We mainly use Cisco XDR for centralized threat detection and incident investigation, especially for correlating endpoints, emails, firewall, and identity alerts in one place, so the SOC team can respond faster.

One significant benefit of Cisco XDR is the automatically alert correlation instead of manually piecing together endpoint, firewall, and email events from different consoles. The platform links them into a single incident timeline, which noticeably speeds up triage during phishing or lateral movement investigations.

It also helped reduce alert fatigue significantly by spending less time chasing isolated low-value alerts and more time focusing on incidents that actually have a correlated risk behind them.

The best feature of Cisco XDR for me is the cross-tool alert correlation. It pulls signals from endpoint, network, email, and identity tools into one investigation flow instead of requiring analysts to jump across multiple dashboards. The automated incident prioritization and attack chain visibility also stand out because they reduce a significant amount of manual triage work.

Cisco XDR does a good job grouping related alerts into single incidents and assigning alerts based on how the event connects. The SOC team is not treating every alert equally, which helps us cut down on investigation time because analysts can focus on high-confidence incidents first instead of manually sorting through hundreds of disconnected alerts.

The integrations are probably another standout. Cisco XDR works especially well if you already have Cisco security products in your environment, and the built-in automation playbook capabilities help reduce repetitive SOC tasks.

Cisco XDR improved our incident response workflow considerably. Investigations became faster, alert fatigue dropped, and the analysts had much better visibility across endpoint, network, email, and identity activity from a single console.

Cisco XDR could improve the UI customization experience. Some workflows still feel more complex than they need to be, especially when tuning detections or building advanced automations across non-Cisco integrations.

Reporting and third-party integrations could be slightly smoother in Cisco XDR. Cisco native products work great together, but some non-Cisco integrations still need extra tuning and the reporting side could be more flexible for SOC metrics and executive summaries.

I would like to see deeper native threat hunting and more flexible dashboard customization in Cisco XDR, especially for teams that want highly tailored SOC workflows without relying on extra tooling.

I have been using Cisco XDR for one year.

Cisco XDR has been pretty stable for us so far. There have been no major downtime issues and the platform has handled large alert volumes reliably during day-to-day SOC operations.

Cisco XDR scaled well as alert volumes and integrations grew. We did not see performance issues even after expanding coverage across more users, endpoints, and security tools.

Customer support is excellent. I have had the experience of needing to resolve my ticket as soon as possible, and they are really helpful and very seamless with that process. They also resolved my ticket before I was expecting.

Before Cisco XDR, we were relying on a separate SIEM, EDR, and email security console with a lot of manual correlation between tools. We switched because the investigation workflow was too fragmented and Cisco XDR gave us a more unified incident view with better automation and cross-tool visibility.

Setup was faster than expected because a lot of integrations were already native. Licensing was still enterprise style but easier to justify once we saw the reduction in manual SOC workload.

The biggest ROI from Cisco XDR was time savings in the SOC. We saw triage and investigation time drop by roughly 40 to 50 percent for common incidents because analysts were not manually coordinating alerts across multiple tools anymore. It also helped reduce alert fatigue and duplicate investigations, so the existing team could handle more incidents without needing to scale headcount at the same pace.

Pricing for Cisco XDR felt pretty reasonable compared to some other enterprise XDR platforms, especially if you already have Cisco security products in your environment.

We looked at Microsoft Defender XDR, CrowdStrike Falcon, and Palo Alto Cortex XDR before choosing Cisco XDR.

If you are considering Cisco XDR, it really delivers the most value when you already have a decent security ecosystem and want centralized visibility plus faster investigations, especially if you are already using Cisco security products. I would rate this product an 8 out of 10.

Our main use case for Cisco XDR is centralized threat detection and incident investigation. On a daily basis, our SOC team uses Cisco XDR to monitor alerts, collect events from multiple security tools, investigate suspicious activities, and respond to incidents faster from a single dashboard.

Recently, our team used Cisco XDR when we received multiple suspicious login and endpoint alerts from different tools. Cisco XDR automatically correlated those alerts into a single incident, which helped our SOC team quickly identify a potential compromised user account and isolate the affected endpoints, much faster than our previous workflow.

