Provide State-of-the-Art Endpoint Protection as a Managed Service

Cisco Secure Endpoint (formerly AMP for Endpoints) provides comprehensive, cloud-based security for endpoint detection and response (EDR). This unique solution contains several detection engines powered by Cisco Talos threat intelligence to prevent, detect, respond, and block cyber threats before your systems are compromised. The capabilities of Cisco Secure Endpoint include the following:

Next-gen antivirus protection
Continuous behaviour monitoring of endpoints (system-level)
Dynamic file analysis
Endpoint isolation
Orbital advanced search
Threat grid cloud
Threat hunting mapped to the MITRE ATT&CK framework

Secure Endpoint contains tools and features tailored to help Managed Security Service Provider (MSSP) Partners extend endpoint security as a service, offering managed detection and response (MDR) services. The tool that helps providers more easily manage their customers is the Secure Endpoint MSSP console.

This console gives providers a single dashboard that lists all customers (child organizations) and their provision status. After successful login with a Cisco Security Cloud Sign-On account, the admin can log into the MSSP console or directly into a child organization. Each admin can also set a default organization.

The key benefits provided to partners by using the Secure Endpoint MSSP Console include:

Quick onboarding of new customers with just a few clicks
Easy ability to provision, monitor, and manage trial accounts and then convert trial accounts into subscriptions
Comprehensive, high-level view of the entire customer base with brief states of provisioning, payment, and compromised
Ability for MSSP Partners to automate customer onboarding and reporting using the service provider set of APIs

Figure 1 shows a sample customer page from the console. Detailed instructions for using the console are provided in the Cisco Secure Endpoint MSSP Console Guide.

Integration with other security technologies and automation

Secure Endpoint APIs enable automation and communication across any expanded set of security telemetry beyond endpoints. MSSP Partners can leverage these capabilities to respond to threats completely using a comprehensive architecture whose components work together. APIs help achieve integration with other security technologies and application to enhance response capabilities. Secure Endpoint has already been integrated with many Cisco ecosystem partners.

A unique subset of Secure Endpoint APIs exists to support MSSP use cases. MSSP Partners can use these APIs to do the following:

Create customers
Retrieve the status for all customers
Disable customer APIs
Fetch the total monthly usage of an MSSP Partner
Gather detailed billing information

The MSSP Partner-specific APIs are under <api_endpoint>/v1/mssp.

Move from EDR to XDR for increased visibility and improved endpoint protection

Secure Endpoint provides a solid foundation for MSSP Partners to add on other detection and response services. Secure Endpoint can detect fileless malware, ransomware, polymorphic attacks, and more by continuously monitoring all the files and applications that enter a device. The information collected enhances the detection mechanism to perform threat hunting and carry out forensic activities.

MSSP Partners can seamlessly integrate other tools into the Secure Endpoint cloud to amplify security for their customers. The recently launched Cisco XDR uses the latest technologies to provide even higher visibility by collecting and correlating threat information while using analytics and automation to help detect both current and future cyberattacks.

Figure 2 shows how MSSP Partners can progress their SecOps journey. Partners would use the console for day 1 provisioning of customers, setting up the management of all the customer endpoints, and then add other detection points such as: