利用思科 XDR 加速您的 SOC.pdf

《利用思科 XDR 加速您的 SOC.pdf》由會員分享，可在線閱讀，更多相關《利用思科 XDR 加速您的 SOC.pdf（87頁珍藏版）》請在三個皮匠報告上搜索。

1、#CiscoLive#CiscoLiveMatt Vander HorstTechnical LeaderBRKSEC-1023with Cisco XDRAccelerate your SOC 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnter your personal notes hereCisco Webex App 3Questions?Use Cisco Webex App to chat with the speaker after the sessionFind thi

2、s session in the Cisco Live Mobile AppClick“Join the Discussion”Install the Webex App or go directly to the Webex spaceEnter messages/questions in the Webex spaceHowWebex spaces will be moderated by the speaker until June 9,2023.12343https:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco

3、 PublicBRKSEC-1023 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public4BRKSEC-1023Matt Vander Horst8 years at a Fortune 100 insurance companyNetwork engineeringCisco ISESoftware/DevOps3 years at CiscoSecureX XDRAutomation and orchestrationHuman jungle gym 2023 Cisco and/or its affiliat

4、es.All rights reserved.Cisco Public#CiscoLiveA disclaimerThis presentation contains forward-looking statements about a product that is not generally available yet.5BRKSEC-1023 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAttendee summarySecurity,68Network,38Architects a

5、nd Engineers,30Management and Leadership,28Sales and Professional Services,18Cisco,13stuff,16BRKSEC-1023#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicAgendaIntro to XDROutcomesFeaturesDemoResources7BRKSEC-1023Intro to XDR 2023 Cisco and/or its affiliates.All rights rese

6、rved.Cisco Public#CiscoLiveWhat is XDR?Application of analytics to the collected and homogenizeddata to arrive at a detectionof maliciousnessResponse and remediationof that maliciousnessCollection of telemetryfrom multiple security toolsBRKSEC-10239 2023 Cisco and/or its affiliates.All rights reserv

7、ed.Cisco Public#CiscoLiveWe Are HereBRKSEC-102310 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIs XDR different than all the other things?XDRNDR*not to scaleShared Use cases:Threat DetectionThreat Hunting ForensicsResponseEDRBRKSEC-102311 2023 Cisco and/or its affiliate

8、s.All rights reserved.Cisco Public#CiscoLiveAlert fatigue is worseEveryone is an insiderAttacks startfrom anywhere+30%of all incidents involved stolen credentials or malicious insiders45%of breaches occurred in the cloud,and 19%due to a compromise at a business partner7%of IT and SecOps pros say swe

9、lling alert volume,complexity increases job difficulty22%increase in the average cost of a data breach where hybrid work was a factorExpandingattack surfaceIn a hybrid,multi-vendor,multi-vector universeBRKSEC-102312 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWithout X

10、DR,how can we detect and respond to all of this?2023 Cisco and/or its affiliates.All rights reserved.Cisco ConfidentialGreen FillSecure Email OnlyPurple FillSecure Analytics OnlyRed FillSecure Endpoint OnlyGold FillEmail and AnalyticsGray FillEmail and EndpointTeal FillEndpoint and AnalyticsBlack Fi

11、llEmail,Analytics,and EndpointBRKSEC-102313 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTelemetry data source importanceBRKSEC-1023EssentialEssentialCountCountShareShareEndpoint25585.0%Network22675.3%Firewall20769.0%Identity19163.7%Email17959.7%DNS14046.7%Public Cloud1

12、3745.7%Non-Security Sources3612.0%Cisco Secure ClientCisco/Meraki(Networking)Firewall Threat Defense(FTD)DuoEmail Threat Defense(ETD)UmbrellaThe top six data sources that customers believe are essential for an XDR are Endpoint,Network,Firewall,Identity,Email,and DNS14 2023 Cisco and/or its affiliate

13、s.All rights reserved.Cisco Public#CiscoLiveLack of integration and automation are the most widespread pain points for existing XDR solutionsBRKSEC-102345%44%30%26%25%21%14%8%5%0%5%10%15%20%25%30%35%40%45%50%Lack of integrations across other vendor toolsLack of automation Lack of visibility/high-qua

14、lity correlation capabilities Lack of high-quality alert prioritization Lack of high-quality reporting capabilities Lack of training/educational materialsNo pain points experiencedLack of MDR Others15 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveBRKSEC-1023An XDR soluti

15、on should confidently tackle the most pressing security operation challenges16VisibilityAccelerate time to detect and investigate threats and maintain contextual awarenessEfficiencyAccelerate time to remediate and automate workflows to lower costs and strengthen securitySimplicityIntegrate technolog

16、y together with true turnkey interoperability 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDetect the most sophisticated threatsMulti-vector detection:network,cloud,endpoint,email,and moreEnriched incidents with asset insights,threat intelOptimized for multi-vendor envi

17、ronmentsBuild resilienceClose security gapsAnticipate whats next through actionable intel Get stronger,everyday with continuous,quantifiable improvementAct on what trulytrulymatters,fasterPrioritize threats by greatest material riskUnified context to streamline investigationsEvidence-backed recommen

18、dationsElevate productivityFocus on what matters and filter out the noiseBoost limited resources for maximum valueAutomate tasks and focus on,strategic tasksThe Cisco approach to XDRDetect more,act faster,elevate productivity,build resilienceBRKSEC-102317 2023 Cisco and/or its affiliates.All rights

19、reserved.Cisco Public#CiscoLiveYour InfrastructureSIEM/SOAROthers3rdparty toolsIntelligenceCiscoApplicationsCloudNetworkEndpointYour SOCCISOSecOps Analyst Incident responderClear prioritization Streamlined investigationsAutomation and response guidanceOpen and extensible Built on the Cisco security

20、platformEmailIdentitySimplify with Cisco XDR BRKSEC-102318 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAn XDR is an expression of business needsWhere are we most exposed to risk?How good are we at detecting attacks early?Are we prioritizing the attacks that represent t

21、he largest material impacts to our business?How quickly are we able to understand the full scope and entry vectors of attacks?How fast can we confidently respond?How much can SecOps automate?Are we improving our time to respond?Do we have full visibility into all our assets?Can we reliably identify

22、a device and who uses it?Detect SoonerDetect Sooner1Reduce Investigation TimeReduce Investigation Time3Extend Asset ContextExtend Asset Context5Prioritize by ImpactPrioritize by Impact2Accelerate ResponseAccelerate Response4BRKSEC-102319 2023 Cisco and/or its affiliates.All rights reserved.Cisco Pub

23、lic#CiscoLiveXDR outcomes and componentsInvestigationDetect SoonerPrioritize by ImpactReduce InvestigationTimeAutomated WorkflowsIncident ManagerCorrelated EventsAssetInsightsPrebuiltPlaybooksThreat HuntingIntelligenceAccelerate ResponseMachine LearningAutomated EnrichmentExtend Asset ContextAccount

24、and Device CorrelationIntegrationsIntegrationsBRKSEC-102320IncidentsIncidentsSecurity alerts,correlated,prioritized and enrichedIntegrationsIntegrationsbuilt-in,pre-built or customAnalytics Analytics Detections based on raw telemetryInvestigateInvestigateis at the core of the platformAutomationAutom

25、ationdrag-drop GUI for no/low codeDevices Devices device inventory with the contextual awarenessOutcomes 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicDetect soonerLeverage integrations for faster detection and responseNow including CrowdStrike and SentinelOneUse intelligence from

26、 multiple integrated productsCorrelate alerts to detect slow or hidden attacksBRKSEC-102322 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveA vast ecosystem of integrations23BRKSEC-1023Cisco XDR leverages multiple sources of telemetry and detections to achieve cross-produc

27、t outcomesMultiple types of response actions are available across products such as network,endpoint,email,and othersLeverage integrations with existing products,whether they are from Cisco or from a third partyTelemetry and DetectionsTelemetry and DetectionsAction and ResponseAction and ResponseCisc

28、o and Third PartyCisco and Third Party 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveEnhanced detections with diverse intelligenceJudgementsFeedsIndicatorsEventsUse public and private sources of intelligence to achieve better threat identificationCreate and customize you

29、r own feeds based on your environment and needsOthersBRKSEC-102324 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicPrioritize by impactSingle view for incidents from multiple sourcesEnhanced incident view focused on the most critical incidentsIncidents prioritized by business impact

30、 and asset valueBRKSEC-102325 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveWalk through incidents step by step26BRKSEC-1023Progressive disclosureRich incident detailsLooking into an incident is a progressive experience where the relevant data is revealed as needed witho

31、ut overwhelming the SOC analystIncidents are enriched with data gathered from multiple sources including assets,indicators,observables and others.Associated MITRE ATT&CK tactics and techniques detailed with risk scoring 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKSEC-102327Re