The best features Cisco XDR offers that stand out the most for us are alert collection, centralized visibility, automated investigation workflow, and integration with multiple security tools. Cisco XDR helps our analysts investigate incidents much faster because related alerts from endpoints, email, network, and identity tools are automatically correlated into a single incident.

The automated investigation workflow in Cisco XDR has reduced a considerable amount of manual effort for our SOC team. Previously, analysts had to manually collect logs and check multiple tools separately. Now, Cisco XDR automatically brings related alerts, user activity, device details, and threat intelligence together.

I also appreciate the threat intelligence integration and unified dashboard because they provide better context during investigation and help us handle incidents more effectively. Since implementing Cisco XDR, our organization has improved its incident response process and overall SOC visibility. Our analysts can investigate threats faster, alert fatigue has been reduced, and the team spends less time switching between different tools. It also improved coordination during security incidents because all relevant information is available on one platform.

Cisco XDR could be improved in areas concerning dashboard customization and reporting flexibility. Some integrations with third-party tools require additional configuration effort. The interface can feel somewhat complex for new analysts at first. Better onboarding guidance and more simplified workflows would make adoption easier.

I would also appreciate seeing more advanced built-in analytics and easier customization for alerts and dashboards. Apart from that, the platform has been very effective for our SOC operations.

I have been using Cisco XDR for around one-plus years.

Cisco XDR has been stable in our experience. We have not faced any major outages or performance issues.

Cisco XDR has scaled effectively for our environment. As our organization added more endpoints, cloud workloads, and security integrations, the platform handled the increased alert volume without major performance issues. Since it is cloud-native, scaling has been considerably easier compared to traditional security monitoring platforms.

Overall, the customer support for Cisco XDR is very useful, and our experience has been positive. The support engineers are very knowledgeable and helped us resolve issues in a reasonable time. My experience was positive overall.

Before Cisco XDR, we mainly relied on a combination of traditional SIEM monitoring and separate security tools for endpoint, email, and network visibility. We switched because investigations were taking too long and analysts had to manually correlate alerts from different platforms. Cisco XDR gave us a more centralized and automated approach for threat detection and incident response.

Our experience with pricing and licensing for Cisco XDR has been positive overall. The initial setup was relatively straightforward because we already had some Cisco security products in our environment, which made integration easy. The licensing is flexible and based on the features and scale required.

We have definitely seen a return on investment with Cisco XDR. The biggest benefit has been time savings for our SOC team. Investigation and response time improved by around forty to fifty percent, and analysts spend considerably less time manually correlating alerts from different tools. It also helps us manage increasing alert volumes without needing to significantly expand the SOC team, which improves operational efficiency and reduces overall security management efforts.

The centralized visibility, automation, and reduction in investigation time have provided good operational value for our SOC team.

We evaluated solutions including Microsoft Defender XDR, Palo Alto, and CrowdStrike Falcon XDR before choosing Cisco XDR.

My advice would be to first understand your existing security stack and integration requirements before deployment. I would also recommend starting with a phased rollout and spending time on alert tuning for overall effectiveness and best performance.

We use Cisco XDR in a hybrid cloud deployment. Most of the security monitoring is cloud-based, but it also integrates with our on-premises infrastructure and internal security tools.

I rate Cisco XDR an eight out of ten overall because it has improved our SOC visibility and incident response significantly, while still having some room for improvement in usability and customization. I chose eight because the platform delivers strong threat detection, visibility, and investigation capabilities. However, some areas concerning dashboard customization, reporting, and ease of onboarding for new analysts could still be improved. If the interface became more intuitive and third-party integrations became simpler to manage, it would be closer to a ten for us.

Our main use case for Cisco XDR is to centralize security telemetry and correlated events across endpoints, the network, and email security tools. This solution helps us detect threats faster, reduce alert noise, and improve investigation efficiency.

