SlideShare a Scribd company logo

Cisco amp for endpoints

Cisco Canada
Cisco Canada

Cisco AMP for Endpoints

Technology
1 of 10
Download to read offline
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 10 Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview Organizations today are under the constant threat of cyber attack, and security breaches happen every day. Cisco Advanced Malware Protection (AMP) for Endpoints is a cloud-managed endpoint security solution that provides the visibility, context and control to not only prevent cyber attacks, but also rapidly detect, contain, and remediate advanced threats if they evade front-line defenses and get inside—all cost-effectively, without affecting operational efficiency, and before damage can be done. AMP for Endpoints prevents attacks by providing the latest global threat intelligence to strengthen defenses, a built-in antivirus (AV) engine to detect and block attacks at point-of-entry, built-in sandboxing technology to analyze unknown files, and proactive protection capabilities that close attack pathways and minimize vulnerabilities. But if malware evades these prevention measures and gets inside, AMP for Endpoints continuously monitors and records all file activity to quickly detect malicious behavior, retrospectively alert security teams, and then provide deep visibility and a detailed recorded history of the malware’s behavior over time – where it came from, where it’s been, and what it’s doing. AMP can then automatically contain and remediate the threat. AMP protects endpoints running Windows, Mac OS, Linux, and mobile devices. Understand AMP for Endpoints in 4 minutes. Benefits include: ● Protection that goes beyond prevention: Cisco AMP for Endpoints goes beyond just preventing attacks. It analyzes files and traffic continuously. This capability helps enable retrospective security. You can look back in time and trace processes, file activities, and communications to understand the full extent of an infection, establish root causes, and perform remediation. The result: more effective, efficient, and pervasive protection for your organization. ● Monitoring that enables unmatched visibility: Cisco AMP for Endpoints offers more than retrospection. It introduces a new level of intelligence, linking and correlating various forms of retrospection into a lineage of activity available for analysis in real time. It can then look for patterns of malicious behavior from an individual endpoint or across the environment of endpoints. ● Advanced analysis that looks at behaviors over time: Cisco AMP for Endpoints provides automation through advanced behavioral detection capabilities that deliver a prioritized and collated view of top areas of compromise and risk. ● Investigation that turns the hunted into the hunter: Cisco AMP for Endpoints shifts activity from looking for facts and clues as part of an investigation to a focused hunt for breaches based on actual events like malware detections and behavioral indications of compromise (IoCs). ● Containment that is truly simple: Cisco AMP for Endpoints provides visibility into the chain of events and context that complements its dashboards and trajectory views. AMP provides the ability to target specific applications, files, malware, and other root causes. Breaking the attack chain is not only quick but also easy.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 10 ● Dashboards that are actionable and contextual: Reports are not limited to event enumeration and aggregation. Cisco AMP for Endpoints’ actionable dashboards allow for streamlined management and faster response. (see Figure 1) ● Integrated platforms that work better together: Cisco AMP for Endpoints can be fully integrated with the Cisco AMP for Networks solution, and other AMP deployments, to further increase visibility and control across your organization. Figure 1. Actionable and Contextual Dashboards Increase Visibility, Context, and Control for Effective Security Organizations struggle to find a solution that can effectively address the full lifecycle of the advanced malware problem: providing protection, incident response, and remediation against the latest threats without overburdening the budget or sacrificing operational efficiency. Part of the challenge comes from a lack of continuity and intelligence between detection and blocking technologies and incident response and remediation technologies. Often, this lack of intelligence can leave an organization unaware of the full extent and depth of an outbreak, which cause incident response and remediation efforts to begin well after an outbreak. In addition, lack of continuity can cause infected systems and root causes to be missed during these efforts, leading to an endless cycle of reinfection. As a result, security professionals often lack visibility into the scope of advanced malware in their network, struggle to contain and remediate it after an outbreak, and cannot address fundamental questions, including: ● What was the method and point of entry? ● What systems were affected? ● What did the threat do? ● Can we stop the threat and eliminate the root cause? ● How do we recover from the attack? ● How do we prevent it from happening again?
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 10 Cisco AMP for Endpoints Discovers, Analyzes, Blocks, and Remediates Advanced Malware Preventative security tools alone will never be 100 percent effective at preventing all attacks. It takes only one threat that evades detection to compromise your environment. Using targeted context-aware malware, sophisticated attackers have the resources, expertise, and persistence to outsmart preventative defenses and compromise any organization at any time. Furthermore, prevention tools (or “point-in-time” detection tools) are completely blind to the scope and depth of a breach after it happens, rendering organizations incapable of stopping an outbreak from spreading or preventing a similar attack from happening again. Cisco AMP for Endpoints can prevent attacks, but goes beyond just prevention to deliver continuous monitoring, detection, and response if malware gets inside. It delivers a lattice of detection capabilities combined with big data analytics to continuously analyze files and traffic on endpoints to determine if advanced malware is present (Figure 2). Sophisticated machine-learning techniques evaluate more than 400 characteristics associated with each file to analyze and block advanced malware. The combination provides protection that goes beyond traditional defenses. Retrospective security, the ability to roll back time on attacks, can detect and alert you to files that become malicious after the initial point of entry. Figure 2. Prevention (or “Point-In-Time Detection”) Tools Compared with Continuous Analysis and Retrospective Security
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 10 See More Than Ever Before and Control Advanced Malware Today’s malware is more sophisticated than ever. Evolving quickly, it can evade discovery after it has compromised a system while providing a launching pad for a persistent attacker to move throughout an organization. Sleep techniques, polymorphism, encryption, and use of unknown protocols are just some of the ways that malware can hide from view. The continuous analysis and retrospective security features of Cisco AMP for Endpoints let you uncover elusive malware and help you answer the following key questions in the battle against advanced threats. ● What was the method and point of entry? What systems were affected? Powerful innovations like file trajectory and device trajectory (Figure 3) use AMP’s big data analytics and continuous analysis capabilities to show you the systems affected by malware, including patient zero and the root causes associated with a potential compromise. These capabilities help you quickly understand the scope of the problem by identifying malware gateways and the path that attackers are using to gain a foothold into other systems. Figure 3. Deep Analysis with Device Trajectory