32、duce investigation timeInteractive,visual representations of incidentsEvent correlation and attack chaining to group related intelligenceAutomated enrichment for the most critical incidents,ensuring intelligence is gathered immediately 2023 Cisco and/or its affiliates.All rights reserved.Cisco Publi

33、c#CiscoLiveHow true simplicity is experienced28BRKSEC-1023Without XDR:32 minutes2.Investigate incidents in multiple consolesProduct dashboard 1Product dashboard 2Product dashboard 3Product dashboard 43.Remediate by coordinating multiple teamsProduct dashboard 1Product dashboard 2Product dashboard 3P

34、roduct dashboard 41.IOC/alertWith XDR:five minutesInvestigation is integrated across your security infrastructureSHA-256IPTarget endpointEmailSubjectIn one viewMaliciousdomainQuery intel and telemetry from multiple integrated appsQuickly visualize the threat impact in your environmentRemediatedirect

35、ly from a single UI 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveConfirm attacks sooner with alert correlationCorrelate alerts through timeAutomatically create new incidents from correlated alerts over time,reveal the bigger picture of a multi-stage attackMapping the At

36、tack ChainUsing MITRE Tactics and Techniques to connect and revealing the attack chainBRKSEC-102329 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicAccelerate responseAbility to respond throughout the interfaceSimplified response workflows available from within incidentsBroad set of

37、 workflows to achieve a variety of outcomesBRKSEC-102330 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivePowerful,flexible automation31BRKSEC-1023ResponseAutomation rulesAnd moreAnalyst triggers a workflow from within the incident manager or a pivot menuAn incident matches

38、 a pre-defined rule and a workflow is triggeredWorkflows triggered by users,APIs,webhooks,schedules,and more 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public32BRKSEC-1023Extend asset contextDetailed asset information aggregated from multiple sourcesCombines asset inventory with secu

39、rity contextAllows for more accurate incident prioritization based on asset valueDistinguish between targets and assetsFeatures 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveTelemetry with Cisco XDR34BRKSEC-1023Firewall LogsNVM data direct to cloudFlowFirewallEndpointNVM

40、 Telemetry to XDR currently only on WindowsFlow viaONA,CTBNetworkCloud FlowPublic Cloud providersFlowNDRNDR can send flow directly using FC only version 7.4.2High Impact AlertsHigh Impact AlertsHigh Impact AlertsCisco XDRAlerts are stored in XDR data warehouse for analysis and incident creation Aler

41、ts are stored in XDR data warehouse for analysis and incident creation Alerts and events are queried from the integration modules when investigation is triggeredThird-party integrations are queried for alerts(alerts are not streamed from the products)Data SourcesData Queried then stored 2023 Cisco a

42、nd/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe process of consulting all integrations to find out what any of them know about the observable(s).Enrichment demoBRKSEC-102335EndpointCloudAnalyticsFirewallMalwareAnalyticsSentinelOneCrowdStrikeIntelligenceIP ReputationDomain Reputati

43、onFile AnalysisEmail ReputationAnd moreXDRCisco ProductsAnd many othersAnalystAutomation 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveThe process of consulting all integrations to find out what any of them know about the observable(s).Enrichment demoBRKSEC-102336Endpoin

44、tCloudAnalyticsFirewallMalwareAnalyticsSentinelOneCrowdStrikeIntelligenceIP ReputationDomain ReputationFile AnalysisEmail ReputationAnd moreXDRCisco ProductsAnd many othersAnalystAutomation 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicIncident managerBRKSEC-102337 2023 Cisco and/

45、or its affiliates.All rights reserved.Cisco Public#CiscoLiveIncident manager38BRKSEC-1023Centralized incident managementIncidents from a wide portfolio of products,all in one placeAutomated prioritizationRisk-and asset-based prioritization,so you know what to investigate firstBuilt-in response workf

46、lowsAutomated actions that make resolving an incident simpler and faster 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive39BRKSEC-1023 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive40Identify the most impactful incidents based on riskBRKSEC-102

47、3Priority Score=Detection Risk x Asset ValueThe total priority score used to prioritize incidents Detection risk composed of multiple values:MITRE TTP Financial RiskNumber of MITRE TTPsSource SeverityUser-defined asset value represents the value of the assets involved in the incident0-10000-1000-107

48、36 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIncident response in four stages41BRKSEC-1023IdentifyContainEradicateRecoverReview the incident and confirm the findingsAct against impacted hosts,domains,files,etc.Remediate vulnerabilities and remove malicious contentVal

