ISDM Solutions Ltd

Cisco Advanced Malware Protection (AMP) for Endpoints.

Cisco AMP for endpoints provides complete anti-virus and malware protection for PC's Laptops and mobile devices providing an additional layer of security for any attacks that bypass your perimeter first line security solutions.

Features

• Antivirus
• Malware protection
• File reputation analysis
• Exploit prevention
• Vulnerability assessment
• Cisco Talos integration
• Malicious activity detection.
• Fully cloud managed

Benefits

• Protects against the most advanced 1% of threats
• Prevents Breaches
• Blocks Malware
• Continuous monitoring of files.
• Detect, contain and remediate against bad files.
• Endpoint Forensics
• Free Trial Available

£43.00 a user a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andy.ford@isdmsolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

216680628288190

Contact

Andy Ford
0333 300 1876
andy.ford@isdmsolutions.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • Windows 7, 8, 8.1 & 10
  • Windows Server 2008 R2, 2012, 2012 R2, 2016
  • Red Hat Enterprise Linux or CentOS 6.x 7.x
  • Android 2.1 (Éclair) to 6.0 (MarshMallow)
  • Apple iOS 11 and above
  • Mac OSX 10.11, 10.12, 10.13

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The Cisco TAC (Technical Assistance Center) offers 3 levels of software support. All users receive the "basic with online support" plan which includes 24x7 email & phone support with next business day response during local standard business hours. The "Basic with Phone Support", "Enhanced" & "Premium" plans at extra cost offer response times ranging from 2 hours to 15 minutes dependent on severity levels (1, 2, 3 or 4). Installation, configuration and; deployment of Cisco AMP for Endpoints can be provided at an additional cost via ISDM solutions value added services. This is priced on request.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Cisco TAC (Technical Assistance Center) offers Enhanced & Premium levels of support at extra cost. These support levels offer guaranteed response times. ISDM offers ISDMcare for cloud software with Gold, Platinum and Enterprise support levels. Details of these products are available from our G-Cloud listing under "Cloud Support"
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Training, Adoption and reduced time to value is at the core of ISDM's Cisco AMP implementation process. We believe that administrators will get the most out of the AMP service if they receive the correct training from the start, as close to provisioning of the licenses as possible. To this end, ISDM provides a virtual introductory training & familiarisation session, a success planning session, and quarterly success reviews with relevant customer stakeholders, to ensure that our customers are getting the value from the product that they deserve. Bespoke training, familiarisation and adoption strategy packages are also available at additional cost. Cisco provides online guides, videos and user support direct to all users with a provisioned license. Following the definition and agreement of success criteria, ISDM can provide our engineering resource to deploy this service with our customers. Full testing is carried out prior to completion & handover. Cisco offers many resources to aid with customers wishing to deploy the service themselves.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: At the termination of the contract, users can view, analyse, extract and download their data from the Cisco AMP Dashboard Console. The most popular download format for this is CSV.
• End-of-contract process: At the end of the contract access to the service would be terminated and data deleted. The full terms and conditions of service are detailed on the following link https://www.cisco.com/c/dam/en_us/about/doing_business/legal/service_descriptions/docs/security-deployment-service-amp-endpoints-large-25k.pdf

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: There is no difference to the user experience between desktop and mobile versions, as AMP for endpoints runs in the background as far as the user is concerned. The same levels of security and protection are offered for mobile devices using the service.
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Cisco AMP offers the functionality to use REST API access to pull events, indicators of compromise (IOCs), and device data. You can script and customise the API to fit the environment.
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Cisco is a world leader in network architecture, pioneering and raising the standard for network scalability. Cisco uses their 23+ world wide datacenters to deliver the AMP for Endpoints service. Cisco's modern switching fabrics are software controlled, and use virtual network overlays to support mobility, segmentation, and programmability at very large scale. This approach enables agile, Demand-Based networking control for managing the demand placed by users on the service.

