Contact us
facebookLinked InYoutube
Use Case
HomeUse CaseBlogIntroducing MSS for Cisco Secure, a Solution for “Don’t know” and “Don’t have enough time” of Security Professionals!

Introducing MSS for Cisco Secure, a Solution for “Don’t know” and “Don’t have enough time” of Security Professionals!

Introducing MSS for Cisco Secure, a Solution for “Don’t know” and “Don’t have enough time” of Security Professionals!のイメージ

Hello, I am Uehara of the Sales Development Department, GTM Division.

Today, I would like to introduce our service “Managed Security Service for Cisco Secure (MSS for Cisco Secure)”,
which allows you to leave the entire security operation to us.

 

Challenges that Security Professionals Face

The recent increase in IT security threats, the zero-trust approach, and the strengthening of supply chain security
require a wide variety of security measures.

Additionally, with the diversification of work styles, the promotion of remote working and the use of cloud services, it is no longer possible to manage information assets solely within the company. On the other hand, a leak of
information assets can cause serious damage to the company, so security measures must be tailored to the
services and environment being used.

While the number of security products that need to be operated is increasing, the number of personnel cannot be
increased, and many security professionals are suffering from daily operational fatigue.


Cisco Security Product that Protects Access Routes and Landing Points

Next, I’d like to introduce you to the Cisco security products “Umbrella” and “Secure Endpoint” that are covered by
our “Managed Security Service for Cisco Secure”.

Cisco Umbrella is a secure Internet gateway product offered in a SaaS format.
This product protects Internet access routes, regardless of whether the connection is from within the company or
from home during remote work.

Another difficult part of using various cloud services is managing various applications that are being used.
Umbrella’s CASB functionality allows you to visualize cloud applications that are in use and monitor shadow IT.
Visualized applications can be finely controlled, for example, blocking social media posts, blocking uploading of
information assets to cloud storage, and so on.

Another important feature is the information leakage prevention function.
Umbrella’s DLP functionality can be used to inspect communications to web and cloud applications to detect
sensitive data.

DLP classification can be controlled by setting custom keywords, in addition to the default 80-plus internal data.

Cisco Umbrella

SourceCisco Umbrella

 

App Discovery and Controls (App discovery and controls)
Shadow IT visibility and cloud app control

Application

  • Complete list of cloud applications in use
  • Reports by category and risk level
  • Number of users and volume of incoming and outgoing traffic
  • Block high-risk categories and individual apps

 

Inline DLP(Inline DLP)
Cloud Native Proxy DLP

DLP

Utilizing SWG for connectivity, routing, and SSL composite

 

Solid DLP Classification

  • More than 80 internal data classifications
  • Customized keywords

Flexible DLP policies

 

  • Utilizes defined data classifications and applies, reports them to specific identities and destinations
  • Easy-to-understand display of ID, file name, destination, classification, pattern match, excerpt, trigger
    rules, etc.
  • User interface integrated into Umbrella

Cisco Secure Endpoint is an EPP+EDR product that supports multiple platforms.
It supports Windows and Mac, as well as Linux, Android, and iOS.

With the increasing diversity of attack methods, signature-based protection against known threats alone is not
enough.
Secure Endpoint’s EPP runs malware on a virtual OS in a sandbox called Threat Grid to determine the threat.

Additionally, behavior-based threat detection in EDR can be used to counter unknown threats.

Secure Endpoint’s EDR can perform a variety of automatic actions upon incident detection, including network
quarantine of terminals according to the severity, and moving affected systems to a different policy group.

There is also a feature unique to Cisco: Cloud Recall.
This is a feature that allows you to retroactively determine and quarantine threats when the threat database is
updated.

Cisco’s world-class threat intelligence organization analyzes threats and feeds back the results in the form of
signatures and vulnerability databases.

 

Cisco Secure Endpoint

Next-generation endpoint security provided via cloud

  • Provides evidence of malware detection,
    quarantine, and infection through cloud
    management (on-premise configurations
    can also be provided)
  • Multi-platform support *Only available at
    Cisco!
  • Windows/MAC/Android/Linux/iOS(CSC)
  • Malware detection and protection (EPP+
    NGEPP)
  • Malware detection based on hash values,
    that is faster than signature pattern
    matching
  • Sandbox (Threat Grid) combining advanced
    malware analysis with in-depth threat
    analysis
  • Analysis of malware that slips through
    detection (EDR)
  • Immediately quarantines files that are later
    discovered to be malware (Cloud Recall)
  • Visualization of the source of malware
    infection and its spread within the network
    (trajectory)

 

Threat Grid & Security Intelligence
For suspicious files that have no information in the threat database, the malware will be run on a virtual OS in a
sandbox called Threat Grid.

Threat Grid
  • Threat Grid executes suspicious files in a virtual
    environment and comprehensively evaluates
    related processes and communication
    destinations
  • Threat Grid is available in cloud and
    on-premise versions
  •  (Can be used in a closed environment)
    *Only available at Cisco!

 

Cloud Recall
Even if malware that has not been registered in the threat database enters the database, the malware will be
automatically quarantined when it is registered on the threat database later.

    • Hash values once checked are stored in
      the cloud even after they are passed.
    • If the hash value is determined to be
      malware, the file is automatically
      quarantined.
    • No need for periodic full scans

→Well-received by customers who are using
other company’s anti-virus software and are
having trouble completing a full scan.

Efficiently Outsource Security Operations with
MSS for Cisco Secure

MSS for Cisco Secure is our own managed security service for Cisco Umbrella and Secure Endpoint.

We provide a simple, customizable service that includes a variety of security operation functions, such as
multi-lingual (Japanese and English) services, 24/7 x 365 days security monitoring and response, and threat
analysis by security analysts.

Three main features of the service are “simple service design,” “flexible fee structure,” and “full restoration
support.”

 

Service Feature 1
Simple service system

Operation Support Plan
  For additional security operations resources
  ▶Analysts investigate and analyze security alerts, report back to the customer and take action such as remote scanning and NW quarantine.

Security Advisory Plan
  For additional security skills 
  ▶Analysts investigate and analyze the detected threats and provide the customer with a description and discussion of the threats in the form of a report.

 

◆Service Feature 2
Flexible fee structure

  • By establishing two billing systems, an ID billing model and a number-of-response model, we can provide services at optimal prices for both large and small companies.
  • ID billing model: Billing based on the number of licenses
  • Response volume billing model: Charges based on the number of incidents handled

※Applicable to Operation Support Plans.

 

◆Service Feature 3
Support up to restoration work available

    • As an optional feature, we can handle everything from detailed analysis of alerts to forensics and subsequent recovery response.
    • This is recommended for those who want to leave all incident response to us.

※This is an additional paid option

MSS for Cisco

This service has all three invaluable features of “easy-to-implement price range,” “flexible contracts for necessary
services only,” and “security with professional support in case of emergencies.”  

As mentioned at the beginning of this section, it can reduce the operational and skill load of security professionals.

Following is the overview of the service.

Incident analysis is performed automatically by utilizing our original analysis engine. This allows for a quick initial
response (terminal quarantine) from the time an alert occurs (SLO 30 minutes). We also provide linked services,
such as using alerts generated by Umbrella as a starting point for investigations by Secure Endpoint.

 

Service Overview

This is a simple and customizable service that includes a variety of security operational functions such as
multi-lingual (English and Japanese) and 24/7 x 365 days security monitoring and response, and threat analysis by
security analysts through Cisco’s security products (Umbrella and Secure Endpoint). *Multi-lingual support is
provided on the number-of-support billing model; ID billing is available in Japanese.

 

Secure Endpoint Incident Response Flow

 

Umbrella + Secure Endpoint Incident Response Flow
※Incident response originating from Umbrella

Finally

I’d like to summarize the benefits of implementing Cisco Umbrella, Secure Endpoint and MSS for Cisco Secure.
We hope you will take full advantage of our services to address your security operation issues.

①Reduce your operational resources and costs
②Reduce costs in the event of a security incident
③Visualization of the status of security measures

At NTT Com DD, we will continue to expand our MSS services.
We can provide optimal services for diversified work styles. Please contact us for more information.

Return to List