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 10 ● What did the threat do? Cisco AMP for Endpoints File Analysis (Figure 4), backed by the Talos Security Intelligence and Research Group and powered by AMP’s built-in sandboxing technology (Threat Grid), provides a safe, highly secure sandbox environment for you to analyze the behavior of malware and suspect files. File analysis produces detailed information on file behavior, including the severity of behaviors, the original filename, screenshots of the malware executing, and sample packet captures. Armed with this information, you’ll have a better understanding of what is necessary to contain the outbreak and block future attacks. Figure 4. File Analysis Device trajectory further aids a quick analysis of threat activity on a computer by tracking file and network activity at the endpoint in chronological order. You gain complete visibility into the events that occurred leading up to and following a compromise, including parent processes, connections to remote hosts, and unknown files that may have been downloaded by malware. Indications of compromise (IoCs) are often subtle and require immediate investigation before they are erased or an attacker moves on. With the Cisco AMP for Endpoints Search, security teams can quickly hunt down the scope of exposure to an attack with simple but flexible search capabilities that immediately present results without the need to scan and pull data from endpoints.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 10 ● Can we stop the threat and root causes? Can we prevent it from happening again? Cisco AMP for Endpoints Outbreak Control gives you a suite of capabilities to effectively stop the spread of malware and malware-related activities, like call-back communications or dropped file execution, without waiting for updates from your security vendor. This gives you the power to move directly from investigation to control with a few mouse clicks, significantly reducing the time a threat has to spread or do more damage and the time it normally takes to put controls in place. Furthermore, AMP can automatically remediate systems without a full scan. The technology continuously cross-references files analyzed in the past against the latest threat intelligence and quarantines any files previously deemed clean or unknown that are now known to be a threat. Protect PCs, Macs, Linux, Mobile Devices and the Network Cisco AMP for Endpoints protects you against advanced malware and increases security intelligence across all endpoints - PCs, Macs, Linux, and mobile devices. Its lightweight connector architecture uses big data analytics, which simplifies defense-in-depth requirements to address advanced malware. Furthermore, Cisco AMP for Endpoints integrates with Cisco AMP for Networks, and other AMP deployments, to deliver comprehensive protection through a single pane of glass and across extended networks and endpoints. Now, using continuous analysis, retrospective security, and multisource indications of compromise, you can identify stealthy attacks that manage to traverse from the endpoint to inline at the network level, correlate those events for faster response, and achieve greater visibility and control. Scale Up Protection for the Enterprise AMP is optimized for the enterprise. In terms of privacy, all Cisco AMP for Endpoints connectors use metadata for analysis. Actual files are not needed and not sent to the cloud for analysis. For organizations with high privacy requirements, a private cloud option is also available. This single on-premises solution delivers comprehensive advanced malware protection using big data analytics, continuous analysis, and security intelligence stored locally on premises. As for manageability, the Cisco AMP for Endpoints console interface provides complete management, deployment, policy configuration, and reporting for Windows systems, Mac systems, Linux systems, and mobile devices. As for performance, Cisco AMP for Endpoints deployed on PCs, Macs, Linux, and mobile devices use lightweight connector architectures, requiring less storage, computation, and memory than other security solutions, speeding protection against attacks. Gain Truly Comprehensive Security Intelligence Cisco AMP for Endpoints is built on big data and unmatched security intelligence. The Cisco Talos Security Intelligence and Research Group, and AMP Threat Grid threat intelligence feeds, represent the industry’s largest collection of real-time threat intelligence with the broadest visibility, largest footprint, and ability to put it into action across multiple security platforms. This data is then pushed from the cloud to the AMP for Endpoints client so that you have the latest threat intelligence at all times. The integration of our Threat Grid sandboxing technology into AMP for Endpoints also provides over 700 unique behavioral indicators that evaluate the actions of a file submission, not just its structure, providing insight to unknown malware including associated HTTP and DNS traffic, TCP/IP streams, processes it’s affecting, and registry activity.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 7 of 10 Threat Grid also provides users with context-rich, actionable content everyday - more than 8 million samples are analyzed each month resulting in billions of artifacts. And finally, Threat Grid’s highly accurate content feeds, delivered in standard formats to seamlessly integrate with existing security technologies, enable organizations to generate context-rich intelligence specific to their organization. Cisco AMP Leads in Third-Party Test Cisco is the leader in NSS Labs’ Breach Detection Systems Report for the third year in a row, according to the 2016 NSS Labs Breach Detection Systems Comparative Analysis Report. The 2016 NSS Labs comparative product test provides the details on how Cisco AMP achieved: ● 100% Security Effectiveness rating-the highest of all vendors tested ● Only vendor to detect and block 100% of malware, exploits, and evasion techniques during testing ● Fastest time to detection of all vendors tested ● Excellent performance with minimal impact on endpoint or application latency Table 1 highlights the best-in-class capabilities of Cisco AMP for Endpoints. Table 2 lists the software requirements. Table 1. Features and Benefits of Cisco AMP for Endpoints Feature Benefits Continuous analysis Once a file lands on the endpoint, AMP for Endpoints continues to watch, analyze, and record all file activity, regardless of the file’s disposition. When malicious behavior is detected, AMP shows you a recorded history of the malware’s behavior over time: where it came from, where it’s been, and what it’s doing. This helps you scope the compromise and quickly respond. Continuous analysis in 4 minutes. Retrospective security Retrospective security is the ability to look back in time and trace processes, file activities, and communications in order to understand the full extent of an infection, establish root causes, and perform remediation. The need for retrospective security arises when any IoC occurs, such as an event trigger, a change in the disposition of a file, or an IoC trigger. Dashboards Gain visibility into your environment through a single pane of glass - with a view into hosts, devices, applications, users, files, and geolocation information, as well as advanced persistent threats (APTs), threat root causes, and other vulnerabilities - to provide a comprehensive contextual view so that you can make informed security decisions. Comprehensive global threat intelligence Cisco Talos Security Intelligence and Research Group, and Threat Grid threat intelligence feeds represent the industry’s largest collection of real-time threat intelligence with the broadest visibility, the largest footprint, and the ability to put it into action across multiple security platforms. Indications of compromise File, telemetry, and intrusion events are correlated and prioritized as potentially active breaches, helping security teams to rapidly identify malware incidents and connect them to coordinated attacks. File reputation Advanced analytics and collective intelligence are gathered to determine whether a file is clean or malicious, allowing for more accurate detection. Antivirus Engine Perform offline and system-based detections, including rootkit scanning, to complement Cisco’s advanced endpoint protection capabilities such as local IOC scanning, and device and network flow monitoring. The engine can be enabled and used by customers that want to consolidate their antivirus and advanced endpoint protection in one agent. File analysis and sandboxing A highly secure environment helps you execute, analyze, and test malware behavior in order to discover previously unknown zero-day threats. Integration of Threat Grid’s sandboxing technology into AMP for Endpoints results in more dynamic analysis checked against a larger set of behavioral indicators. Retrospective detection Alerts are sent when a file disposition changes after extended analysis, giving you awareness and visibility to malware that evaded initial defenses. File trajectory Continuously track file propagation over time throughout your environment in order to achieve visibility and reduce the time required to scope a malware breach. Device trajectory Continuously track activity and communication on devices and on the system level to quickly understand root causes and the history of events leading up to and after compromise. Elastic search A simple, unbounded search across file, telemetry, and collective security intelligence data helps you quickly understand the context and scope of exposure to an IoC or malicious application.