Recently, a phishing email triggered an alert in Cisco XDR through email security, while the endpoint detected suspicious execution. The firewall logged unusual traffic, and Cisco XDR correlated all signals into a single incident, showing the full attack chain.

The best features Cisco XDR offers are cross-domain visibility, encompassing endpoint, network, and email in one place, and incident prioritization, which highlights high-risk events.

The threat correlation that links related alerts automatically is the feature I rely on the most because it converts multiple alerts into one actionable incident, which has significantly reduced investigation time.

Cisco XDR has positively impacted our organization by providing faster detection of complex threats, reducing alert fatigue, and giving us better visibility.

Cisco XDR is working well, but the solution could be more cost-effective for mid-sized and small organizations. Apart from this consideration, everything is excellent.

I have been using Cisco XDR for more than three years.

I highly recommend Cisco XDR, and my advice would be to deploy this solution by integrating the maximum number of security tools for full visibility and to start with key use cases. It is important to train your SOC team so that they can effectively handle this solution. I am providing this review with a rating of eight out of ten.

We integrated Cisco XDR into customer environments and I completed multiple deployments with the product.

The investigative ability of Cisco XDR is amazing to me. Once all the data is in Cisco XDR and it flags an incident when it sees something that is notable, important, and of concern, it will raise an incident. The ability to look at one screen about this incident and get data from multiple different sources is a very great capability for incident responders to obtain the information they need. Cisco has AI built into the product where it actually translates some of this log data. Professionals typically have to spend a huge amount of time looking through logs trying to figure out what the log data means, and this is done for you automatically.

The number one thing was getting visibility from customer environments into one console. Customers would have network telemetry from NetFlow, Secure Network Analytics, or the Cisco Telemetry Broker. They would have an endpoint product, a firewall product, and cloud resources, but they needed to correlate all of that data into one location and be able to respond to it instead of having to go into all of these separate security products. By integrating all of these products with Cisco XDR, this allowed them to have a single pane of glass and respond more effectively and quickly to security threats and know what they needed to respond to with that intelligence.

Workflows could definitely be easier to work with. Workflows are automated tasks that can be kicked off inside of a playbook. When someone is responding to something, they can click a button and it will perform automated tasks for them inside of these other products. The product can actually control the behavior of a firewall and you can write a rule in a firewall from Cisco XDR without having to go into the firewall software. However, if it is not a native workflow automation, it is very difficult to create your own. It is not intuitive and you almost have to be a developer and get really good with the API. This could definitely be improved on, particularly the custom workflow automation.

Another thing that could be improved is Cisco documenting how it makes decisions, because there are certain factors or criteria that it uses from the source products. Cisco XDR gets all of its data from the integrations, so if you do not integrate anything, it is not going to do anything. Sometimes in these integration products, such as Secure Network Analytics or Cisco Security Exposure, they could be generating some type of alert and you do not necessarily see that in Cisco XDR. This is because it knows, maybe because of these other products, it is not really a big deal and is not big enough to raise an incident. However, I do not think Cisco does a great job in explaining what those rules are, such as why this happens and how this happens. This can cause some questions and some concern. I think it is doing the right thing, but I think it would be better if they had a rule set to say, based on this data, this is how the product actually works.

I have been using the solution since twenty twenty four, for about two years and a half.

I have never run into any type of scalability issue. I have deployed Cisco XDR in really small environments and with really large environments, and there was never a point where we could not process the data. Most of the time, Cisco already has a lot of the data, especially if it is Cisco native products. I am not aware of any scalability issues where we were deploying it and said that if it is an environment over a certain size, then we cannot do it or we have to do something different.

If I had to give it a rating out of five, I would probably say about four out of five. Every now and then something weird happens in the console, the web console. This typically is because the developers seem to be making lots of changes and you have to clear your cache and clear your browser cache, and then it will eventually work. Sometimes that is a little bit annoying. There are some back-end things that may take a little bit of time to process. When you first set up the integrations, it is not immediate. There are some things on some timers and some scheduled activities such as batch processing. This goes back to people needing to understand that, and Cisco does not do a great job of explaining that. You may think that something is broken, but it just has not run yet. So on the initial integration sometimes, it does take a little bit for data to start showing up and it can cause some confusion.

