Every Cisco Secure Endpoint (formerly AMP for Endpoints) package comes with Cisco SecureX built-in. It’s our cloud-native platform that integrates all your security solutions into one view with the ability to orchestrate and deliver threat detection and response, meaning Secure Endpoint goes beyond EPP and EDR to give you Extended Detection and Response (XDR) capabilities. You’ll be able to investigate and identify multiple files with context from multiple security products, for a deeper and wider view of what’s happening. SecureX integration brings efficiency to your team for detection and response that’s up to 85% faster.
Replace legacy antivirus (AV) with our next-gen AV. Powered by Cisco Talos, the largest non-governmental threat intelligence in the world, we block more threats than any other security provider. See a threat once and block it everywhere – automating threat responses with one-click isolation of an infected host, while getting broader control beyond just the endpoint.
A full Endpoint Protection and Detection and Response platform, the Essentials package allows you to:
Secure Endpoint Advantage includes all capabilities offered in the Essentials package, plus the ability to simplify security investigations with advanced endpoint detection and response (EDR), and easy access to our advanced malware analysis and threat intelligence portal – Cisco Secure Malware Analytics Cloud.
With the Advantage package, you get everything the Essentials package offers, plus the ability to simplify and accelerate security investigations and incident response using the following advanced EDR capabilities:
Orbital Advanced Search is a new advanced capability in Secure Endpoint designed to make security investigation and threat hunting simple by providing over a hundred pre canned queries, allowing you to quickly run complex queries on any or all endpoints. This enables you to gain deeper visibility on what happened to any endpoint at any given time by taking a snapshot of its current state. Whether you are doing an investigation as part of incident response, threat hunting, IT operations, or vulnerability and compliance, we get you the answers you need about your endpoints fast.
Details about Orbital data processing and handling can be found in the Orbital Advanced Search Privacy Data Sheet.
Whether you are investigating an incident or hunting for threats we can help you simplify and accelerate these tedious processes in the following ways:
Dealing with a data breach can put many strains on your security team – even more so when they are already reeling from talent shortage. Faced with an incident, they now have to spend copious amount of time investigating the problem. With malicious attacks from malware and other perpetrators as the major root cause of a breach, they often find it difficult to address these more evasive threats. But as traditional antivirus falls short in protecting your endpoints, one thing is clear, today’s modern malware requires modern defenses. And we can help with that by getting all the information you need from your endpoints, allowing you to stop breaches and attacks fast.
We help you get the information you need in near real time to investigate and respond to threats quickly and confidently. As a result, we can help shrink the lifecycle of an incident or a data breach that you may be dealing with – mitigating any or further damaging cost of the breach to your business.
With Orbital Advanced Search, we can help you do the following important tasks better, faster:
By integrating Secure Endpoint with a Secure Malware Analytics Cloud subscription, customers gain the ability to perform a comprehensive analysis of any potential malware attempting to compromise their endpoints. The Secure Malware Analytics Cloud portal allows users to easily pivot and drill down on data elements, search for related samples and behaviors in their environment, and interact with malware in a secure way that avoids the latest malware evasion techniques.
Secure Malware Analytics is powered by a globally sourced repository of malware samples and threat intelligence which offers crucial context to suspicious files that have been observed on a customer’s endpoints. Secure Malware Analytics Cloud also has the ability to enrich the other tools in your security environment leveraging premium threat feeds and an easy-to-use REST API. Users can automate sample submissions from 3rd party products and feed the resulting analysis into a variety of security and threat intelligence tools. This allows you to have a common analysis platform and gain a holistic view of all malware samples within their network. For a list of supported 3rd party integrations, view the link here.
With Secure Malware Analytics, we help you do threat analysis and investigations more efficiently:
Threat Hunting is now available to you through Cisco Secure Endpoint Premier. And, with SecureX Threat Hunting, you’ll have elite human security experts from Cisco proactively searching for threats in your actual environment providing high-fidelity alerts with remediation recommendations.
SecureX Threat Hunting is an analyst-centric process, driven by Cisco Security experts, that enables organizations to uncover hidden advanced threats. Once threats are detected, customers are notified within their Secure Endpoint Console, so they can begin remediation. Threat Hunting is a proactive approach to threat detection, which tells the incident responders a narrative of how an attack was spotted and how it evolved. The purpose is to discover and thwart attacks before they cause any damage. As a side-effect of leveraging regular and continuous Threat Hunting, an organization increases their knowledge of vulnerabilities and risks which further allows the hardening of their security environment.
