Effective Endpoint Security – More than Meets the Eye
One of your sales people, Susan, is on the road putting some finishing touches on a presentation before a big meeting. Using the hotel Wi-Fi she does a quick search to see if there’s any relevant company or industry news she needs to know about before meeting with the client. She clicks on several websites, gets the information she needs to make sure she’s current, and heads off to deliver the presentation.
After a great meeting Susan goes straight to the airport. With an hour to spare she decides to work on the proposal for the client and clicks on the airport’s Wi-Fi network. She connects to the corporate network to download the approved pricing information she needs from the server. She sees an email from her daughter and clicks on it quickly. It’s about a vacation they’ve been planning so she downloads the video tour of the resort to watch on the plane. Back at the office the next day, Susan connects to the corporate network and sets to work wrapping up the contract, eager to close the big deal.
Sounds like a typical scenario doesn’t it? It’s how business gets done in a digital world. But there’s more here than meets the eye. Every time Susan goes online, surfs the web, clicks on an email, downloads a file, connects to the corporate network, or accesses resources in the enterprise, she’s potentially exposing her laptop and the company to threats. How can you make sure she and your organization are protected?
Companies need to empower people to work from anywhere, using any device, and remain secure. This is why Cisco’s endpoint security strategy encompasses more than protection from advanced threats that target end-user devices. It also includes productivity to connect seamlessly and safely from anywhere, and security compliance so devices always stay compliant with an organization’s security policies as employees access the tools and data they need to get their jobs done – whenever and wherever they are.
Can your end users connect back to your enterprise securely from any device, at any time from any location? In our scenario, whenever Susan connects to the corporate network from the road, whether finalizing pricing details or working on an order, she uses Cisco AnyConnect Mobility Solution for highly secure remote access, providing an encrypted connection back to office resources and systems behind the firewall. Unlike public Wi-Fi networks, which are notoriously insecure, with secure connectivity no one can intercept the details of the deal. She can enter the meeting with confidence that she’s well prepared, and after the meeting can immediately work on processing the contract, making the best use of her time and a great impression on her customer.
Making sure every device, corporate- or employee-owned, that connects to the network is compliant with an organization’s particular security policies is crucial. When Susan tries to access pricing information, it must be automatically confirmed that she is authorized to access that data – and is allowed to do so from that device. What’s more, you’ll want to know if the device has the necessary security like advanced malware protection and anti-virus – and that is it up to date. Naturally, you’ll want to confirm that the device hasn’t been infected before it can get onto the network. And how about if the device is running vulnerable software making it an easier target for attacks? You’ll want to know that too. Cisco AnyConnect with Cisco Identity Services Engine (ISE) prevents non-compliant devices from accessing the network. The solution immediately conducts a posture assessment so you know who to allow on the network, where they can go, and what content they can access. Cisco Advanced Malware Protection (AMP) for Endpoints is built to integrate with ISE on the network; if AMP for Endpoints detects a compromised client, we can leverage ISE to restrict network access accordingly. This integrated approach mitigates the risk of threats to your network, high-value data, and other digital assets.
There are plenty of points during the day, where Susan could inadvertently introduce security risks to the business. If she is off the VPN and connects to the Internet directly, Cisco Umbrella and Umbrella Roaming delivers a first line of defense against infections by blocking connections to bad IP addresses, URLs and domains. Cisco Umbrella protects any and all devices using any ports and can be easily activated in AnyConnect. She is seamlessly protected from malware, phishing, and command-and-control callbacks. Complementing Cisco Umbrella, Cisco AMP for Endpoints provides protection on the endpoint itself. If Susan clicks on a site that has been recently infected with malware or attempts to download a malicious file, Cisco AMP for Endpoints stops these types of known and unknown attacks. It uses various detection methods including machine learning, advanced behavioral detection and fuzzy fingerprinting, our built-in Threat Grid sandbox, and leading Talos threat intelligence. If something does get in, AMP provides continuous monitoring and threat detection to quickly spot malicious behavior, and response capabilities to stop and remove threats wherever they are in the organization before damage can be done. Even if user devices don’t have an AMP for Endpoint agent, AMP can tell you if the system is compromised. Cisco Cognitive Threat Analytics extends threat detection and protection to devices where AMP for Endpoints can’t be installed, like IoT-type devices and personal devices. It pinpoints unusual traffic before data can be exfiltrated.
There’s more than meets the eye when it comes to endpoint security. Antivirus or even endpoint detection and response solutions can’t do it alone. Adversaries are taking advantage of new business models, devices, and vulnerabilities to launch attacks. To truly be effective, endpoint security must enable productivity, compliance, and best-in-class protection with an integrated portfolio of solutions that work together.
Endpoint security is one of the three pillars in our portfolio of security solutions. The other two pillars are network security and cloud security. In each of these areas we’re focused on increasing security effectiveness with integrated threat defenses. Coming up I’ll share details on our network security strategy and how we continue to advance how customers can secure their networks with our Cisco Firepower NGFW as the platform.