I occasionally contact customer service, though not too often. I would say probably in the earlier days there were more support cases because Cisco XDR came into existence later in 2024 and the product was evolving a lot in the early days. Later on, it has gotten a lot better, and I have not had to open up much support cases.

I never saw a false positive. I think it is very accurate. There were some times where it actually flagged some behavior that would have been malicious if I had not known very specific things about it. For example, it was custom code that was written by developers that did not use very good coding methodologies, so it was doing crazy things, but in this exact instance, it was not malicious. However, if I had not had that special knowledge already, I would need to respond to that. It identified that they do not need to be doing this in the first place, so that required a code change. I would say it is highly accurate. It runs everything through the MITRE Framework and it uses Cisco's intelligence where they are getting threat intelligence from Talos and all of the products that people have deployed, even if they do not have Cisco XDR. If you have Cisco security products deployed out in the world, all that data is feeding the back end. Therefore, you are taking advantage of the millions of customers out there and the environments that are running Cisco. Even if they do not have Cisco XDR, they are feeding data into your Cisco XDR solution and it is making it more intelligent.

It is all about getting the data into the product because technically there is not really anything to install in the environment. It is about connecting what is in the environment out to Cisco XDR. I would always focus on the network traffic, getting either Secure Network Analytics data out there or deploying the Cisco Telemetry Broker to get network data. We need network telemetry and then focus on the endpoint. The endpoint is probably one of the more difficult ones because it does touch all of the hosts in that customer, so they are typically more concerned with changes because they do not want to affect that environment. So we are integrating that, network, endpoint telemetry, email integration, and then cloud. If we can get the cloud data, that is typically what we would do. I have not had any issues on the Cisco XDR side. It is typically things in the customer environment that are already not working correctly and therefore we have to fix it to get the data out. However, it is typically a straightforward process as long as the underlying products are in good shape. That is where you really run into a problem, but those are not part of a Cisco XDR problem. They are just normal life in IT.

The implementation team is very professional, very helpful, and willing to help. We always had a good experience.

Cisco XDR absolutely can provide ROI. It has some default tasks that it thinks probably everybody should use, but then you can make those work. For example, if you do not have this type of product, you can take that out and not focus your time on incident response on that. You can focus your time on incident response on your email, endpoint security, and cloud.

Cisco XDR totally supports third-party integrations and it works as long as the third party already has an API. If they have an API that allows changes to be made and data to be written, then it typically works really well. If it is a closed-off system, it is not going to work well. The cloud integrations work really well getting data from AWS and getting data from Azure, and getting that network data. This is a great part of it and it does not really require much of an integration. It is just reading that data that is already there. However, it kind of depends on the third party, but it does work. When I have done it before, it has worked well.

It is difficult to say because it depends on how many products a customer would have. But if they had an endpoint product, a firewall product, a network product, and a cloud product, and they had an incident, they would have to get into each one of those and then do research, potentially an hour per product. Whereas now, they are in Cisco XDR and they are able to get the answer to this in less than thirty minutes. This is a huge time savings to me personally.

Getting the endpoint data is absolutely critical and Cisco XDR does a great job. Getting endpoint data from something such as CrowdStrike or from Cisco Secure Endpoint and then taking in data from the network with NetFlow logs or data from Secure Network Analytics or something that does IPFIX, and then the cloud logs and then also being able to do email integration for email threats, all of that data is available to investigate, to make decisions, and to see if one host ever talked to another host. When investigating an incident, that is extremely beneficial. The integration of that data and merging it into one screen where I do not have to look at different solutions is a great benefit. The merging of all of that data into one display is probably the best benefit of Cisco XDR.

There is the concept of playbooks where, if an incident is raised and there is a problem, it allows companies to build out how they want their incident response staff to operate. What is the first step? What is the second step? What do we investigate first? Who do we notify about this? It allows them to customize that response process to align with the company's own written IT security policy. This helps focus incident responders on the tasks that they need to do for that specific environment and focus on the things that are important to them, not just what Cisco thinks.

