Cisco Secure Endpoint (formerly AMP for Endpoints) provides comprehensive, cloud-based security for endpoint detection and response (EDR). This unique solution contains several detection engines powered by Cisco Talos threat intelligence to prevent, detect, respond, and block cyber threats before your systems are compromised. The capabilities of Cisco Secure Endpoint include the following:
- Next-gen antivirus protection
- Continuous behaviour monitoring of endpoints (system-level)
- Dynamic file analysis
- Endpoint isolation
- Orbital advanced search
- Threat grid cloud
- Threat hunting mapped to the MITRE ATT&CK framework
Secure Endpoint contains tools and features tailored to help Managed Security Service Provider (MSSP) Partners extend endpoint security as a service, offering managed detection and response (MDR) services. The tool that helps providers more easily manage their customers is the Secure Endpoint MSSP console.
This console gives providers a single dashboard that lists all customers (child organizations) and their provision status. After successful login with a Cisco Security Cloud Sign-On account, the admin can log into the MSSP console or directly into a child organization. Each admin can also set a default organization.
The key benefits provided to partners by using the Secure Endpoint MSSP Console include:
◉ Quick onboarding of new customers with just a few clicks
◉ Easy ability to provision, monitor, and manage trial accounts and then convert trial accounts into subscriptions
◉ Comprehensive, high-level view of the entire customer base with brief states of provisioning, payment, and compromised
◉ Ability for MSSP Partners to automate customer onboarding and reporting using the service provider set of APIs
Figure 1 Customer page from the Secure Endpoint MSSP Console
Figure 1 shows a sample customer page from the console. Detailed instructions for using the console are provided in the Cisco Secure Endpoint MSSP Console Guide.
Integration with other security technologies and automation
Secure Endpoint APIs enable automation and communication across any expanded set of security telemetry beyond endpoints. MSSP Partners can leverage these capabilities to respond to threats completely using a comprehensive architecture whose components work together. APIs help achieve integration with other security technologies and application to enhance response capabilities. Secure Endpoint has already been integrated with many Cisco ecosystem partners.
A unique subset of Secure Endpoint APIs exists to support MSSP use cases. MSSP Partners can use these APIs to do the following:
◉ Create customers
◉ Retrieve the status for all customers
◉ Disable customer APIs
◉ Fetch the total monthly usage of an MSSP Partner
◉ Gather detailed billing information
The MSSP Partner-specific APIs are under <api_endpoint>/v1/mssp.
Move from EDR to XDR for increased visibility and improved endpoint protection
Secure Endpoint provides a solid foundation for MSSP Partners to add on other detection and response services. Secure Endpoint can detect fileless malware, ransomware, polymorphic attacks, and more by continuously monitoring all the files and applications that enter a device. The information collected enhances the detection mechanism to perform threat hunting and carry out forensic activities.
MSSP Partners can seamlessly integrate other tools into the Secure Endpoint cloud to amplify security for their customers. The recently launched Cisco XDR uses the latest technologies to provide even higher visibility by collecting and correlating threat information while using analytics and automation to help detect both current and future cyberattacks.
Figure 2 Using Secure Endpoint MSSP Console with Cisco XDR
Figure 2 shows how MSSP Partners can progress their SecOps journey. Partners would use the console for day 1 provisioning of customers, setting up the management of all the customer endpoints, and then add other detection points such as:
◉ Network detection and response (NDR) with Cisco Secure Network Analytics
◉ Email threat monitoring with Cisco Secure Email Threat defence
◉ Internet access security with Cisco Umbrella
The telemetry gathered can be put into Cisco XDR, where it is correlated to provide intelligence-based actionable outcomes.
Source: cisco.com
0 comments:
Post a Comment