November 20, 2016
Data security is a problem that’s never going away. There’s no magic pill or perfect solution to thwarting and preventing all cyber-attacks now and forever. Instead, technologists are engaged in a never-ending arms race as both security and malware strategies become more refined and more advanced. This month, Cisco released the next installment of this arms race with Cisco Advanced Malware Protection (AMP) for Endpoints. The new security solution loops in the global threat intelligence of Cisco Talos, the convenience of the cloud, and deep file activity insight to protect our endpoints across the full attack continuum.
The Attack Continuum
Cisco AMP for Endpoints and its cousin, Cisco AMP for Network, represent a new generation of security devices. Many older solutions supply security exclusively to prevent a malicious file from gaining entry to the environment or the endpoint. Once an attack occurs, however, traditional solutions can do little or nothing to remediate the infection.
Cisco AMP for Endpoints expands the scope of security to these uncharted areas:
- Before the Attack: Cisco AMP for Endpoints blocks malware at the point of entry, but it also monitors all file traffic moving to, from, or within the device to uncover any suspicious activity.
- During the Attack: If Cisco AMP finds any malware, it can contain and destroy it in real time.
- After the Attack: The system will perform an analysis of the attack, learn what it can, and sync the information with the global threat intelligence of Talos.
Depth of Insight and Reporting on Your Endpoints
The real value of Cisco AMP for Endpoints lies in the depth of its reporting capabilities and the insight your security administrator will receive through the cloud-hosted management dashboard. At all times, Cisco AMP for Endpoints is both monitoring and recording file transfer history. Using these records, Cisco AMP provides some extremely valuable data.
- Indications of Compromise: This component of the dashboard will reveal to the administrator evidence of possible attacks before they can fully come to fruition.
- Trajectory: AMP will also track the lifecycle of any identified malware on an endpoint. In an easy timeline, the administrator can see where the attack originated, what files it influenced and when, and any other malicious files it may have downloaded to the endpoint. From there, you can expand your view to encompass all endpoints in your network and see what other endpoints have come across that same file.
- File Analysis: This feature will dive even deeper into the details of the file. Using Cisco’s Threat Grid, the administrator can access screenshots of the file executing, behavioral analyses of the file, and threat scores.
- Outbreak Control: Outbreak Control is how Cisco AMP actually eliminates attacks on your endpoints. It can be set to automatically remove and block the malware from spreading within or to other endpoints, or an administrator can elect to do this manually. By simply right clicking the alert, administrators can whitelist or blacklist a file.
- Low Prevalence: The basic strategy of all malware is to keep a low profile and avoid detection, and the Low Prevalence feature allows administrators to counteract that. It displays any files on your endpoints that are scarcely used or only on a handful of endpoints. Your team can then take a closer look at these files to make sure there is no foul play.
- Vulnerable Software: One of the easiest entry points for threats is through unpatched software. Cisco AMP provides a comprehensive list of all software on an endpoint vulnerable in this way, so you can quickly patch it.
- The Cloud: Cisco AMP for Endpoints is cleverly managed through the cloud. Installing this level of analysis and security depth management directly onto a device would grind performance to a halt. Through the cloud, however, the endpoint can achieve an exceptional level of security without the burden of large security applications.
Only Need to Be Right Once
There’s a saying the security industry. A security system needs to be right 100% of the time, but a hacker only needs to be right once to accomplish their goals. That is a lot to ask of any application when individuals, crime syndicates, and even nations are actively trying to outsmart the system. Cisco AMP for Endpoints represents a shift in thinking about security that will give us an edge in our continued fight against malware. You can’t prevent every attack, so don’t focus all your attention on prevention. Cisco AMP provides prevention as well as awareness and the ability to take action. It sounds simple, but it makes all the difference.
Like what you read?
Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for an emerging business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.