Avatar

As I’ve discussed in past blog posts, advanced malware and sophisticated attacks are relentless as they compromise environments using new and stealthy techniques. Modern malware is dynamic and exists in an interconnected ecosystem that is constantly in motion. It will use an array of attack vectors, take endless form factors, and launch attacks over time.

In contrast, most security tools today are stuck in time – a point in time to be exact. They scan files once at the point of entry to determine if they are malicious, letting the supposedly “good” files in, and kicking the known “bad” files out. If the malicious file isn’t caught at point of entry, or if it evolves and becomes malicious AFTER entering the environment, point-in-time detection technologies give us little recourse after an infection occurs.

In the face of these advanced malware attacks, you need to have a holistic view. You need deep visibility across endpoints and your extended network in order to see the relationships between malware, correlate events, and connect the dots. Again, malware is not singular: it’s dynamic, connected, and always on the move. It hops from one endpoint to the next, from endpoint to network, and even from remote, off-network endpoints back to your corporate network.

When you see a single ant on your kitchen counter, you know he’s not alone. Somewhere in the cracks and crevices of your kitchen appliances, hidden from your view, is a multifaceted, coordinated army of ants waiting to strike. This is analogous to malware. You may see one piece of malware here or there on your system, but it’s just the beginning. You need to see where else that malware is hiding and how it’s connected and working together. You need to uncover all of the ants and eliminate the army in hiding if you really hope to fix the entire problem.

Cisco Advanced Malware Protection (AMP) for Networks and Endpoints finds all of the ants.

AMP for Networks and AMP for Endpoints are powerful solutions on their own providing continuous protection across the attack continuum – before, during, and after an attack. But when used in tandem they give integrated visibility and control so you can defeat advanced malware faster, smarter, and more effectively. You truly get a complete contextual picture of an attack:

  • You can cross-reference indicators of compromise from multiple security event data sources to identify larger, coordinated attacks.
  • You can track suspicious files wherever they may go across the enterprise.
  • When you identify an attack you not only know which machines and devices were infected but what applications specifically.
  • AMP for Endpoints lets you quickly identify the device and user at the root cause of the infection as well as the history of events leading up to and after a compromise to stop re-infection.
  • And finally, you can identify the scope of the exposure across your entire environment.

Customers, users, and incident response teams have all experienced the power of Cisco AMP on Endpoints and Networks together. John Ode uses AMP to uncover the complete ancestry of an attack in this 2-minute video; Colby Clark uses AMP in his investigations to get a comprehensive view into his client’s ecosystem in this 2-minute video; and Jason Wright describes the value of coordinated defenses in this 9-minute demo.

To learn more about Cisco Advanced Malware Protection, visit www.cisco.com/go/amp.



Authors

John Dominguez

Product Marketing

Cisco Security Business Group