Protecting Users, and Uncovering the Last 1% of Threats
Security has changed a lot over the last 20 years, and the way we work has changed even more in the last five.
Organizations around the globe are pushing the boundaries of what is possible, from both innovation and operational standpoints. On a weekly basis, I meet with customers who tell me how they have digitized their business and enabled employees to be productive both in and out of the office using mobile devices from laptops to tablets. CISOs lament the myriad of operating systems and types of devices they have to support, while CIOs discuss the changes in network architecture to allow remote access to even the most sensitive data. These changes have led to an inevitable conclusion: the perimeter is wherever the data resides, and that increasingly means on employees’ devices.
Unfortunately, attackers have caught on. They’re designing threats specifically to get around traditional preventative tools, and it’s up to us to augment the security of endpoint devices to protect both your data, and your employees themselves, from compromise.
Changing the way we work means reevaluating how we secure devices.
The days of antivirus technology alone providing sufficient protection for your endpoints has come and gone. Today, it’s mostly a checkbox item for compliance. With so many cloud applications, users don’t always need or bother to connect to their VPN, and thus they don’t get the protections provided by the corporate network. Many customers I talk to admit their security education programs can only take them so far, and even the most well trained employees can fall victim to a well-crafted phishing scam.
What can we do about it?
Many vendors in the market claim to block 99% of threats, but what about that last 1%? Securing the endpoint is as critical as the network, and one needs to inform the other to eliminate blind spots. This means sharing information that is seen at the network with the same knowledgebase that the endpoint is using. See once, block everywhere. This is how AMP for Endpoints works. And, we have made significant enhancements to the product, including:
- Prevent fileless malware: We’ve seen a significant rise in malware going fileless. This malware frequently comes in the form of in-memory attacks, or web-browser injections. They are difficult to catch due to the lack of a file to inspect. We’ve built a new exploit prevention engine into the AMP connector to prevent these and other attacks. By continuously monitoring processes in memory, we can stop what others can’t.
- Stop ransomware: This is one of the biggest threats to users and devices. While there is no silver bullet to stopping ransomware, we can stop it from encrypting your machine with our new malicious activity protection engine. Since we’re always monitoring system processes, we can identify when ransomware is attempting to encrypt your employees’ computers or even your servers – and kill that process. Our Research & Efficacy Team studied nearly 8 million ransomware variants to create this new engine that is completely unique to AMP for Endpoints.
- Discover unknown threats: One of the biggest challenges for organizations I speak with is being able to find the needle in the haystack after they have received information about a threat. For example, they read a blog from Talos, or receive an email from their industry specific ISAC and need to find it. Having a standalone threat hunting tool is typically costly, and most lack integration with the rest of the security stack. Visibility allows users to rapidly search across their entire environment with just a single breadcrumb, such as an IP, domains, or hash, and will connect all the dots between these points. Visibility pulls together information from across the Cisco Security portfolio—AMP, Umbrella Investigate, Talos—as well as 3rd party feeds to accelerate threat investigation.
Cisco understands the network better than anyone in the world does. That knowledge, combined with our immense breadth and depth of telemetry and tight cross-portfolio integration, allows AMP for Endpoints to uncover the 1% of threats that other solutions miss. Many of our customers have seen this first-hand:
Cisco AMP Endpoint has enabled us to detect malware and ransomware that other Anti-Virus products we previously used had missed.
—Tatsuru Kobayashi, Engineering Director, Nichiei International
We’re very excited about the evolution of our integrated security architecture, and in particular endpoint security. These enhancements are foundational to making an impact on security effectiveness for every organization out there. I encourage you to discover for yourself, and try AMP for Endpoints.