Have you ever gotten into a fight about what food category a tomato is? According to a botanist, a tomato is a fruit because it's the fleshy part that surrounding its seeds. So are avocados and butternut squash by the way, but these wannabe fruits lack the flavor profile of being either sweet or tart to classify as a fruit for culinary classifications. I guess that's why we have strawberry ice cream rather than tomato ice cream; the sweetness of fruit complements the sweetness of the dessert. When we're talking about cybersecurity, specifically Cisco cybersecurity, Cisco's SecureX offering is like a tomato. It's difficult to classify. 

Some folks want to place Cisco's SecureX in the Endpoint Detection and Response (EDR) category. With its ability to respond to threats, it does have characteristics of an EDR. However, it's missing the endpoint protection platform (EPP) capabilities that are seen in other EDR products since Gartner merged EEP and EDR. Also, Cisco has the Secure Endpoint solution that is a complete EPP/EDR. 

Likewise, others would like to classify SecureX as a security orchestration, automation, and response (SOAR) tool. They see SecureX Orchestration and think it's the same as a SOAR. However, this doesn't work either because today SecureX lacks the AI and ML elements to automatically generate insights from analysts, and there are not playbooks inside SecureX either. 

It's also not a Security Information and Event Management (SIEM) tool, because SecureX does not store any events. It is simply pulling events from other solutions with API calls. 

Finally, it's not an Identity and Access Management (IAM) solution either. While it does unify identity across all Cisco Secure products with SecureX sign-on, it doesn't have the granularity of user roles or provisioning options of an IAM. 

So, what is Cisco SecureX? Well according to Cisco it's a 'Security Platform.' "A Security Platform integrates vendor-specific functions—and often third-party products—to help optimize operational efficiency by automating repetitive tasks and workflows in order to produce better, faster outcomes." Alright, so it makes things more efficient. That's useful, but it's also something you'd hope to find in most security products today. To be frank, with the level of complexity and omnipresent nature of modern enterprises security needs, it's a necessity to have cross solution communication and efficiencies. That's kind of the point. Cisco's security portfolio is growing. In the past couple of months, they have added Valtix and Lightspin to the Cisco Security platform. Currently, Cisco is around 25 to 30 (depending on how you qualify it) Cisco Security solutions. Not products, solutions. That's the platform Cisco is referring to in the SecureX definition from before.

The Cisco security portfolio has been growing, and SecureX is the way all these solutions are feeding each other. When you look at it from a platform perspective, it kind of makes sense. You need somewhere to setup and orchestrate "if, then" scripts across multiple solutions. It also helps to have a central place for security researchers to respond and correlate findings for a menagerie of events across different solutions. A central SIEM-like collection of information from all the security API's is another useful feature of SecureX. Finally, when you're needing more information about an event, the SecureX sign-on helps pivot you to the solution to get more info. 

At it's base Cisco SecureX is meant for visibility, orchestration, threat response and identity continuity across security products. That's what a Security Platform really needs after all. This is also why Cisco is deciding to make SecureX the central part of Cisco XDR. Cisco's approach to XDR is platform centric, not endpoint centric. Cisco is combining their endpoint (EPP/EDR), network (NDR), email and DNS security capabilities into Cisco's XDR for a holistic view of the security environment, and Cisco's XDR is poised as the central place to respond across the entire security platform thanks to the SecureX Security Platform.

Technologies