The rise of malware created specifically for endpoints like mobile devices is forcing IT Security teams to focus increasingly on endpoint security solutions. According to a survey by the Ponemon Institute[1] published in January, 75 percent of respondents (an increase from 68 percent in last year’s study) believe their mobile endpoints have been the target of malware over the past 12 months.

This problem becomes exacerbated as users increasingly use mobile devices for personal usage as well as for accessing corporate applications. In the same study one of the major concerns highlighted was “…’employees’ use of commercial cloud applications in the Workplace…”

One area where IT organizations are looking to provide consistent and secure access is implementing VPN technology on a wider range of endpoints being used to connect to corporate resources.

While remote VPNs on endpoints are critical for protecting and obfuscating data in flight, it doesn’t really do anything for protecting against malware. In fact, traffic in a VPN tunnel can even hide malware from inspection engines until the tunnel is terminated. This is usually done at the end or inside the network. Consequently, there is a false sense of security, where users never realize that their endpoint can still get infected and send compromised traffic back to corporate. VPNs can basically act as an express road into the inner reaches of the corporate network for malware if an endpoint is infected.

Just like traditional systems, customers need consistent malware protection regardless of how users get to company applications and data. IT organizations need to implement advanced malware analysis within the VPN tunnel itself before it can get too far into the network to do damage. The combination of VPN tunneling technology to protect data being sent from outside the network and malware analysis provides the level of security needed that is consistent with protection inside the corporate network itself.

Cisco is now offering the new AnyConnect Mobile Client 4.1 that includes the Cisco Advanced Malware Protection (AMP) Enabler for installing and launching Cisco AMP for Endpoints on demand. AMP for Endpoints can rapidly identify whether a VPN tunnel is hiding malware-infected traffic and then offer immediate remediation and protection.

AMP for Endpoints offers advanced threat protection for endpoints, whether connected to a protected network or roaming on the Internet, with continuous and integrated detection, response, and remediation capabilities. AMP uses big data analytics and continuous analysis to continuously analyze files after they are first seen to track changing threat levels. If a file with an unknown or previously deemed “good” disposition starts behaving badly, AMP will detect it and instantly alert security teams with an indication of compromise, or automatically remediate the malware based on policy controls.

For more information visit: http://www.cisco.com/go/anyconnect and http://www.cisco.com/go/amp 

[1] Ponemon report: 2015 State of the Endpoint Report: User Centric Risk



Sanjay Raja

Director, Product and Solution Marketing

Secure Access and Mobility, Cisco Security Business Group