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 10 Feature Benefits Endpoint search A simple interface to easily and quickly search across all endpoints looking for artifacts left behind as part of the malware ecosystem, extending search capabilities beyond data stored in the cloud to the endpoint itself. Low prevalence executables Display all files that have been executed across your organization, ordered by prevalence from lowest to highest, to help you surface previously undetected threats seen by a small number of users. Files executed by only a few users may be malicious (such as a targeted advanced persistent threat) or questionable applications you may not want on your extended network. Endpoint IoCs Users can submit their own IoCs to catch targeted attacks. These Endpoint IoC’s let security teams perform deeper levels of investigation on lesser known advanced threats specific to applications in their environment. Vulnerabilities Identify vulnerable software and close attack pathways. This feature shows a list of hosts that contain vulnerable software, a list of the vulnerable software on each host, and the hosts most likely to be compromised. Powered by our threat intelligence and security analytics, AMP identifies vulnerable software being targeted by malware, shows you the potential exploit, and provides you with a prioritized list of hosts to patch. Command Line Visibility This feature provides visibility into what command lines arguments are used to launch executables. See into command line arguments to determine if legitimate application, including Windows utilities, are being used for malicious purposes. For instance, see if vssadmin is being used to delete shadow copies or disable safe boots; get visibility into PowerShell- based exploits; see into privilege escalation, modifications of access control lists (ACLs), and attempts to enumerate systems. Application Programming Interface (API) With a bi-directional (read and write) API enabled on AMP for Endpoints, users can more easily integrate with third- party security tools and SIEMs, and access data and events in their AMP for Endpoints account without the need to log into the management console. Outbreak control Achieve control over suspicious files or outbreaks, and quickly and surgically control and remediate an infection without waiting for a content update. Within the outbreak control feature, simple custom detections can quickly block a specific file across all or selected systems; advanced custom signatures can block families of polymorphic malware; application blocking lists can enforce application policies or contain a compromised application being used as a malware gateway and stop the re-infection cycle; custom whitelists will help ensure that safe, custom, or mission-critical applications continue to run no matter what; and device flow correlation will stop malware call-back communications at the source, especially for remote endpoints outside the corporate network. Integration with Threat Grid The integration of Threat Grid’s sandboxing technology and advanced malware analysis capabilities into AMP for Endpoints provides over 700 unique behavioral indicators analyzing the actions of a file, easy to understand threat scores, and billions of malware artifacts at your disposal for unmatched scale and coverage from global threats. No need to deploy a sandbox from a third party or worry about any type of outside integration. Integration with Cognitive Threat Analytics (CTA) Get agentless detection when AMP for Endpoints is deployed alongside a compatible web proxy, like Cisco WSA, or a third-party web proxy like Blue Coat ProxySG. See an average 30% more infections across your environment; uncover file-less or memory-only malware, and infections that live in a web browser only; catch malware before it compromises the OS-level; get visibility into devices with no AMP for Endpoints connector installed; see CTA detection events in the AMP for Endpoints management console. Support Disconnected Mode If an AMP for Endpoints Connector does not have access to the cloud, then all activities which are normally tracked and recorded to the cloud are instead cached on the endpoint until such time that the Connector establishes a connection to the AMP Cloud. It will then transmit all cached activity thereby removing a blind spot during that time the Connecter was disconnected. (coming January 2017) Currently, the connector sends hash information over the internet when it does not have corporate network access. AMP Private Cloud Virtual Appliance AMP for Endpoints can be deployed as an on-premises, air-gapped solution built specifically for organizations with high-privacy requirements that restrict using a public cloud. Launch from AnyConnect v4.1 With a Cisco AnyConnect v4.1 remote access VPN client installed, users can elect to launch the AMP for Endpoints connector on that remote endpoint. This allows for a rapid expansion of endpoint threat protection to VPN-enabled endpoints and further minimizes the potential of an attack from a remote host. Gain more insight into remote endpoints, and accelerate remediation efforts during or after an attack.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 9 of 10 Table 2. Software Requirements Cisco AMP for Endpoints ● Microsoft Windows XP with Service Pack 3 or later ● Microsoft Windows Vista with Service Pack 2 or later ● Microsoft Windows 7 ● Microsoft Windows 8 and 8.1 ● Microsoft Windows 10 ● Microsoft Windows Server 2003 ● Microsoft Windows Server 2008 ● Microsoft Windows Server 2012 ● Mac OS X 10.7 and later ● Linux Red Hat 6.5 and 6.6 ● Linux CentOS 6.4, 6.5, and 6.6 Cisco AMP for Endpoints on Android mobile devices ● Android version 2.1 and later Platform Support and Compatibility Cisco AMP for Endpoints includes Cisco AMP for Endpoints licenses and subscriptions (1, 3, and 5 year options) and the lightweight connector. Cisco AMP for Endpoints is compatible with Cisco AMP for Networks and other AMP deployments. Cisco AMP for Endpoints can also be launched from Cisco AnyConnect v4.1 on remote endpoints. Warranty Information Find warranty information on the Cisco.com Product Warranties page. Ordering Information Cisco AMP for Endpoints can be ordered using the appropriate License and Subscription part numbers: 1. Begin by searching for the AMP for Endpoints license part number: FP-AMP-LIC= 2. Enter the quantity that equals the number of AMP for Endpoints connectors that are being purchased 3. After the number is entered, the correct Subscription part number will be auto-selected. A 1-year subscription is the default 4. AMP for Endpoints accounts are term-based subscriptions of 1, 3, or 5 years. Terms of 3 or 5 years will require editing the Service/Subscription term for the FP-AMP-LIC= part number Figure 5 shows the structure of the AMP for Endpoints part numbers. Figure 5. Example of AMP for Endpoints Subscription Part Number
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 10 of 10 To place an order, visit the Cisco Ordering Home Page, contact your Cisco sales representative, or call us at 800 553-6387. Cisco Capital Financing to Help You Achieve Your Objectives Cisco Capital can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce CapEx, accelerate your growth, and optimize your investment dollars and ROI. Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment. And there’s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more. For More Information For more information, please visit the following link: ● Cisco AMP for Endpoints Printed in USA C78-733181-08 11/16