Analytics

• Service usage metrics: Yes
• Metrics types: Standard monthly reports can be set up as part of the on-boarding process. Reports are not limited to event enumeration and aggregation. The actionable dashboards built into AMP for Endpoints enable streamlined management and faster response. Events and endpoints are categorised by priority and tied into workflows to track progress during investigation.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Cisco

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: Less than once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Users can access and export their data from the AMP Admin Dashboard. The AMP for Endpoints Dashboard gives you an overview of trouble spots on devices in your environment along with updates about malware and network threat detections. From the Dashboard page you can drill down on events to gather more detailed information and remedy potential compromises.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Cisco do not publish an SLA but up-time in the last 3 years has been 99.95%
• Approach to resilience: AMP is delivered across a resilient cloud infrastructure. Cisco is a world leader in network architecture, pioneering and raising the standard for network scalability. Cisco uses their 23+ world wide datacenters to deliver the AMP for Endpoints service. Cisco's modern switching fabrics are software controlled, and use virtual network overlays to support mobility, segmentation, and programmability at very large scale. This approach enables agile, Demand-Based networking control for optimised for resilience and availability
• Outage reporting: Outages & Service status are all reported here: status.amp.cisco.com

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: There are two types of users in the AMP Dashboard Console: Administrators, and Unprivileged Users. When you create a new user you must select their privilege level, but you can change their access level at any time. ADMINISTRATOR - full control over all aspects of your AMP for Endpoints deployment - view data from any group or computer in the organisation, make changes to groups, policies, lists, and users.; UN-PRIVILEGED - view information for selected groups. Certain menu items will not be available to them such as Endpoint IOC scans, File Repository, and Reports.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
• Information security policies and processes: Cisco Services organization has achieved ISO 27001 certification globally through audited & certified datacentres, security and privacy policies and controls. Including in the scope the services and support for Networking, Data Center, Communications, Video, Collaboration and Security Products and Solutions.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All changes to the system must follow the Change Management procedures that include security impact assessments & life cycle tracking. Any Emergency Change must also be assessed and approved and will be reviewed post implementation with a Root Cause Analysis performed and prevention methods identified to ensure that Emergency Change is not required in the future
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Cisco periodically scans for network, port, and application-level vulnerabilities. Vulnerability scans are conducted by some special-purpose, in-house scanning tools. Furthermore, all applications and operating system software is checked for security advisories and is patched periodically. Routers, firewalls, load balancers, and proxy application servers are all configured to mitigate numerous types of DOS attacks. In-house and 3rd party consultants perform regular penetration testing. All findings are reviewed, and appropriate actions are then taken to address and mitigate vulnerabilities if found in the service.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Cisco employs a wide range of security management practices to provide a secure and reliable service to customers. All traffic passes through industry-leading infrastructure to protect against a suite of application attack vectors. Predefined processes & procedures can be obtained upon request
• Incident management type: Supplier-defined controls
• Incident management approach: If there is a suspected breach or known intrusions users should report incidents directly to Cisco's help center support team where a Security Incident Process will be triggered, monitoring reports are included within the analytics function. Cisco and ISDM Solutions have policies for Incident Management to define methods for identifying, classifying, tracking, and responding to incidents that will impact business operations. Incident response programmes are tested/utilised on a procedure defined basis, customers are notified on the website prior to change, maintenance or as a result of outage/incident. More Information available upon request.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  ISDM have introduced a Sustainability Policy to define a common goal to work towards as a team to promote good sustainability practice, to reduce the environmental impact of all our activities and to help our clients to do the same.; ; Our Sustainability Policy is based upon the following principles:; ; • To comply with, and exceed where practicable, all applicable legislation, regulations, and codes of practice.; • To integrate sustainability considerations into all our business decisions.; • To ensure that all staff are fully aware of our Sustainability Policy and are committed to implementing and improving it.; • To make clients and suppliers aware of our Sustainability Policy and encourage them to adopt sound sustainable management practices.; • To review, annually report, and to continually strive to improve our sustainability performance.; • Ensure that we measure everything that we do by creating a company culture that seeks to reduce carbon emissions as a standard part of all within ISDM.; ; These will be achieved through:; ; • Research - Engage in and develop ideas to support defined principles that ISDM will harness in the pursuit of direct and indirect goals for sustainability and environmental practices and policies.; • Promotion – Thoughtful measurable outcomes that algin to continuous sustainable improvements within the ISDM journey.; • Challenge - Highlight the status quo within current working practices, seek change-house management behavior to meet enlightened sustainable outcomes.; • Support – Change, through the validation of measured data and metrics.; • Enablement - Creation of a journey through leadership for all

Pricing

• Price: £43.00 a user a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 60 Day Free Trial Available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at andy.ford@isdmsolutions.com. Tell them what format you need. It will help if you say what assistive technology you use.