Techaisle Blog

The SMB and midmarket are not just adopting new tools; they are signaling a fundamental shift in how they want to consume security. The convergence of massive demand for AI-driven automation, soaring MDR adoption, and rapidly growing Zero Trust awareness is creating a new market for an "Autonomous SOC" that delivers intelligent, expert-level security as a service.

The Coming of the Autonomous SOC: A New Security Paradigm for SMBs and Midmarket

For decades, the Security Operations Center (SOC) has been the exclusive domain of large enterprises with deep pockets and extensive in-house expertise. Our latest Techaisle data reveals that this paradigm is about to be shattered. A powerful convergence of three trends—the desperate need for AI, the meteoric rise of Managed Detection & Response (MDR), and the strategic embrace of Zero Trust—is paving the way for the "Autonomous SOC," delivering sophisticated security outcomes as a utility for the SMB and midmarket.

This is not speculation; it is a direct response to the market's most pressing challenges. The number one security challenge for businesses of all sizes is staffing. Businesses simply cannot hire their way out of the complexity and volume of modern cyber threats. They are turning to technology and new service models for the answer.

The Three Pillars of the Autonomous SOC

As the market becomes flooded with specialized security solutions, an important question arises: Who can effectively integrate and manage all these different solutions? Cisco is making changes to position itself as a leading contender. As a comprehensive solution provider, Cisco can fill gaps in the cybersecurity landscape and ensure a cohesive approach to security, especially cloud security. It is building and integrating its portfolio of offerings, for example, XDR, Umbrella, Duo, Talos, many others, and now Armorblox.

As threats evolve, security efforts have shifted from solely preventing incidents to investigating them quickly and anticipating future risks. With IT environments now comprising interconnected networks, communication tools, mobile devices, cloud applications, and more, security is a top priority. Techaisle data shows that security is an IT priority for 74% of small businesses, 85% of SMBs, and 100% of midmarket firms. Endpoint security is already relatively widely adopted by SMBs. In addition, security suppliers have made headway in gaining customers for mobile hardware and access control security services. While Endpoint Detection and Response (EDR) tools are helpful, their capabilities are limited to detecting and responding to threats on endpoints and servers. Prevention remains the best approach to security, but detection is essential.

Cisco’s new XDR technology presents exciting opportunities for business growth by leveraging its vast network infrastructure and customer data to tackle security challenges. To strengthen its position in the security industry, Cisco is streamlining its go-to-market strategy and investing in partnerships to unify its cybersecurity offerings. Its partner growth strategy includes upgrading firewalls and refreshing products for existing customers, offering competitive pricing and margins to win new business, and introducing new partner offers for Security Operations Centers, such as Managed Detection and Response using Cisco XDR.

Cyberattacks targeting small and medium-sized businesses (SMBs) have increased, particularly ransomware and DDoS attacks. Implementing multi-factor authentication (MFA) safeguards employee identities and credentials. However, only 16% of SMBs and 25% of midmarket firms use MFA enterprise-wide. Similarly, only 13% of SMBs and 16% of midmarket firms have adopted single sign-on. However, the intent to adopt is significantly higher. Cisco offers MFA and single-sign-on (SSO) through its Duo offering, introducing innovations such as passwordless and risk-based authentication and Verified Duo Push. In addition, Duo has made security more accessible by integrating its Duo Trusted Endpoints capability into all service tiers, allowing users to restrict access only from corporate-managed devices or devices registered with Duo. This helps prevent unauthorized access attempts from unknown devices. In the advanced tiers, users can also assess the devices’ health before granting access and block risky or non-compliant devices, such as those running out-of-date software.

Securing endpoints and servers is essential for organizations, but cybercriminals are finding ways to bypass these measures through covert attacks. Instead of directly targeting high-value assets in data centers, they gain access through laptops and move laterally through the network. As a result, relying solely on an EDR solution or a firewall is not enough to detect and prevent cyberattacks. To fully protect IT infrastructure, it’s necessary to integrate prevention, detection, and response technologies into a single solution. This is where Extended Detection and Response (XDR) comes in, providing a comprehensive approach to security.

XDR builds upon the concept of EDR and expands its scope. It goes beyond the endpoint and server by integrating data from various security tools, including firewalls, email gateways, endpoint, network, identity, DNS, public cloud tools, and mobile threat management solutions. While it is possible to connect these components manually, a comprehensive XDR solution is designed to function as a unified system wherein components are interconnected and work together seamlessly to optimize threat detection and response workflows. Cisco's XDR solution in one such system.