Cisco Blogs
Share

Status: Verified. Cisco AMP for Endpoints Hits the Mark


September 14, 2018 - 0 Comments

Many times, when people think of the term “Next Generation Endpoint Security” they are thinking about a list of capabilities, preventative engines, detection mechanisms, and response capabilities. With so many elements, it becomes incredibly difficult to gauge how they work in the real world. At the end of the day, it all boils down to one important question: will this solution help me defend my critical information assets against today’s advanced threats?

To determine if Cisco AMP for Endpoints is the answer to your question, we commissioned Miercom to take some of today’s most advanced malware and document the performance and behavior. Traditional product tests and evaluations focus on prevention and is generally scored with a percentage of threats blocked, and that may be great for the 99% of threats. But what about the 1% of threats you really care about? These are the threats that are designed and crafted to wreak havoc in your environment.

In order to effectively test advanced malware beyond just the prevention, Miercom broke down each attack into discrete phases. These were key points in time where the malware executed or expanded its footprint on the endpoint. In turn, these stages define every potential point in time we can terminate the malware.

The first phase generally starts with detection at point in time but then becomes more intricate. As the malware begins to execute and propagate on the system, different elements and engines of AMP for Endpoints will detect and block the malware from continuing to progress.

Being able to stop these attacks at multiple points ensures that no matter what the situation, or how the malware was crafted or modified to avoid detection, there will be some point in time where we can detect and respond to the threat to prevent damage to the endpoint.

Beyond just testing advanced malware, a core element in next generation endpoint security is incident response capabilities. Detecting and responding to all phases in an attack is important to automatically protect your endpoints, but the ability to understand how far the attack may have gotten or what it did while it was on the endpoint is crucial in asset recovery and incident response. Miercom handcrafted malware to execute on the endpoints to evaluate how quickly potential new threats could be detected and what it would take to deconstruct behavior and intent. During the test, AMP for Endpoints provided everything needed to quickly and effectively understand the attack and respond.

Miercom states:

“Cisco AMP produced alerts and warnings of serious potential for compromise which requires investigation. Utilizing the device trajectory and the events created by AMP, a clear understanding of the attack vectors can be reconstructed for analysis.”

We understand that it is impossible to evaluate every product against every attack. However, with Miercom’s validation of Cisco AMP for Endpoints and all of its prevention, detection, and response capabilities against real-world advanced threats, you can better understand how this solution can protect you and how it can help identify any malicious activity on your endpoints.

Learn more in the full report, “Cisco Advanced Malware Protection (AMP) for Endpoints Security Testing“.



In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.