I would rate this product a nine out of ten overall.

My main use case for Cisco XDR is to collect all the logs from the use cases of how users try to explore and perform their tasks. We are threat hunting to prevent, detect, and respond to threats, collecting from different systems such as M365 and others, correlating them into one central location, and trying to correlate between different kinds of logs to provide whether the alert is a true positive or not.

A simple example of how I used Cisco XDR to connect all these logs and coordinate between different systems is that we have M365 connected to Cisco XDR, as well as browser security connected. Many users use client applications including Outlook, but many use cases go wrong when they are using it via a browser. So what we did was correlate all the source logs from the browser and XDR and try to correlate them with the user's reactions as well as their daily usage. This helps us understand their daily perspective of how they are behaving. Behavioral analysis was easier when we connected all these systems.

From the malware detection perspective, Cisco XDR can actually find out if there is any malware present, and we can lock down the system as well, which we call isolation. That is a great add-on for me.

From the SOC perspective, the best features Cisco XDR offers are the ease of use and the ability to understand the logs and log aggregation. It is one of a kind. What stands out for me about the log analysis and the user interface in Cisco XDR is that Cisco has an AI assistant that we can utilize to understand the correlation. The main intent of the integration architecture allows us to integrate easily without any cumbersome processes. We can simply specify what should be integrated with what. They have an open integration architecture already present with third-party tools such as CrowdStrike, Palo Alto Networks, and AWS. Additionally, the automated response workflow can actually automate the flows and tell me the response automatically, indicating whether something is an issue or not. All these features make my daily work and log analysis easier.

Cisco XDR has positively impacted my organization because instead of ten people working on one event, Cisco XDR can do many things an analyst can do, reducing the human effort required and coordinating everything. The mean time to respond has improved for the company, and we have automated many processes. A severe incident would typically take my engineer one or two days to solve, but Cisco XDR would have already completed almost half of that work. The engineer can then review the incident and understand whatever analysis has already been provided.

The features of Cisco XDR are a great add-on for the SOC team, and the security has increased by using Cisco XDR.

There are no significant improvements needed for Cisco XDR. The inclusion of new incident mechanisms and the ability to automate them automatically would make things easier.

I have been using Cisco XDR for almost one year.

In my experience, Cisco XDR is stable.

Since Cisco XDR is on a cloud-native architecture, I believe it is significantly scalable.

Customer support for Cisco XDR is a bit slow in the initial stages, but I believe it has improved nowadays.

Before Cisco XDR, I previously used SecureWorks and switched due to problems.

I have seen a return on investment with Cisco XDR. I can share that I save time and people. For money saved, I do not see much improvement, but time saved is significant.

My experience with pricing, setup cost, and licensing for Cisco XDR was good.

Before choosing Cisco XDR, I evaluated options including SecureWorks and SentinelOne.

With the functionality and support Cisco XDR provides, I advise others to go for Cisco XDR, whether for a small company or a large company. I rate this product 7 out of 10.

I have used Cisco XDR to detect and respond to malicious activities on my client's endpoint. For instance, the last time I used it was when a client downloaded a malicious executable file, and when the endpoint picked it up as suspicious activity, I investigated and discovered using a threat intelligence platform, VirusTotal, that the hash of the executable file is malicious. I quarantined the endpoint and deleted the malicious executable file afterward, using it to block the malware.

It has positively affected our incident management process because Cisco XDR helps with early detection and does not allow room for escalation of malicious activities before remediation starts.

One function that Cisco XDR streamlines incident response through is its containment feature, which speeds up response time and demonstrates how it is useful in incident response.

For data loss prevention, I find it really helpful because it monitors email activities for some clients and reports suspicious data exfiltration activities, capturing and reporting instances when there is communication to a public IP suspicious for data exfiltration, allowing me to verify legitimacy with the client.

I find Cisco XDR really useful and interesting, and I believe that with time, it is going to get even better.

