The CSSA organising committee would like to thank Cisco for presenting the hands-on Rapid Incident Response with Cisco XDR Workshop to develop participants skills and test their abilities. 

In today’s fast-paced threat landscape, organisations face sophisticated cyberattacks targeting endpoints, networks, and email systems. The ability to rapidly detect, investigate, and respond to incidents across multiple vectors is vital for maintaining a strong security posture.

This hands-on workshop was designed to empower security professionals with the practical knowledge and skills needed to orchestrate a rapid and effective incident response strategy using Cisco’s integrated security solutions, as well as Microsoft Defender for endpoint protection. The session emphasised the importance of securing email as a primary attack vector, alongside endpoint and network security.

Participants gained hands-on experience with a powerful ecosystem of tools, including Cisco XDR, Secure Endpoint, Umbrella, Secure Malware Analytics, Cisco Firewalls, Cisco Email Threat Defence, and Threat Intelligence. Additionally, they explored how to seamlessly integrate these tools with Microsoft Defender to create a unified, robust security strategy.

Workshop highlights

This workshop provided practical, hands-on experience with:

• Cisco XDR: Consolidate and analyse telemetry from across your security ecosystem to enable faster detection and response.
• Cisco Secure Endpoint: Detect and mitigate endpoint threats with advanced EDR capabilities powered by real-time analytics.
• Cisco Umbrella: Protect users from malicious domains, phishing, and malware with DNS-layer security and secure web gateway features.
• Cisco Secure Malware Analytics: Conduct in-depth malware analysis to uncover sophisticated threats and generate actionable intelligence.
• Cisco Firewall: Strengthen perimeter defences with comprehensive threat protection and policy enforcement.
• Cisco Email Threat Defence: Secure email, the most targeted attack vector, by identifying and blocking phishing, business email compromise (BEC), and malicious attachments.
• Threat Intelligence: Leverage actionable threat intelligence to enhance your ability to detect and respond to emerging threats.
• Microsoft Defender for Endpoint: Integrate and utilise Microsoft Defender to ensure seamless endpoint protection across hybrid environments.

Key takeaways

• Build a unified, streamlined incident response strategy across email, endpoint, network, and cloud environments.
• Gain practical experience with Cisco XDR and its integration with endpoint, email, and network security tools.
• Learn to operationalise threat intelligence to improve detection and accelerate response times.
• Explore real-world workflows for detecting, analysing, and neutralising advanced threats, including ransomware, phishing, and malware.
• Discover best practices for integrating Microsoft Defender with Cisco’s security solutions to create a multi-layered defence strategy.

Who attended

• Security Operations Center (SOC) analysts
• Incident response teams
• Cybersecurity engineers and architects
• IT professionals responsible for securing enterprise environments

Workshop format

• Duration: 2 hours
• Structure:
  • Interactive presentations and demonstrations
  • Hands-on labs with guided exercises
  • Live threat simulations and response workflows

Why attend?

This workshop provided a unique opportunity to strengthen delegates' incident response capabilities by mastering the integration of Cisco and Microsoft security solutions. They learnt how to secure their organisation’s email systems, endpoints, and network infrastructure against today’s most sophisticated cyber threats. With actionable insights and guided hands-on labs, they left with the confidence to rapidly detect, investigate, and respond to threats across multiple attack surfaces.