Malware is everywhere and it’s incredibly challenging to combat, using whatever unprotected path exists to reach its target and accomplish its mission.

Malware has become the weapon of choice for hackers. According to the 2013 Verizon Data Breach Investigation Report, of the top 20 types of threat actions last year, malware is the most common method used, followed by hacking and social engineering. Increasingly, blended threats that combine several methods – for example, phishing, malware and hacking – are being used to introduce malware, embed the malware in networks, remain undetected for long periods of time and steal data or disrupt critical systems. More specifically on blended threats, the report tells us that more than 95 percent of all attacks intended for conduct espionage employed phishing. What is more, a prominent recent retail breach began with a targeted email phishing attack that ultimately led to access to payment system data via malware uploaded to PoS systems.

A testament to how effective these techniques are is noted in our 2014 Annual Security Report, showing that all Fortune 500 companies spoken to for the report had traffic going to websites that host malware. Websites hosted on compromised servers are now acting as both a redirector (the intermediary in the infection chain) and a malware repository.

Other attack examples include:

  • ‘Watering hole’ attacks targeting specific industry-related websites to deliver malware
  • Malware delivered to users legitimately browsing mainstream websites
  • Spam emails that appear to be sent by well-known companies but contain links to malicious sites
  • Third-party mobile applications laced with malware and downloaded from popular online marketplaces

Collectively, we must utilize all enforcement points in the extended network to combat malware and blended threats: networks, endpoints, mobile devices, virtual systems, web, and email gateways – that is, everywhere that threats can manifest.

Technologies to protect against threats must continue to evolve and become as pervasive as the attacks they are combating. It’s more imperative than ever to find the right threat-centric security solutions that can work in our current environments and can easily adapt to meet the growing needs of extended networks, which now goes well beyond the traditional perimeter.

Today, Cisco is announcing the integration of Advanced Malware Protection (AMP) into our Cisco Web and Email Security Appliances and Cloud Services. This underscores our imperative to remain threat-focused – always detecting, understanding, and stopping threats through pervasive threat protection platforms for the extended network.

Specifically, to combat the proliferation of web- and email-delivered malware, AMP is now available to all Cisco Web and Email Security customers. AMP is available both on appliances and via cloud services as an additional licensed feature, adding yet another layer of malware defense to our web and email security. Integrated AMP delivers cost-effective protection across the full attack continuum – before, during, and after an attack. Initially developed by Sourcefire, and leveraging the vast cloud security intelligence of both Cisco and Sourcefire, AMP is a comprehensive malware-defeating solution that, when incorporated into our content security platforms, enables malware detection and blocking, continuous analysis, and retrospective alerting. What is more, this integration supports extensible, platform-based approaches, rather than deploying point security appliances, such as a sandboxing point product behind a web security gateway.

The integration of Cognitive Threat Analytics with Cisco Cloud Web Security helps customers reduce the time to discovery of threats operating inside the network using advanced threat analytics. Available with AMP as part of premium license, Cognitive Threat Analytics addresses gaps in perimeter-based defenses by identifying the symptoms of a malware infection or data breach using behavioral analysis and anomaly detection.

No company matches Cisco’s extensive coverage of enforcement points to defend against advanced malware and address ever-expanding attack vectors. AMP is available across the broadest range of attack vectors as an integrated capability in FirePOWER appliances, as an endpoint solution for PCs, for mobile devices and virtual environments, and now as a feature that can be added to Cisco Web and Email Security solutions.

For more details please see our newsroom: http://newsroom.cisco.com/release/1354516 and product page: http://www.cisco.com/go/amp. Please stop by RSA Conference 2014 and visit us at Cisco Security Booth #3221 and Sourcefire Booth #2741 to see first-hand how we can help you deal with pervasive malware.


CP Morey

Senior Director, Product Marketing

Security Product and Solutions Marketing