As evasive and complex as today’s threats have become, it’s no wonder security professionals in organizations of all sizes are ripping out their legacy antivirus completely in favor of Endpoint Protection Platforms (EPP) and Endpoint Detection and Response (EDR) technologies. Endpoint Protection Platform (EPP) delivers next generation antivirus that stops today’s complex attacks. Endpoint Detection and Response (EDR) offers more advanced capabilities like detecting and investigating security incidents, and the ability to remediate endpoints quickly. The question then becomes, which should you choose? And why can’t you have both?

We believe you can AND we believe it should simplify your security operations. That’s why we’ve brought EPP and EDR capabilities together in a single cloud-delivered solution called Cisco® Advanced Malware Protection (AMP) for Endpoints. It is relentless at stopping breaches and blocking malware, then rapidly detects, contains, and remediates advanced threats that evade front-line defenses. Moreover, it’s easy to deploy, easy to use and leverages your existing security investments to help you address threats beyond the endpoint. That’s what we call relentless breach defense and here’s three ways Cisco AMP for Endpoints does this.

#1. Block threats. Before they target you.

How effective you are at protecting your endpoints really depends on how good the threat intelligence you’re acting on. That’s why at Cisco, we employ machine learning and automation to spot malware activity fast, malware attack prevention to block ransomware, exploit prevention to stop fileless malware and a variety of other protection engines fueled by Cisco Talos, the largest non-governmental threat intelligence group on the planet. We find more vulnerabilities than other vendors and push out protection before the bad guys can exploit them, giving you an advantage. And because we’re Cisco, Talos sees more network traffic than anyone else. Whether a threat begins on the Internet, in an email, or on someone else’s network. Our cloud-based global telemetry sees a threat once, anywhere in the world, and blocks it everywhere, across our endpoint ecosystem and our entire security platform.

#2. Know everything. About every endpoint.

We simplify threat hunting and investigation with our newly announced endpoint detection and response (EDR)capabilities that automate advanced investigative queries across any or all of your endpoints. Whether you are doing an investigation as part of incident response, threat hunting, IT operations, or vulnerability and compliance, we get you the answers you need. We have preloaded scripts so you can leverage the expertise of our threat hunters or even customize your own. These queries are organized in a catalog of common use cases, even aligning with the Mitre ATT&CK. We provide deeper visibility on what happened to any endpoint at any given time by taking a snapshot of its current state – you can think about this as a “freeze-framing” activity on a device right to the moment when something malicious was seen. We continuously monitor and analyze the behavior of your endpoints, giving you the information you need to investigate and respond to the riskiest threats quickly and confidently. If a file that appeared clean upon initial inspection ever becomes a problem, we can provide a full history of the threat’s activity to catch, isolate, contain, and remediate at the first sign of malicious behavior.

#3. Respond completely. With security that works together.

Threats are not one dimensional and neither should your defenses be. That’s why we built our endpoint security with out-of-the-box integrations with the rest of the Cisco security platform to block, detect, investigate and respond to threats across your entire environment – not just your endpoints. With security that works together, we help you streamline your security operations, making security investigations faster and easier. You will get to the root cause fast, and automate actions to stop a threat in its tracks. We empower you to respond to attacks at the first sign of malicious behavior using one-click isolation of any endpoint, everywhere. Importantly, we have broader control beyond just the endpoint. We instrument our endpoint security to leverage threat intelligence from web, email, cloud and network security solutions; and multi-factor authentication integration for Zero-Trust, creating security defenses that work together for more effective protection and response against the most challenging threats with less time, effort, and cost to do so.

New! AMP for Endpoints packages. Fit for every organization.

We understand that customers have varying levels of endpoint security requirements so we are introducing new product packages so you can choose the one that best fits your organization:

  • Cisco AMP for Endpoints Essentials. Replace legacy antivirus (AV) with our next-
    gen AV. Powered by Cisco Talos, the largest non-governmental threat intelligence in the world, we block more threats than any other security provider. See a threat once and block it everywhere – automating threat responses with one-click isolation of an infected host, while getting broader control beyond just the endpoint.
  • Cisco AMP for Endpoints Advantage. The highest level of AMP for Endpoints includes all capabilities offered in the Essentials package, plus the ability to simplify security investigations with advanced endpoint detection and response (EDR), and easy access to our advanced malware analysis and threat intelligence portal – Cisco Threat Grid Cloud.

Click here to learn more about our new AMP for Endpoints packages.

Finally, channel your inner threat hunter: register for one of our Threat Hunting Workshops. You’ll get hands on experience threat hunting, investigating and responding to threats so you and be relentless at breach defense too.


Gedeon Hombrebueno

Product Marketing

Endpoint Security