SecureX Threat Hunting is not a managed service, it is a feature embedded of Secure Endpoint and works along with all of its other detection mechanisms. As such it is designed to produce additional net new high-impact findings.
SecureX Threat Hunting is a feature embedded tightly inside the Cisco Secure Endpoint product and along-side all its other detection mechanisms. As such it is designed to produce additional net new high-impact findings.
Customers get notified of an incident that does include a summary of what type of threat or behavior has been observed and what that means for the customer in terms of the possible impact. If there are events associated with the incident, they will be shown on a timeline. Finally, there are additional references such as mapping to MITRE ATT&CK and a clear set of recommendations on what to do next in terms of investigation and remediation of the threat.
Detections triggered as part of a SecureX Threat Hunt event are going to be net new, high-fidelity detection events.
The AMP Console features a Threat Hunting report that shows the new findings with all of the relevant context and events mapped to MITRE ATT&CK TTP’s, together with recommendations for customer incident responders on what to do next in terms of further investigation or remediation of the findings.
SecureX Threat Hunting is specific to the Secure Endpoint product initially and it does complement its existing capability with new hypothesis-driven detections continuously executed and maintained by Cisco experts.
No, SecureX Threat Hunting will not be available for AMP Private Cloud.
SecureX Threat Hunting is not a managed service. It does not replace a customer analyst in front of the AMP Console. It instead focuses on delivering and highlighting high-impact findings that should receive priority from the customer analysts in terms of response.
SecureX Threat Hunting is deeply embedded with Secure Endpoint, as a feature. The feature delivers continuous hunts. It is not a managed service, and it does not provide direct interaction with Cisco analysts.
There is no direct engagement with SecureX Threat Hunters. Should the customer need assistance, they can engage TAC, CX or Talos IR, based on need.
Not at this time.
All disputes, false positive/negative reports, and feedback should be initiated through Cisco TAC.
Cisco delivers highly automated human-driven hunts based on playbooks producing high fidelity alerts. The process uniquely combines the new Orbital Advanced Search technology with expertise from elite threat hunters, with 20 years of industry experience, to proactively find more sophisticated threats. The entire process is highly automated and that does also include algorithmic machine-driven detections. 50+ daily hunts are scheduled and automated, the results are investigating by analysts. Researchers develop various engines to perform data stacking, masquerading detection, and process analytics. Results are investigated by analysts.
Threat Hunting in Secure Endpoint is managed by Cisco and leverages the expertise of both Talos and the Cisco Research and Efficacy Team to help identify threats found within the customer environment.
SecureX Threat Hunting is a native part of the Secure Endpoint cloud. Customers are encouraged to deploy Orbital so that the SecureX Threat Hunting can tap into richer telemetry.
The endpoint data captured is from the Secure Endpoint and Orbital telemetry data sets.
Currently, the data sources used for SecureX Threat Hunting are AMP and Orbital.
All data used for hunting is stored in a private AWS data store in North America, that is only accessible by SecureX Threat Hunters.
Details can be found in the Secure Endpoint Privacy Data Sheet.
All OSes currently supported by Secure Endpoint.
No – but customers are encouraged to deploy Orbital across their environment. Deploying Orbital adds a layer of telemetry, and insight to confirm suspected findings by our Threat Hunters.
SecureX Threat Hunting is available worldwide. Data Centers for Secure Threat Hunting are initially located only in North America. Threat Hunting information will only be in English, however, menus and titles will be localized.
There will be individual statistics for each hunt based on the entire data set of AMP to showcase how many businesses and hosts are affected by the threat. This is confirmation that your organization hasn’t experienced this specific threat. SecureX Threat Hunting metrics reports will also be available.
All threat hunts executed are based on intelligence, TTPs, anomaly detection, machine learning, and manual research, along with the data sources available (i.e. Secure Endpoint telemetry, Orbital, Umbrella).
Upgrades depend on the PID’s used during their original order. SBP (Software Buying Program) customers can use SBP to update and effectively upgrade the tier in their orders. TnC customers can be dealt with as rebooking.
Packaging and pricing are available in the standard Secure Endpoint Ordering Guide. SecureX Threat Hunting is included in the Secure Endpoint Premier license.
There are no SLAs for this feature.
For more information about the new Cisco Secure Endpoint packages, check our new Ordering Guide or contact your Cisco account manager.