Key Takeaways

Going back to my days as one of the co-founders of Immunet Corporation more than a decade ago, the goal was always to deliver the most efficient and dynamic endpoint protection. Long before there was “EDR”, we were already going beyond traditional AV and well into delivering cloud-native detection and response capabilities to defend the endpoint. But we were quick to realize that for us to unleash the true power of endpoint security, we must weave it into the network. The key was to provide corporations with an endpoint security solution that integrates with existing security architecture, easy-to-use, and cloud delivered at scale.

Today, endpoint security is in a state of transformation. It continues to be an integral component of the modern security stack – the last line of defense against advanced threats for many organizations. It is more important today than ever that endpoint security is not disconnected from other security controls.  But rather an integral part of a security platform that helps the SOC become the security superpower that it needs to be right now. With an expanded attack surface, organizations need endpoint protection that goes beyond securing individual endpoints. This is driving the evolution of endpoint security to include prevention, detection, and response capabilities that are tightly integrated with email, identity, network, and cloud security to provide security teams with effective, holistic endpoint protection and unified visibility into modern, sophisticated attacks.

For Cisco, this means providing endpoint security that has world-class controls everywhere you need them. We have made significant strides towards that vision over the past 12 months, and it is meaningful when the market recognizes it. We’re pleased to announce that Gartner has named Cisco (Secure Endpoint) a Visionary in the 2021 Magic Quadrant for Endpoint Protection Platforms (EPP). We believe that our recognition as a Niche player in 2019 and now as a Visionary in 2021 validates our journey to reimagine the endpoint as a core component of an integrated security platform – and has significant benefits for our customers and organizations in the market for an endpoint security solution.

Innovation that matters for endpoint protection 

Cisco has demonstrated our vision in the market through continuous investment in innovation.

Cisco SecureX. In June of 2020, we released our new cloud-native, built-in SecureX platform that delivers integrated Extended Detection and Response (XDR) capabilities. This allows our customers to get greater simplicity, visibility and efficiency for their endpoint security operations. From a single, unified console, SecOps teams can speed up security investigations and threat response with tools like the casebook, real-time querying of endpoints and incident management without leaving the endpoint security console. Our customers reap the benefits of our integrated XDR capabilities which also include the combination of network and endpoint behavior analysis and sharing of threat intelligence from Cisco Talos. One of our customers, a security leader, says “This solution interfaces with Talos Intelligence, Threat Grid, SecureX Threat Response, and SecureX. All of these things are integrating together, and a lot of stuff is now starting to happen automatically, e.g., if a threat is detected, it is automatically interfacing with Talos Intelligence to figure out what that threat is.”

Advanced Endpoint Detection and Response (EDR) with Orbital Advanced Search. This past year, we launched new advanced EDR capabilities that allow our customers to quickly catch any threat that slips through with features like automated playbooks and hundreds of predefined queries out of the box. We even mapped these queries to MITRE ATT&CK TTPs and conveniently catalogued them for various use cases such as threat hunting, incident investigation, vulnerability and compliance, and IT operations/hygiene. One of our customers, a security consultant, explains it this way, “…Orbital is saving us five to eight hours per incident. In one week, it could save eight hours, and then another week, it could save 32 hours.” 

Human-driven hunts for threats. We launched SecureX Threat Hunting as part of Secure Endpoint. This threat hunting feature combines our Orbital Advanced Search capability with expertise from Cisco’s elite threat hunters to help you proactively find more sophisticated threats. Once threats are detected, customers are notified within their Secure Endpoint Console, so they can begin remediation. The Secure Endpoint Console features a Threat Hunting report that shows the new findings with all relevant context and events mapped to MITRE ATT&CK, together with recommendations for incident responders on what to do next to further investigate or remediate. One of our SOC Manager customers, states “I love this product (SecureX Threat Hunting), I love the remediation steps, the backend intelligence on correlation and what the campaign is, and how to handle it, and how to remediate. It is exactly a product we want, makes sense of all alerts, and tells us what to do exactly.”

Deep market understanding fuels innovation for endpoint protection

Our deep connection with customers empowers our strong market understanding, enabling us to fuel the growing need to evolve EDR into XDR. When the market demanded next-gen Antivirus (AV), we delivered strong EPP and EDR capabilities. Now, the market sees the need to evolve EDR into XDR. We are leading the way with SecureX as a built-in platform within Secure Endpoint and other Cisco Security products.

Unlike other vendors that focus on only one thing in only one form (a product or service), Cisco delivers a strong endpoint security solution that fits tightly into an integrated security architecture. This enables Cisco to provide both endpoint  and cross-control security solutions in multiple packages and form-factors. Our approach delivers flexibility and comprehensive coverage fit for every business, supported by a global network of enablement, customer success and partner teams that customers trust. Our customers benefit from the flexibility we offer with either a product such as Secure Endpoint with our SecureX platform built-in or a full-service MDR and/or Incident Response – all from one vendor, not many.

These advancements, among others, have strengthened our place in the endpoint protection market. And now we are continually doing the hard work of integrating our endpoint security product to the rest of our security portfolio and to our security platform that can automatically share threat intelligence, policy information, and event data. As a result, our customers have visibility across all attack vectors, and when a Cisco Security product sees a threat in one place, the whole integrated system can automatically stop the threat everywhere across your IT ecosystem.

When I check back with the founding principles, we established with Immunet, I am so delighted that when customers invest in Cisco Secure Endpoint, they are investing in a security foundation that is robust and integrated, delivering the strongest security posture available.

Get started for free today to learn how to stop threats before compromise, remediate faster, completely and maximize operational efficiency.

Get Started

Gartner, Magic Quadrant for Endpoint Protection Platforms, Mark Harris, Paul Webber, Peter Firstbrook, Rob Smith, Prateek Bhajanka, 5 May 2021

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.


Al Huger

Former Senior Vice President & General Manager

Security Platform & Response