49、idate remediation and restore impacted services 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive42BRKSEC-1023 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicInvestigate43BRKSEC-1023 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLi

50、veInvestigate44BRKSEC-1023One place to investigate across productsAggregated intelligence from all your integrated productsInteractive visualization of investigation elementsDrag,drop,and inspect the results of your investigationBuilt-in response actionsTake action right from an investigation,no cro

51、ss-launching into other products required 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive45BRKSEC-1023 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive46BRKSEC-1023 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicIntelligenceBRK

52、SEC-102347 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveIntelligence48BRKSEC-1023Centralized repository of threat intelligenceCustomizable database of intelligence that powers your investigationsCustomizable intelligence feedsPublish feeds for other products to consume,

53、keeping all your control points up to dateTalos intelligence,out of the boxAdvanced threat research and intelligence,built into Cisco XDR 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive49BRKSEC-1023 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicAutomati

54、onBRKSEC-102350 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveAutomation51BRKSEC-1023Drag and drop,”no-to-low code”workflow builderSimple workflow editor that works without writing a single line of codeAccelerates how you investigate and respondAutomate how your analysts

55、 investigate and respondOut of the box workflows from CiscoPopular use cases built in,more available for import from Cisco 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive52BRKSEC-1023 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCompress the

56、time between detection and response by gathering information and presenting it to an analyst at machine speedRespondInvestigateAccelerate how analysts respond to threats using response playbooks,the pivot menu,and other types of automated workflowsBRKSEC-102353 2023 Cisco and/or its affiliates.All r

57、ights reserved.Cisco Public#CiscoLiveInvestigateOnce we have IOCs,we can use XDR via workflows or APIs to investigate using integrated productsIOCs can be gathered from any number of sources including threat research websites,blogs/RSS feeds,and so onNotifyIf sightings are found in the environment,w

58、e can let analysts know the threat has been seen and remediation is requiredFetch IOCsInvestigateBRKSEC-102354 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveDetermine which observables to act against and which action to takeActIdentifyTake the specified action leveraging

59、 products integrated with XDR as control pointsRespondBRKSEC-102355 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveInvestigateOnce we have IOCs,we can use XDR via workflows or APIs to investigate using integrated productsIOCs can be gathered from any number of sources inc

60、luding threat research websites,blogs/RSS feeds,and so onRespondTake the specified action leveraging products integrated with XDR as control pointsFetch IOCsInvestigate and RespondBRKSEC-102356 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicDevicesBRKSEC-102357 2023 Cisco and/or it

61、s affiliates.All rights reserved.Cisco Public#CiscoLiveDevices58BRKSEC-1023Extensive visibility into your devicesCombined inventory from both security and device management productsProvides asset context to investigationsDifferentiate between a generic target and an asset that belongs to youConfigur

62、ation and management of Cisco Secure ClientCloud-based management of Secure Client profiles and deployments 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive59BRKSEC-1023 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive60BRKSEC-1023 2023 Cisco and

63、/or its affiliates.All rights reserved.Cisco Public#CiscoLive61BRKSEC-1023 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive62BRKSEC-1023 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive63BRKSEC-1023 2023 Cisco and/or its affiliates.All rights res

64、erved.Cisco Public#CiscoLive64BRKSEC-1023 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive65BRKSEC-1023One more thing 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveXDR has a robust set of APIs!We have APIs for:Threat intelligencePrivate and pub

65、lic databases of threat intelInvestigationInspect content for observablesEnrich data using your integrated productsResponseAct on observables you know to be dangerousAutomationTrigger workflows in XDR to do just about anything you wantBRKSEC-102367 2023 Cisco and/or its affiliates.All rights reserve

66、d.Cisco Public68BRKSEC-1023XDR Inspect APITakes an arbitrary block of text and extracts observables from itSimple and easy way to extract things to investigate from content like emails,blog posts,threat intel websites,and moreDemoResources 2023 Cisco and/or its affiliates.All rights reserved.Cisco P

67、ublic#CiscoLiveCommon questions71BRKSEC-1023Is Cisco XDR the same as Cisco SecureX?Whats happening to SecureX?QCisco XDR is a new product offering.SecureX will continue to be available for a yet to be determined period of time.A 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#Cisco

68、LiveCommon questions72BRKSEC-1023How is Cisco XDR different than SecureX?QXDR hasCorrelation of events across multiple telemetry sources with both historical and real-time data.Analysis of correlated events to identify incidents end-to-end and promotion of incidents only where relevant awareness and

