You wake up this morning, and you feel miserable and tired. Getting out of bed is the worst, but you stumble down the hall with a heavy head, chills, and a serious case of congestion just to get a glass of water. All signs point to the flu.

What a way to start the day!

Now compare your body to any business. When things are good, all the functions are working to their capacity, and everything is great. A simple pathogen in the form of ransomware could bring all that productivity to a screeching halt. Endpoints are offline for weeks as they are reimaged. Workers on payroll are paralyzed as they wait for systems to come back online.  Business is lost and money is spent just to get back to square one. Many organizations burn through a quarter just to recover from such an outbreak. And it all starts with an endpoint infection.

How vulnerable you are to an infection?

An estimated 70% of breaches start on endpoint devices. So, why do endpoints continue tobe the primary point of entry for attacks? For many organizations, antivirus is the only form of endpoint protection deployed. Advanced threats can easily evade this type of protection. In fact, 65% of organizations say attacks evade the existing prevention tools deployed.[1]

Attackers use email or hijacked websites as ways to bypass the preventative measures to gain access. Despite all the training and warnings, it is inevitable that a user is going to open a malicious attachment or click on a link they shouldn’t. Attackers bypass endpoint defenses 48% of the time simply because of user error.

Attacks that evade preventative measures can go undetected in the network for several months. Since more than half of organizations are unable to pinpoint the cause of the breach, consider this:

  • Do you have visibility into every endpoint on your network?
  • If there was a breach, could you identify the origin of the attack?

Not all hope is lost. A strong first and last line of the defense goes a long way to maintain the immune system of your organization.

Building immunity

We want to prevent infection in the first place, but if an infection were to occur, we will need a way to get deep visibility into file activity and any malicious DNS requests originating from the endpoint. Cisco AMP for Endpoints and Cisco Umbrella provide the first and last line of defense on your endpoints from such malicious attacks.

Prevent infection

Cisco Umbrella is the first line of defense to protect your endpoints from downloading malware. It acts as a persistent medical mask to prevent harmful pathogens from entering. Umbrella blocks malicious requests from a variety of attack vectors whether it is a phishing attack with a malicious link in email or an infected webpage with malware trying to download in the background.

If a file were to be downloaded on the endpoint, AMP for Endpoints is there to prevent that malicious file from infecting the machine. AMP for Endpoints blocks malware using global data analytics, exploit prevention, cloud look ups, machine learning, fuzzy fingerprinting, rootkit scanning, and a built-in antivirus engine. The flu is quarantined before it can spread to any other part of your business. It is your immune system turned up to 11.

Accelerated treatment

No one solution will ever block 100% of malware infections. Our last line of defense is to identify and remediate the infection quickly and easily before it spreads among the organization. Umbrella Investigate provides up-to-the-minute threat data and historical context about domains, IPs, and file hashes for faster investigations.

AMP for Endpoints provides device and file trajectory to see compromised devices and how the malware file behaved over time. File analysis gives you detailed information on file behavior, which you can turn in actionable results to quarantine files and block future attacks on all endpoints.

Doctor’s orders

Preventative medicine is your first line of defense from any potential attack. Use Cisco Umbrella and Cisco AMP for Endpoints to prevent malicious files from infecting your endpoint. Yet any malware that evades front line defenses could be disastrous. That’s why Umbrella and AMP for Endpoints also provides the best response to an infected endpoint by providing the context and visibility necessary to act.

Learn more on how to immunize your endpoints here.

[1] A Year of Mega Breaches, Ponemon Institute, 2015


Thomas Licisyn

Product Marketing Manager

Security Marketing Group