I appreciate the fact that Cisco XDR detects malicious activity as fast as it can and notifies me when suspicious executable files are downloaded in the client's environment, providing all the information needed for investigation, which is a feature I really enjoy.

When the alerts come in, they bring context, which is helpful. The alert comes in with context such as the file hash, sometimes with the source IP address or the destination IP address, and this context helps bring a suspicious activity to resolution quickly.

Before using Cisco XDR, I sometimes did not detect malicious activities in my client's environment, but since implementing this solution, my mean time to detect has actually reduced, and my mean time to respond has fallen within the acceptable threshold, positively impacting my organization as I can detect and respond to threats in time.

At the moment, I am still exploring Cisco XDR, and while it seems well built and the team has done good work on it, I cannot point out any specific errors or make generic suggestions for now, but I believe in six months I will be able to detail improvements.

For now, I really cannot think of anything that needs improvement because what I need for investigation comes with the alert, and I perform remediation activities on the solution.

The interface of Cisco XDR can be improved. I can navigate it, but I am still exploring and believe it can be made easier to interact with.

I have been using Cisco XDR for about close to eight months.

Cisco XDR is stable in my experience.

Cisco XDR is really scalable. For example, you can start with less than 10 endpoints and expand as results appear, and it is applicable not only to endpoints but can also be used on servers.

The customer support for Cisco XDR is fantastic. I have not had a reason to call them, but based on client information, they seem readily available whenever needed.

For this specific client, they have not used an XDR before, so Cisco XDR is the first one they are using in their environment.

They were convinced to try Cisco XDR due to the value they received from other Cisco products, such as Cisco ISE and Cisco ASA Firewall.

Regarding pricing, setup cost, and licensing for Cisco XDR, it was my client that did the licensing and costing, so I cannot speak much about that as I only manage the solution on their behalf.

Based on feedback from my client, they seem very satisfied with the output of Cisco XDR solution, so I assume they are content.

I recommend Cisco XDR to any client that may be interested because I have used a number of Cisco products and have no negative reservations at this point.

I would rate this product an 8 out of 10.

I use Cisco XDR for detection and response. I have an Insight license from Cisco XDR, which provides me with a powerful GUI on the cloud where I can see comprehensive insights from my machines. I also have an MDR service license from Cisco.

I use Cisco XDR for prioritizing incidents across multiple security controls. The second-best technical feature is incident correlation, which provides me centralized visibility and a single place to review incidents and investigate IPs, URLs, and domains. All log data is visible on one dashboard for managing incidents and taking actions with integrations and connectors to other products in my organization.

I have not yet run the DLP feature in Cisco XDR, but the XDR forensics capability provides evidence collection and forensics visibility, which works very well with incident correlation. Regarding DLP, I run an endpoint from Kaspersky, not Cisco. The integrations are strong, and I have purchased integrations from Cisco.

I have used the automation feature in Cisco XDR to improve workflows. I have connectors and direct integrations that allow Cisco to integrate with my firewalls using predefined integrations. I enable collectors and have connected firewalls, endpoints, and email systems, which allows me to take actions. For example, during a phishing incident, I run automations to investigate domains that trigger a phishing email, and I can block this domain on my email system through integration with Cisco XDR.

Cisco XDR has helped expose gaps in my security coverage. Since implementing it, I did not have NDR, and I opened a conversation with Cisco to implement the Cisco NDR module, which will be very useful to integrate with Cisco XDR. I receive detailed reports on traffic flow, so I can see on the Cisco XDR dashboard when user X attempts to connect to a malicious domain, for example.

The best feature of Cisco XDR, on which I based my decision to purchase it, is that Cisco XDR does not require an endpoint from Cisco. It can work with any endpoint. In my situation, I have an endpoint from Kaspersky, and Cisco XDR can integrate with it. It has predefined integrations based on the licensing model, so there is no need to have a Cisco endpoint to use Cisco XDR. This is not the typical use case for other XDR solutions like Trend Micro or Palo Alto Cortex, where you must obtain the endpoint from the same vendor.