69、 action is needed by analysts.Risk-and impact-based prioritization of incidents to focus analysts on what needs to be addressed with urgency.Guided response through suggested courses of action that are relevant to the incident being investigated.Curated,commercially supported integrations with third

70、-party security solutions.And moreA 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCommon questions73BRKSEC-1023Will Cisco XDR be an entitlement like SecureX?QNo,Cisco XDR will require a paid license at one of three tiers.Specific details around what each tier will offer

71、are available through Cisco Sales.A 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCommon questions74BRKSEC-1023If Im using Cisco SecureX now,will there be a migration path to Cisco XDR?QYes,there will be a technical migration path for customers from SecureX to XDR.Most o

72、f your integrations and content such as orchestration workflows should transfer over to XDR.A 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCommon questions75BRKSEC-1023Is Cisco XDR a cloud offering?Will it have an on-premises option?QCisco XDR is cloud-based and there a

73、re no current plans for an on-premises option.You can integrate on-premises resources into Cisco XDR,but XDR itself runs in the cloud.A 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCommon questions76BRKSEC-1023FedRAMP?QThere are no current plans on the roadmap to FedRAM

74、P Cisco XDR.This may change,but probably not within the next 12-18 months.A 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveCommon questions77BRKSEC-1023When will Cisco XDR be generally available?QCisco XDR will be orderable this month.Limited availability is expected to b

75、egin this month for select customers and general availability is expected by July 31st.A 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOther XDR sessions78BRKSEC-1023Security Automation:Developing with Cisco XDRDEVNET-1083Tomorrow 10:00 AMMatt Vander HorstTechnical Leade

76、rMaking the R count double in XDR:How to Automate your Security Operations(SecOps)DEVNET-2214Wednesday 1:00 PMChristopher Van Der MadeEngineering Product ManagerCisco XDR-Making sense of the Solution and how its a Security Productivity ToolBRKSEC-2113Wednesday 1:00 PMAaron WolandDistinguished TME 20

77、23 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOther XDR sessions79BRKSEC-1023Cisco XDR with FirewallBRKSEC-2090Wednesday 3:00 PMAditya SankarTechnical Marketing EngineerLeveraging Ciscos XDR solution with IT Service Management(ITSM)and SIEM Systems for Incident Investigati

78、onBRKSEC-2112Wednesday 3:00 PMOxana SannikovaTechnical Solutions ArchitectCisco XDR Automate:Getting started with workflows and atomicsDEVWKS-1190Thursday 9:00 AMMatt Vander HorstTechnical Leader 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveOther XDR sessions80BRKSEC-10

79、23Extended Detection with Cisco XDR:Security analytics across the enterpriseBRKSEC-2178Thursday 9:30 AMMatthew RobertsonDistinguished TMEAutomating your Cisco XDR Workflows:from Threat Hunting,to Finding and Confirming Incidents,to Responding!BRKSEC-3116Thursday 1:00 PMChristopher Van Der MadeEngine

80、ering Product Manager 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLivehttps:/ 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive82BRKSEC-1023Where can you learn more about Cisco XDR?Cisco XDR At a GlanceAn XDR Primer:The Promise of Simplifying Secu

81、rity Operations Position PaperCisco XDR:Security Operations Simplified eBookFive Ways to Experience XDR eBookCisco XDR Overview VideoXDR Buyers GuideGetting startedCisco XDR on C 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLiveFill out your session surveys!Attendees who fi

82、ll out a minimum of four session surveys and the overall event survey will get Cisco Live-branded socks(while supplies last)!83BRKSEC-1023These points help you get on the leaderboard and increase your chances of winning daily and grand prizesAttendees will also earn 100 points in the Cisco Live Chal

83、lenge for every survey completed.2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicContinue your educationVisit the Cisco Showcase for related demosBook your one-on-oneMeet the Engineer meetingAttend the interactive education with DevNet,Capture the Flag,and Walk-in LabsVisit the On-D

84、emand Library for more sessions at www.CiscoL you#CiscoLive 2023 Cisco and/or its affiliates.All rights reserved.Cisco Public#CiscoLive86Gamify your Cisco Live experience!Get points for attending this session!Get points for attending this session!Open the Cisco Events App.Click on Cisco Live Challenge in the side menu.Click on View Your Badges at the top.Click the+at the bottom of the screen and scan the QR code:How:123486 2023 Cisco and/or its affiliates.All rights reserved.Cisco PublicBRKSEC-1023#CiscoLive