Recommended

Meraki Overview
Meraki OverviewMeraki Overview
Meraki OverviewCloud Distribution
 
Microsoft intune
Microsoft intuneMicrosoft intune
Microsoft intuneManishKumar959920
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Cloudflare
 
Change Management ITIL
Change Management ITILChange Management ITIL
Change Management ITILdkmorgan51
 
Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Aujas
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AADAndrew Bettany
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Adopting SD-WAN With Confidence: How To Assure and Troubleshoot Internet-base...
Adopting SD-WAN With Confidence: How To Assure and Troubleshoot Internet-base...Adopting SD-WAN With Confidence: How To Assure and Troubleshoot Internet-base...
Adopting SD-WAN With Confidence: How To Assure and Troubleshoot Internet-base...ThousandEyes
 

Recommended

Meraki Overview
Meraki OverviewMeraki Overview
Meraki OverviewCloud Distribution
 
Microsoft intune
Microsoft intuneMicrosoft intune
Microsoft intuneManishKumar959920
 
Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Cloudflare
 
Change Management ITIL
Change Management ITILChange Management ITIL
Change Management ITILdkmorgan51
 
Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Identity and Access Management Playbook CISO Platform 2016
Identity and Access Management Playbook CISO Platform 2016Aujas
 
3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AAD3 Modern Security - Secure identities to reach zero trust with AAD
3 Modern Security - Secure identities to reach zero trust with AADAndrew Bettany
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Adopting SD-WAN With Confidence: How To Assure and Troubleshoot Internet-base...
Adopting SD-WAN With Confidence: How To Assure and Troubleshoot Internet-base...Adopting SD-WAN With Confidence: How To Assure and Troubleshoot Internet-base...
Adopting SD-WAN With Confidence: How To Assure and Troubleshoot Internet-base...ThousandEyes
 
Dell EMC PowerEdge iDRAC9 - 14 features for power users
Dell EMC PowerEdge iDRAC9 - 14 features for power usersDell EMC PowerEdge iDRAC9 - 14 features for power users
Dell EMC PowerEdge iDRAC9 - 14 features for power usersMark Maclean
 
Extending Security to EVERY Edge
Extending Security to EVERY EdgeExtending Security to EVERY Edge
Extending Security to EVERY Edgeitnewsafrica
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Cisco Meraki Overview
Cisco Meraki OverviewCisco Meraki Overview
Cisco Meraki OverviewSSISG
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Syed Sabhi Haider
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
Meraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopMeraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopCisco Canada
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices Ivanti
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementGovernment Technology Exhibition and Conference
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptxMohit Chhabra
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Meraki Solution Overview
Meraki Solution OverviewMeraki Solution Overview
Meraki Solution OverviewClaudiu Sandor
 
palo-alto-networks-sase-overview-deck.pptx
palo-alto-networks-sase-overview-deck.pptxpalo-alto-networks-sase-overview-deck.pptx
palo-alto-networks-sase-overview-deck.pptxinfoeliechahine
 
Enterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Enterprise WAN Transformation: SD-WAN, SASE, and the PandemicEnterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Enterprise WAN Transformation: SD-WAN, SASE, and the PandemicEnterprise Management Associates
 
AWS vs Azure - Cloud Services Comparison
AWS vs Azure - Cloud Services ComparisonAWS vs Azure - Cloud Services Comparison
AWS vs Azure - Cloud Services ComparisonAniket Kanitkar
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model PresentationGowdhaman Jothilingam
 
Log correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance dataLog correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance dataErtugrul Akbas
 
Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networksCisco Canada
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhereCisco Canada
 

More Related Content

What's hot

Dell EMC PowerEdge iDRAC9 - 14 features for power users
Dell EMC PowerEdge iDRAC9 - 14 features for power usersDell EMC PowerEdge iDRAC9 - 14 features for power users
Dell EMC PowerEdge iDRAC9 - 14 features for power usersMark Maclean
 
Extending Security to EVERY Edge
Extending Security to EVERY EdgeExtending Security to EVERY Edge
Extending Security to EVERY Edgeitnewsafrica
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Cisco Meraki Overview
Cisco Meraki OverviewCisco Meraki Overview
Cisco Meraki OverviewSSISG
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Syed Sabhi Haider
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
Meraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopMeraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopCisco Canada
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices Ivanti
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management StrategyNetIQ
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
Meraki Solution Overview
Meraki Solution OverviewMeraki Solution Overview
Meraki Solution OverviewClaudiu Sandor
 
palo-alto-networks-sase-overview-deck.pptx
palo-alto-networks-sase-overview-deck.pptxpalo-alto-networks-sase-overview-deck.pptx
palo-alto-networks-sase-overview-deck.pptxinfoeliechahine
 
Enterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Enterprise WAN Transformation: SD-WAN, SASE, and the PandemicEnterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Enterprise WAN Transformation: SD-WAN, SASE, and the PandemicEnterprise Management Associates
 
AWS vs Azure - Cloud Services Comparison
AWS vs Azure - Cloud Services ComparisonAWS vs Azure - Cloud Services Comparison
AWS vs Azure - Cloud Services ComparisonAniket Kanitkar
 
Log correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance dataLog correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance dataErtugrul Akbas
 

What's hot (20)

