependency. No delays. Simply certainty on the pace of SecOps.
Ransomware, insider threats, and provide chain assaults transfer quick and depart little room for doubt. That’s the place we’ve your again. Cisco XDR is constructed on deep visibility, enriched with Talos menace intelligence, and is able to scale.
Now, as a substitute of extra alerts, you get prioritized incidents with the proof you want. With prompt supply, SecOps has proof for regulators, not assumptions. And explanations for boards, not theories.
See how Cisco XDR delivers prompt forensics and AI-guided investigation to assist your workforce go from “We predict” to “We all know.”
Register for the RSAC Highlights webinar on Might 20th to find out about all the key Cisco XDR improvements introduced at RSAC™ 2025.
We’d love to listen to what you suppose. Ask a Query, Remark Beneath, and Keep Linked with Cisco Safe on social!
Cisco Safety Social Channels
Share: