Every organization needs to face the fact that breaches can and do happen. Hackers have the resources, the expertise, and the persistence to infiltrate any organization, and there is no such thing as a 100 percent effective, silver-bullet detection technology. As security professionals, we tend to focus on what we can do to defend directly against hackers that will infiltrate a system. But, what about our own users? Increasingly we need to look at how user behavior contributes to attacks and how to deal with that.

The 2013 Verizon Data Breach Investigation Report found that 71 percent of malware attacks target user devices. And, the 2014 report finds that the use of user devices as an attack vector has been growing over time, probably because they offer an easy foot in the door. According to the 2014 Cisco Midyear Security Report, global spam is at its highest level since 2010 and that’s just one technique targeted at end users. “Watering hole” attacks, phishing, and drive-by attacks launched from mainstream websites are all popular ways to target devices. And, then there’s the shadow IT phenomenon where users will ignore approved corporate standards to use the hottest technologies or whatever device or application will help them get their job done faster, better, and easier.

Educating users is important. They need to be wise to attackers’ techniques and the dangers that unsanctioned websites and applications can present. Also, putting policies in place to restrict user behavior can go a long way toward preventing malicious attacks that often rely on relatively simple methods. But it is not enough.

We must recognize that security as a “people problem” is not going away anytime soon, and the advent of the Internet of Everything is going to exacerbate the problem. Not only will users be able to inadvertently expose their systems to malware from their laptops and tablets, they will also be able to click on links from their smartwatches, cars, etc. Once that malware is on their device, it won’t take long to proliferate across the entire network and any connected devices.

Organizations need security solutions on the endpoint that cannot only defend against targeted malware attacks, but provide the visibility and control necessary to catch bad user behavior and quickly contain a malware outbreak caused by it.

Cisco AMP for Endpoints is a tool that delivers visibility and control on the endpoint to detect and protect against this type of behavior. It provides advanced malware protection for PCs, Macs, mobile devices, and virtual environments. Using a telemetry model that combines big data, continuous analysis, and advanced analytics, it provides context for more informed security decision-making. With AMP for Endpoints, you can roll back the clock on would-be attackers to not only defend before and during an attack, but also be able to quickly remediate threats if they evade your first lines of defense. Security practitioners can protect endpoints, whether connected to a protected network or roaming on public or personal in-home Wi-Fi, with continuous and integrated detection, response, and remediation capabilities. Watch this three-minute video and learn how John Ode, a longtime customer and power user of Cisco AMP for Endpoints, gains visibility and control at the endpoint down to the user level and uses the tool to educate individuals on how their actions can increase the organization’s security risk and how to correct their behavior.

To learn more about AMP for Endpoints, visit www.cisco.com/go/amp


John Dominguez

Product Marketing

Cisco Security Business Group