Dell EMC PowerEdge iDRAC9 - 14 features for power users
Dell EMC PowerEdge iDRAC9 - 14 features for power usersDell EMC PowerEdge iDRAC9 - 14 features for power users
Dell EMC PowerEdge iDRAC9 - 14 features for power users
 
Extending Security to EVERY Edge
Extending Security to EVERY EdgeExtending Security to EVERY Edge
Extending Security to EVERY Edge
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
Cisco Meraki Overview
Cisco Meraki OverviewCisco Meraki Overview
Cisco Meraki Overview
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
 
Meraki Cloud Networking Workshop
Meraki Cloud Networking WorkshopMeraki Cloud Networking Workshop
Meraki Cloud Networking Workshop
 
Patch Management Best Practices
Patch Management Best Practices Patch Management Best Practices
Patch Management Best Practices
 
Active Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The FieldActive Directory in ICS: Lessons Learned From The Field
Active Directory in ICS: Lessons Learned From The Field
 
Building an Effective Identity Management Strategy
Building an Effective Identity Management StrategyBuilding an Effective Identity Management Strategy
Building an Effective Identity Management Strategy
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access Management
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Meraki Solution Overview
Meraki Solution OverviewMeraki Solution Overview
Meraki Solution Overview
 
palo-alto-networks-sase-overview-deck.pptx
palo-alto-networks-sase-overview-deck.pptxpalo-alto-networks-sase-overview-deck.pptx
palo-alto-networks-sase-overview-deck.pptx
 
Enterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Enterprise WAN Transformation: SD-WAN, SASE, and the PandemicEnterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
Enterprise WAN Transformation: SD-WAN, SASE, and the Pandemic
 
AWS vs Azure - Cloud Services Comparison
AWS vs Azure - Cloud Services ComparisonAWS vs Azure - Cloud Services Comparison
AWS vs Azure - Cloud Services Comparison
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
Log correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance dataLog correlation SIEM rule examples and correlation engine performance data
Log correlation SIEM rule examples and correlation engine performance data
 

Similar to Cisco amp for endpoints

Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networksCisco Canada
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhereCisco Canada
 
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Ricardo Resnik
 
Cisco amp for meraki
Cisco amp for merakiCisco amp for meraki
Cisco amp for merakiCisco Canada
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityLumension
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackEMC
 
Explore SOC (Security Operations Center)-based Interview Questions to Unlock ...
Explore SOC (Security Operations Center)-based Interview Questions to Unlock ...Explore SOC (Security Operations Center)-based Interview Questions to Unlock ...
Explore SOC (Security Operations Center)-based Interview Questions to Unlock ...infosecTrain
 
Telecom Network Incident Investigation Services - SecurityGen
Telecom Network Incident Investigation Services - SecurityGenTelecom Network Incident Investigation Services - SecurityGen
Telecom Network Incident Investigation Services - SecurityGenSecurityGen1
 
SecurityGen Telecom network security assessment - legacy versus BAS (1).pdf
SecurityGen Telecom network security assessment - legacy versus BAS (1).pdfSecurityGen Telecom network security assessment - legacy versus BAS (1).pdf
SecurityGen Telecom network security assessment - legacy versus BAS (1).pdfSecurity Gen
 
Security Gen's Telecom Security Monitoring Unleashes Unrivaled Protection.pdf
Security Gen's Telecom Security Monitoring Unleashes Unrivaled Protection.pdfSecurity Gen's Telecom Security Monitoring Unleashes Unrivaled Protection.pdf
Security Gen's Telecom Security Monitoring Unleashes Unrivaled Protection.pdfSecurityGen1
 
Secure Horizons: Navigating the Future with Network Security Solutions
Secure Horizons: Navigating the Future with Network Security SolutionsSecure Horizons: Navigating the Future with Network Security Solutions
Secure Horizons: Navigating the Future with Network Security SolutionsSecurityGen1
 
ds-threat-intelligence-exchange
ds-threat-intelligence-exchangeds-threat-intelligence-exchange
ds-threat-intelligence-exchangeRobert D. Diaz
 
Intelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and ResponseIntelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and ResponseEMC
 
bcs_sb_TechPartner_SAPlatform_Damballa_EN_v1a (2)
bcs_sb_TechPartner_SAPlatform_Damballa_EN_v1a (2)bcs_sb_TechPartner_SAPlatform_Damballa_EN_v1a (2)
bcs_sb_TechPartner_SAPlatform_Damballa_EN_v1a (2)Sam Kumarsamy
 
Splunk app for_enterprise_security
Splunk app for_enterprise_securitySplunk app for_enterprise_security
Splunk app for_enterprise_securityGreg Hanchin
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT securitySophos Benelux
 

Similar to Cisco amp for endpoints (20)

Cisco amp for networks
Cisco amp for networksCisco amp for networks
Cisco amp for networks
 
Cisco amp everywhere
Cisco amp everywhereCisco amp everywhere
Cisco amp everywhere
 
Cisco - See Everything, Secure Everything
Cisco - See Everything, Secure EverythingCisco - See Everything, Secure Everything
Cisco - See Everything, Secure Everything
 
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.
 
Cisco amp for meraki
Cisco amp for merakiCisco amp for meraki
Cisco amp for meraki
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint Security
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
 
Explore SOC (Security Operations Center)-based Interview Questions to Unlock ...
Explore SOC (Security Operations Center)-based Interview Questions to Unlock ...Explore SOC (Security Operations Center)-based Interview Questions to Unlock ...
Explore SOC (Security Operations Center)-based Interview Questions to Unlock ...
 
Telecom Network Incident Investigation Services - SecurityGen
Telecom Network Incident Investigation Services - SecurityGenTelecom Network Incident Investigation Services - SecurityGen
Telecom Network Incident Investigation Services - SecurityGen
 
SecurityGen Telecom network security assessment - legacy versus BAS (1).pdf
SecurityGen Telecom network security assessment - legacy versus BAS (1).pdfSecurityGen Telecom network security assessment - legacy versus BAS (1).pdf
SecurityGen Telecom network security assessment - legacy versus BAS (1).pdf
 
Security Gen's Telecom Security Monitoring Unleashes Unrivaled Protection.pdf
Security Gen's Telecom Security Monitoring Unleashes Unrivaled Protection.pdfSecurity Gen's Telecom Security Monitoring Unleashes Unrivaled Protection.pdf
Security Gen's Telecom Security Monitoring Unleashes Unrivaled Protection.pdf
 
Secure Horizons: Navigating the Future with Network Security Solutions
Secure Horizons: Navigating the Future with Network Security SolutionsSecure Horizons: Navigating the Future with Network Security Solutions
Secure Horizons: Navigating the Future with Network Security Solutions
 
SentinelOne Buyers Guide
SentinelOne Buyers GuideSentinelOne Buyers Guide
SentinelOne Buyers Guide
 
ds-threat-intelligence-exchange
ds-threat-intelligence-exchangeds-threat-intelligence-exchange
ds-threat-intelligence-exchange
 
Intelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and ResponseIntelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and Response
 
NetWitness
NetWitnessNetWitness
NetWitness
 
bcs_sb_TechPartner_SAPlatform_Damballa_EN_v1a (2)
bcs_sb_TechPartner_SAPlatform_Damballa_EN_v1a (2)bcs_sb_TechPartner_SAPlatform_Damballa_EN_v1a (2)
bcs_sb_TechPartner_SAPlatform_Damballa_EN_v1a (2)
 
Cisco NGFW AMP
Cisco NGFW AMPCisco NGFW AMP
Cisco NGFW AMP
 
Splunk app for_enterprise_security
Splunk app for_enterprise_securitySplunk app for_enterprise_security
Splunk app for_enterprise_security
 
The next generation of IT security
The next generation of IT securityThe next generation of IT security
The next generation of IT security
 

More from Cisco Canada

Cisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devopsCisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devopsCisco Canada
 
Cisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic frCisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic frCisco Canada
 
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco Canada
 
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dcCisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dcCisco Canada
 
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla nsCisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla nsCisco Canada
 
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco Canada
 
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec CiscoCisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec CiscoCisco Canada
 
Cisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybridesCisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybridesCisco Canada
 
Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018Cisco Canada
 
Cisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v finalCisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v finalCisco Canada
 
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2Cisco Canada
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco Canada
 
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Canada
 
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kineticCisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kineticCisco Canada
 
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Canada
 
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet OverviewCisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet OverviewCisco Canada
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Canada
 
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicingCisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicingCisco Canada
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Canada
 
Cisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zeroCisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zeroCisco Canada
 

More from Cisco Canada (20)

Cisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devopsCisco connect montreal 2018 net devops
Cisco connect montreal 2018 net devops
 
Cisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic frCisco connect montreal 2018 iot demo kinetic fr
Cisco connect montreal 2018 iot demo kinetic fr
 
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal VirtualizationCisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
Cisco connect montreal 2018 - Network Slicing: Horizontal Virtualization
 
Cisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dcCisco connect montreal 2018 secure dc
Cisco connect montreal 2018 secure dc
 
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla nsCisco connect montreal 2018 enterprise networks - say goodbye to vla ns
Cisco connect montreal 2018 enterprise networks - say goodbye to vla ns
 
Cisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse localeCisco connect montreal 2018 vision mondiale analyse locale
Cisco connect montreal 2018 vision mondiale analyse locale
 
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec CiscoCisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
Cisco Connect Montreal 2018 Securité : Sécuriser votre mobilité avec Cisco
 
Cisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybridesCisco connect montreal 2018 collaboration les services webex hybrides
Cisco connect montreal 2018 collaboration les services webex hybrides
 
Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018Integration cisco et microsoft connect montreal 2018
Integration cisco et microsoft connect montreal 2018
 
Cisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v finalCisco connect montreal 2018 compute v final
Cisco connect montreal 2018 compute v final
 
Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2Cisco connect montreal 2018 saalvare md-program-xr-v2
Cisco connect montreal 2018 saalvare md-program-xr-v2
 
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
Cisco connect montreal 2018 sd wan - delivering intent-based networking to th...
 
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
 
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kineticCisco Connect Toronto 2018 an introduction to Cisco kinetic
Cisco Connect Toronto 2018 an introduction to Cisco kinetic
 
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
Cisco Connect Toronto 2018 IOT - unlock the power of data - securing the in...
 
Cisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet OverviewCisco Connect Toronto 2018 DevNet Overview
Cisco Connect Toronto 2018 DevNet Overview
 
Cisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assuranceCisco Connect Toronto 2018 DNA assurance
Cisco Connect Toronto 2018 DNA assurance
 
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicingCisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicing
 
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco merakiCisco Connect Toronto 2018 the intelligent network with cisco meraki
Cisco Connect Toronto 2018 the intelligent network with cisco meraki
 
Cisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zeroCisco Connect Toronto 2018 sixty to zero
Cisco Connect Toronto 2018 sixty to zero
 

Recently uploaded

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Recently uploaded (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Cisco amp for endpoints

  • 1. © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 10 Data Sheet Cisco Advanced Malware Protection for Endpoints Product Overview Organizations today are under the constant threat of cyber attack, and security breaches happen every day. Cisco Advanced Malware Protection (AMP) for Endpoints is a cloud-managed endpoint security solution that provides the visibility, context and control to not only prevent cyber attacks, but also rapidly detect, contain, and remediate advanced threats if they evade front-line defenses and get inside—all cost-effectively, without affecting operational efficiency, and before damage can be done. AMP for Endpoints prevents attacks by providing the latest global threat intelligence to strengthen defenses, a built-in antivirus (AV) engine to detect and block attacks at point-of-entry, built-in sandboxing technology to analyze unknown files, and proactive protection capabilities that close attack pathways and minimize vulnerabilities. But if malware evades these prevention measures and gets inside, AMP for Endpoints continuously monitors and records all file activity to quickly detect malicious behavior, retrospectively alert security teams, and then provide deep visibility and a detailed recorded history of the malware’s behavior over time – where it came from, where it’s been, and what it’s doing. AMP can then automatically contain and remediate the threat. AMP protects endpoints running Windows, Mac OS, Linux, and mobile devices. Understand AMP for Endpoints in 4 minutes. Benefits include: ● Protection that goes beyond prevention: Cisco AMP for Endpoints goes beyond just preventing attacks. It analyzes files and traffic continuously. This capability helps enable retrospective security. You can look back in time and trace processes, file activities, and communications to understand the full extent of an infection, establish root causes, and perform remediation. The result: more effective, efficient, and pervasive protection for your organization. ● Monitoring that enables unmatched visibility: Cisco AMP for Endpoints offers more than retrospection. It introduces a new level of intelligence, linking and correlating various forms of retrospection into a lineage of activity available for analysis in real time. It can then look for patterns of malicious behavior from an individual endpoint or across the environment of endpoints. ● Advanced analysis that looks at behaviors over time: Cisco AMP for Endpoints provides automation through advanced behavioral detection capabilities that deliver a prioritized and collated view of top areas of compromise and risk. ● Investigation that turns the hunted into the hunter: Cisco AMP for Endpoints shifts activity from looking for facts and clues as part of an investigation to a focused hunt for breaches based on actual events like malware detections and behavioral indications of compromise (IoCs). ● Containment that is truly simple: Cisco AMP for Endpoints provides visibility into the chain of events and context that complements its dashboards and trajectory views. AMP provides the ability to target specific applications, files, malware, and other root causes. Breaking the attack chain is not only quick but also easy.
  • 2. © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 10 ● Dashboards that are actionable and contextual: Reports are not limited to event enumeration and aggregation. Cisco AMP for Endpoints’ actionable dashboards allow for streamlined management and faster response. (see Figure 1) ● Integrated platforms that work better together: Cisco AMP for Endpoints can be fully integrated with the Cisco AMP for Networks solution, and other AMP deployments, to further increase visibility and control across your organization. Figure 1. Actionable and Contextual Dashboards Increase Visibility, Context, and Control for Effective Security Organizations struggle to find a solution that can effectively address the full lifecycle of the advanced malware problem: providing protection, incident response, and remediation against the latest threats without overburdening the budget or sacrificing operational efficiency. Part of the challenge comes from a lack of continuity and intelligence between detection and blocking technologies and incident response and remediation technologies. Often, this lack of intelligence can leave an organization unaware of the full extent and depth of an outbreak, which cause incident response and remediation efforts to begin well after an outbreak. In addition, lack of continuity can cause infected systems and root causes to be missed during these efforts, leading to an endless cycle of reinfection. As a result, security professionals often lack visibility into the scope of advanced malware in their network, struggle to contain and remediate it after an outbreak, and cannot address fundamental questions, including: ● What was the method and point of entry? ● What systems were affected? ● What did the threat do? ● Can we stop the threat and eliminate the root cause? ● How do we recover from the attack? ● How do we prevent it from happening again?
  • 3. © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 10 Cisco AMP for Endpoints Discovers, Analyzes, Blocks, and Remediates Advanced Malware Preventative security tools alone will never be 100 percent effective at preventing all attacks. It takes only one threat that evades detection to compromise your environment. Using targeted context-aware malware, sophisticated attackers have the resources, expertise, and persistence to outsmart preventative defenses and compromise any organization at any time. Furthermore, prevention tools (or “point-in-time” detection tools) are completely blind to the scope and depth of a breach after it happens, rendering organizations incapable of stopping an outbreak from spreading or preventing a similar attack from happening again. Cisco AMP for Endpoints can prevent attacks, but goes beyond just prevention to deliver continuous monitoring, detection, and response if malware gets inside. It delivers a lattice of detection capabilities combined with big data analytics to continuously analyze files and traffic on endpoints to determine if advanced malware is present (Figure 2). Sophisticated machine-learning techniques evaluate more than 400 characteristics associated with each file to analyze and block advanced malware. The combination provides protection that goes beyond traditional defenses. Retrospective security, the ability to roll back time on attacks, can detect and alert you to files that become malicious after the initial point of entry. Figure 2. Prevention (or “Point-In-Time Detection”) Tools Compared with Continuous Analysis and Retrospective Security
  • 4. © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 10 See More Than Ever Before and Control Advanced Malware Today’s malware is more sophisticated than ever. Evolving quickly, it can evade discovery after it has compromised a system while providing a launching pad for a persistent attacker to move throughout an organization. Sleep techniques, polymorphism, encryption, and use of unknown protocols are just some of the ways that malware can hide from view. The continuous analysis and retrospective security features of Cisco AMP for Endpoints let you uncover elusive malware and help you answer the following key questions in the battle against advanced threats. ● What was the method and point of entry? What systems were affected? Powerful innovations like file trajectory and device trajectory (Figure 3) use AMP’s big data analytics and continuous analysis capabilities to show you the systems affected by malware, including patient zero and the root causes associated with a potential compromise. These capabilities help you quickly understand the scope of the problem by identifying malware gateways and the path that attackers are using to gain a foothold into other systems. Figure 3. Deep Analysis with Device Trajectory
  • 5. © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 10 ● What did the threat do? Cisco AMP for Endpoints File Analysis (Figure 4), backed by the Talos Security Intelligence and Research Group and powered by AMP’s built-in sandboxing technology (Threat Grid), provides a safe, highly secure sandbox environment for you to analyze the behavior of malware and suspect files. File analysis produces detailed information on file behavior, including the severity of behaviors, the original filename, screenshots of the malware executing, and sample packet captures. Armed with this information, you’ll have a better understanding of what is necessary to contain the outbreak and block future attacks. Figure 4. File Analysis Device trajectory further aids a quick analysis of threat activity on a computer by tracking file and network activity at the endpoint in chronological order. You gain complete visibility into the events that occurred leading up to and following a compromise, including parent processes, connections to remote hosts, and unknown files that may have been downloaded by malware. Indications of compromise (IoCs) are often subtle and require immediate investigation before they are erased or an attacker moves on. With the Cisco AMP for Endpoints Search, security teams can quickly hunt down the scope of exposure to an attack with simple but flexible search capabilities that immediately present results without the need to scan and pull data from endpoints.
