Secure Endpoint Deployment Strategy - Cisco

Secure Endpoint Deployment Strategy

Last Updated: May 26, 2022

Cisco Systems, Inc.

2

Table of Contents

Table of Contents

Chapter 1:

Chapter 2: Chapter 3: Chapter 4:

Planning .................................................................... 5

System requirements and supported operating systems............................................ 6 Secure Endpoint Windows Connector .......................................................... 6 Secure Endpoint Mac connector................................................................... 6 Secure Endpoint Linux connector ................................................................. 7 Incompatible software and configurations .................................................... 7 Secure Endpoint iOS .................................................................................... 8

Gather information about endpoint security ............................................................... 9 Create Secure Endpoint exclusions in other security products ................................... 9

Secure Endpoint Windows connector ........................................................... 9 Secure Endpoint Mac connector................................................................. 10 Secure Endpoint Linux connector ............................................................... 10 Gather information about custom apps .................................................................... 10 Gather information about proxy servers ................................................................... 11 Check firewall rules ................................................................................................. 11 Secure Endpoint Windows Firewall Exceptions........................................... 11 Secure Endpoint Mac Firewall Exceptions .................................................. 13 Secure Endpoint Linux Firewall Exceptions ................................................. 15 Secure Endpoint iOS Firewall Exceptions.................................................... 16 Selecting computers for evaluation deployment....................................................... 17

Portal Configuration ................................................. 18

Create exclusions .................................................................................................... 18 Create outbreak control lists .................................................................................... 20 Create policies......................................................................................................... 20 Create groups.......................................................................................................... 23 Create Allowed Applications list from gold image .................................................... 24 Download installer ................................................................................................... 24

Deploying the connector.......................................... 25

Installer Command Line Switches............................................................... 25 Installer exit codes ..................................................................................... 27 Cisco Security Connector Monitoring Service............................................. 28 Deployment ............................................................................................................. 28

Troubleshooting ...................................................... 29

Initial Configuration Failure....................................................................................... 29

Version 5.4

Secure Endpoint Deployment Strategy

3

Table of Contents

Appendix A: Appendix B:

Performance ............................................................................................................ 29 Outlook performance ............................................................................................... 30 Cannot connect to the cloud.................................................................................... 30 Copy, move, or execute events not in Device Trajectory.......................................... 31 Network events not in Device Trajectory.................................................................. 32 Policy not updating .................................................................................................. 32 Proxy ....................................................................................................................... 33 Duplicate connectors ............................................................................................... 33

Causes ....................................................................................................... 34 Delete Duplicate connectors....................................................................... 34 Simple Custom Detections....................................................................................... 34 Allowed Applications ............................................................................................... 35 Application Blocking ................................................................................................ 36 Contacting Support.................................................................................................. 36

Threat Descriptions ................................................................. 38

Indications of Compromise ...................................................................................... 38 Device Flow Correlation Detections ......................................................................... 39

Supporting Documents ............................................................ 41

Cisco Secure Endpoint User Guide .......................................................................... 41 Cisco Secure Endpoint Quick Start Guide ................................................................ 41 Cisco Secure Endpoint Deployment Strategy Guide................................................. 41 Cisco Secure Endpoint Support Documentation....................................................... 41 Cisco Endpoint IOC Attributes ................................................................................. 42 Cisco Secure Endpoint API Documentation.............................................................. 42 Cisco Secure Endpoint Release Notes ..................................................................... 42 Cisco Secure Endpoint Demo Data Stories .............................................................. 42 Cisco Universal Cloud Agreement ........................................................................... 42

Version 5.4

Secure Endpoint Deployment Strategy

4

CHAPTER 1DeploymentStrategy PLANNING

This document will guide you through best practices to deploy Secure Endpoint for the first time. Following this strategy will increase your chances of a successful Secure Endpoint deployment and evaluation.

Before deployment you should gather as much information as possible about the environment to reduce post-install troubleshooting. To have an effective roll out of the connector for Windows, you must first identify your environment. To do that you must answer the following questions:

? How many computers is the connector for Windows being installed on?

? Which operating systems are the computers running?

? What are the hardware specifications for the computers?

? Do the operating systems and specifications meet the minimum requirements for the connector for Windows?

? Which applications are installed on the computers?

? Which custom applications or not widely deployed applications are installed on the computers?

? Do the computers connect to the Internet through a proxy?

? Will the connector be deployed on any Windows servers?

? What tool is being used to push software out to the endpoints?

? What security products (AV, HIDS, etc.) are installed on the computers?

? Do you want your users to see the connector user interface, desktop icon, program group and/or right-click menu?

Once you identify the environment you're working with then you can apply your first best practice of identifying candidates for an Alpha release. The best way to choose your candidates for Alpha is to choose a combination of three computers per operating system, three computers per custom application, three computers per proxy server, one computer per security product, and one computer per department. Your

Version 5.4

Secure Endpoint Deployment Strategy

5

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download