In just four months, I have seen a good return on investment with Cisco XDR. I have reduced incidents and saved time because previously, if I encountered any incident, I would have spent considerably more time and effort reaching out to every security control on my network and checking logs across multiple systems. With Cisco XDR, I gain visibility on one dashboard where I can see extensive logs, resulting in time saved and reduced security incidents, which provides a strong return on my investment.

I believe the advanced insights module in Cisco XDR has room for improvement because it requires a separate license. If Cisco allowed me to access full data with a basic license, it would benefit many customers.

I have used Cisco XDR for four months.

I assess the stability of Cisco XDR as ten out of ten.

Although I have not yet tested scalability, I can say that theoretically it appears to support scalability, so I would rate it as ten out of ten.

I rate the technical support from Cisco as very professional with a strong support team. It is Cisco TAC, so I would rate it as ten out of ten.

The deployment of Cisco XDR is very simple and straightforward. I access the service, check the service, configure it, and I obtain the dashboard to begin configuring integrations. I receive logs and can take actions based on incidents easily.

In just four months, I have seen a good return on investment with Cisco XDR. I have reduced incidents and saved time because previously, if I encountered any incident, I would have spent considerably more time and effort reaching out to every security control on my network and checking logs across multiple systems. With Cisco XDR, I gain visibility on one dashboard where I can see extensive logs, resulting in time saved and reduced security incidents, which provides a strong return on my investment.

I believe the pricing of Cisco XDR is affordable compared to other solutions.

I believe Cisco XDR compares favorably with other XDR solutions such as Cortex XDR and Trend Micro Vision One. The best feature, as I mentioned earlier, is that Cisco XDR does not require its own endpoint. I have a Kaspersky endpoint, and I did not need an endpoint from Cisco to use Cisco XDR. In contrast, with other vendors such as Cortex or Trend Micro, you must obtain the same vendor endpoint.

My advice for others looking to implement Cisco XDR is to establish licensing agreements beforehand and list your products for integration with Cisco XDR. You need to know which email systems, DLP solutions, firewalls, and vendors you will use, as this helps identify the best licensing for your needs.

Regarding how many people use the solution, I can say that we are running it on our SOC, which has multiple shifts and approximately eight SOC analysts.

Cisco XDR does not require any maintenance, as this is provided by Cisco. My overall rating for Cisco XDR is ten out of ten.

We are system integrators working in a consultancy mode with a team of implementation engineers. Over the last two years, we have worked on several Cisco XDR cases. In data centers, Cisco XDR is definitely the primary requirement. Our first choice is always Cisco, and while one or two other solutions have come our way, Cisco cases primarily come to us. In a certain segment, Cisco XDR is definitely the first priority. I would say that about 80% of my customer base relies on Cisco XDR. We are partners of Cisco and we focus particularly on the implementation aspect, while also taking care of services.

Cisco XDR is one of the most matured systems available. It is quite user-friendly. The system has been very effective, and our customers receive sufficient reports demonstrating visible benefits. This helps maintain customer confidence, particularly in secure data center implementations. With the implementation we have deployed, our customers gain confidence in having their data center secure. The reporting capabilities are pretty extensive. Cisco XDR is keeping our customers protected.

It would be difficult for me to identify specific improvements at this moment. We have not really foreseen exactly what additional benefits might be needed. Given more thought, something could potentially come out, but we have not found any requirements for additional features.

The solution is working well for our needs.

There were some challenges initially, but with the technical support provided, we were able to resolve them and move forward successfully.

Scalability has been a consideration for our implementations.

The technical support has been very helpful. During implementation, we receive assistance from the technical support team and have obtained proper support from their side.

In a certain segment, Cisco XDR is definitely the first priority. I would say that about 80% of my customer base relies on Cisco XDR as the way to go.

We are partners of Cisco and focus particularly on the implementation aspect. We also take care of the services.

Cisco XDR has helped our customers achieve positive returns on their investment.

I strongly feel that Cisco XDR is more proactive rather than reactive compared to alternate solutions.

It would be difficult for me to provide additional advice at this moment. I would give Cisco XDR a nine out of ten. I would definitely recommend it. I