Protecting Users and Endpoints in a Multicloud World
Online criminals are constantly gaining entry into business environments through phishing attacks or exploit kits, then applying ransomware. Bad actors are compromising popular websites and bringing up new domains to host malware and botnets. The unfortunate truth is attacks of this nature are lucrative enough to make them worthwhile, and are cheaper and easier than ever to execute. In this increasingly mobile and cloud-centric world, these cybersecurity dangers are only amplified.
Business users are armed with a large and growing number of untethered devices – laptops, smartphones and tablets – and are using these “endpoints” to access Salesforce, Office365, Google Docs and other SaaS applications. Often, the users are not on the corporate network; instead they’re on the road accessing the web through a public WiFi network while sitting at a coffee shop or at a trade conference. These “roaming” users are not always using their IT-provisioned VPN solution, which means they are not protected by the full security stack of firewalls and intrusion prevention systems at the corporate headquarters. In fact, 82% of workers admit to not always using the VPN.
The attack vector from the internet on corporations is further widened as companies adopt software-defined networking (SDN). With SD-WAN, customers are moving beyond MPLS to bring direct internet access and direct cloud connections to branch and remote offices. Once that happens, business users at a remote office location are exposed to similar risks.
Compromised devices or unsecure branch networks can become entry points for wider attacks that may ultimately lead to significant breaches of critical data assets. In a multicloud environment, there is an added risk associated with data stored in companies’ workload instances in Amazon Web Services, Azure or other cloud environments.
All of this can become a huge challenge for enterprises. Mobility can lead to significant gains in employee productivity, and leveraging the cloud can lead to greater efficiency and lower costs, so companies can’t go back to the old ways of doing things. The key is to find ways to protect these multiple endpoints whether or not they’re connected to the corporate network, and not allow them to become conduits for malware or ransomware that can make their way from the internet into the company’s environment.
One of the pillars of Cisco’s multicloud strategy is Cloud Protect, which includes two key solutions that we’ve designed to help steer users away from malicious destinations or, if they find themselves in a dangerous place, to protect their devices and the data on them.
The first is Cisco Umbrella, a cloud-delivered security platform that provides your first line of defense against threats on the Internet, whether your users are on or off the corporate network. Think of a GPS system that can keep drivers from going into bad neighborhoods even if the movie they want to see is playing in a theater there. Umbrella can do this because we have a view of the Internet like no one else since the service resolves and routes more than 125 billion Internet requests daily from 90 million active consumer and enterprise users across 160+ countries. This provides unparalleled data, visibility and context on global internet traffic and the ability to stop attacks earlier and identify already infected devices faster.
Should users still find themselves in a site they shouldn’t be, another part of Cloud Protect is AMP for Endpoints. AMP for Endpoints is cloud-managed, next-generation endpoint security that analyzes unknown files and automatically blocks malware from trying to run on endpoints. It continuously monitors and records all file activity on endpoints to quickly spot malicious behavior. AMP then shows the complete recorded history of the malware’s behavior over time – where the malware came from, where it’s been and what it’s doing, enabling you to retrospectively detect and remediate threats once thought to be benign.
Cisco AMP for Endpoints and Cisco Umbrella are two security solutions that work in harmony to provide the visibility, context and control needed to prevent, detect and respond to attacks targeting endpoints before damage can be done. Together, they provide your first and last lines of defense for today’s cybersecurity threats, anywhere users go.
To learn more about Cisco’s multicloud strategy and how we are bringing together essential software solutions to help you connect, protect, and consume cloud services visit cisco.com/go/cloud.