Cisco Advanced Malware Protection for Endpoint Security
The security landscape has changed a lot with the proliferation of mobile devices and cloud everything. In the past it was believed that having a secure network perimeter and traditional antivirus software was enough to protect your assets. It’s been said that a hacker only needs to compromise your system once, while a company has to account for every possible vulnerability across your entire infrastructure. I hear from many customers asking if there is a more intelligent solution for protecting their assets. One of the better solutions I’ve come across is the Cisco Advanced Malware Protection (AMP) solutions. It is an integrated threat defense, whereby every security tool in your arsenal can work together to fight threats systemically.
Cisco AMP Everywhere
Cisco has incorporated AMP in many of their products which they have branded AMP Everywhere. This approach ensures you are protected at all layers which in turn lowers your attack surfaces. Here is a depiction of all the places throughout the network that AMP can be integrated.
Cisco Advanced Malware Protection (AMP) for Endpoints is a cloud-managed endpoint security solution that provides the visibility, context, and control to prevent breaches, but also rapidly detect, contain, and remediate threats if they evade front-line defenses and get inside, all cost-effectively and without affecting operational efficiency.
- Prevent: Strengthen defenses using the best global threat intelligence and block malware in real time.
- Detect: Continuously monitor and record all file activity to quickly detect stealthy malware
- Respond: Accelerate investigations and automatically remediate malware across PCs, Macs, Linux, servers and mobile devices (Android and iOS).
Cisco AMP is built on an extensive collection of real-time threat intelligence and dynamic malware analytics supplied by the Talos Security Intelligence Group, and Threat Grid intelligence feeds. AMP for Endpoints’ integrated sandboxing technology, powered by Threat Grid, analyzes millions of samples every month, against more than 800 behavioral indicators, resulting in billions of artifacts and an easy-to-understand threat score to help security teams uncover stealthy malware.
Cisco AMP for Endpoints continuously monitors, analyzes, and records all file activity, regardless of disposition, even after initial inspection. If AMP observes suspicious activity, security teams will receive an alert with the complete history of the threat to quickly get answers to these questions:
- Where did the malware come from?
- Where has it been? What systems were affected?
- What did the threat do and what is it doing now?
- How do we stop the threat and eliminate the root cause?
With a few clicks from AMP’s browser-based management console, the file can be blocked from executing on all endpoints. Since Cisco AMP knows every other endpoint where that file has been, it can also quarantine the file for all users. With AMP, malware remediation is surgical, with no associated collateral damage to IT systems or the business.
I’ve been working with customers and Cisco on providing AMP for Endpoint demo’s and trials. It’s one of the best ways to experience the power of the solution at no cost.
Written By: Marshall Hill, LookingPoint Solutions Architect