  • 6. © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 10 ● Can we stop the threat and root causes? Can we prevent it from happening again? Cisco AMP for Endpoints Outbreak Control gives you a suite of capabilities to effectively stop the spread of malware and malware-related activities, like call-back communications or dropped file execution, without waiting for updates from your security vendor. This gives you the power to move directly from investigation to control with a few mouse clicks, significantly reducing the time a threat has to spread or do more damage and the time it normally takes to put controls in place. Furthermore, AMP can automatically remediate systems without a full scan. The technology continuously cross-references files analyzed in the past against the latest threat intelligence and quarantines any files previously deemed clean or unknown that are now known to be a threat. Protect PCs, Macs, Linux, Mobile Devices and the Network Cisco AMP for Endpoints protects you against advanced malware and increases security intelligence across all endpoints - PCs, Macs, Linux, and mobile devices. Its lightweight connector architecture uses big data analytics, which simplifies defense-in-depth requirements to address advanced malware. Furthermore, Cisco AMP for Endpoints integrates with Cisco AMP for Networks, and other AMP deployments, to deliver comprehensive protection through a single pane of glass and across extended networks and endpoints. Now, using continuous analysis, retrospective security, and multisource indications of compromise, you can identify stealthy attacks that manage to traverse from the endpoint to inline at the network level, correlate those events for faster response, and achieve greater visibility and control. Scale Up Protection for the Enterprise AMP is optimized for the enterprise. In terms of privacy, all Cisco AMP for Endpoints connectors use metadata for analysis. Actual files are not needed and not sent to the cloud for analysis. For organizations with high privacy requirements, a private cloud option is also available. This single on-premises solution delivers comprehensive advanced malware protection using big data analytics, continuous analysis, and security intelligence stored locally on premises. As for manageability, the Cisco AMP for Endpoints console interface provides complete management, deployment, policy configuration, and reporting for Windows systems, Mac systems, Linux systems, and mobile devices. As for performance, Cisco AMP for Endpoints deployed on PCs, Macs, Linux, and mobile devices use lightweight connector architectures, requiring less storage, computation, and memory than other security solutions, speeding protection against attacks. Gain Truly Comprehensive Security Intelligence Cisco AMP for Endpoints is built on big data and unmatched security intelligence. The Cisco Talos Security Intelligence and Research Group, and AMP Threat Grid threat intelligence feeds, represent the industry’s largest collection of real-time threat intelligence with the broadest visibility, largest footprint, and ability to put it into action across multiple security platforms. This data is then pushed from the cloud to the AMP for Endpoints client so that you have the latest threat intelligence at all times. The integration of our Threat Grid sandboxing technology into AMP for Endpoints also provides over 700 unique behavioral indicators that evaluate the actions of a file submission, not just its structure, providing insight to unknown malware including associated HTTP and DNS traffic, TCP/IP streams, processes it’s affecting, and registry activity.
  • 7. © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 7 of 10 Threat Grid also provides users with context-rich, actionable content everyday - more than 8 million samples are analyzed each month resulting in billions of artifacts. And finally, Threat Grid’s highly accurate content feeds, delivered in standard formats to seamlessly integrate with existing security technologies, enable organizations to generate context-rich intelligence specific to their organization. Cisco AMP Leads in Third-Party Test Cisco is the leader in NSS Labs’ Breach Detection Systems Report for the third year in a row, according to the 2016 NSS Labs Breach Detection Systems Comparative Analysis Report. The 2016 NSS Labs comparative product test provides the details on how Cisco AMP achieved: ● 100% Security Effectiveness rating-the highest of all vendors tested ● Only vendor to detect and block 100% of malware, exploits, and evasion techniques during testing ● Fastest time to detection of all vendors tested ● Excellent performance with minimal impact on endpoint or application latency Table 1 highlights the best-in-class capabilities of Cisco AMP for Endpoints. Table 2 lists the software requirements. Table 1. Features and Benefits of Cisco AMP for Endpoints Feature Benefits Continuous analysis Once a file lands on the endpoint, AMP for Endpoints continues to watch, analyze, and record all file activity, regardless of the file’s disposition. When malicious behavior is detected, AMP shows you a recorded history of the malware’s behavior over time: where it came from, where it’s been, and what it’s doing. This helps you scope the compromise and quickly respond. Continuous analysis in 4 minutes. Retrospective security Retrospective security is the ability to look back in time and trace processes, file activities, and communications in order to understand the full extent of an infection, establish root causes, and perform remediation. The need for retrospective security arises when any IoC occurs, such as an event trigger, a change in the disposition of a file, or an IoC trigger. Dashboards Gain visibility into your environment through a single pane of glass - with a view into hosts, devices, applications, users, files, and geolocation information, as well as advanced persistent threats (APTs), threat root causes, and other vulnerabilities - to provide a comprehensive contextual view so that you can make informed security decisions. Comprehensive global threat intelligence Cisco Talos Security Intelligence and Research Group, and Threat Grid threat intelligence feeds represent the industry’s largest collection of real-time threat intelligence with the broadest visibility, the largest footprint, and the ability to put it into action across multiple security platforms. Indications of compromise File, telemetry, and intrusion events are correlated and prioritized as potentially active breaches, helping security teams to rapidly identify malware incidents and connect them to coordinated attacks. File reputation Advanced analytics and collective intelligence are gathered to determine whether a file is clean or malicious, allowing for more accurate detection. Antivirus Engine Perform offline and system-based detections, including rootkit scanning, to complement Cisco’s advanced endpoint protection capabilities such as local IOC scanning, and device and network flow monitoring. The engine can be enabled and used by customers that want to consolidate their antivirus and advanced endpoint protection in one agent. File analysis and sandboxing A highly secure environment helps you execute, analyze, and test malware behavior in order to discover previously unknown zero-day threats. Integration of Threat Grid’s sandboxing technology into AMP for Endpoints results in more dynamic analysis checked against a larger set of behavioral indicators. Retrospective detection Alerts are sent when a file disposition changes after extended analysis, giving you awareness and visibility to malware that evaded initial defenses. File trajectory Continuously track file propagation over time throughout your environment in order to achieve visibility and reduce the time required to scope a malware breach. Device trajectory Continuously track activity and communication on devices and on the system level to quickly understand root causes and the history of events leading up to and after compromise. Elastic search A simple, unbounded search across file, telemetry, and collective security intelligence data helps you quickly understand the context and scope of exposure to an IoC or malicious application.
  • 8. © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 10 Feature Benefits Endpoint search A simple interface to easily and quickly search across all endpoints looking for artifacts left behind as part of the malware ecosystem, extending search capabilities beyond data stored in the cloud to the endpoint itself. Low prevalence executables Display all files that have been executed across your organization, ordered by prevalence from lowest to highest, to help you surface previously undetected threats seen by a small number of users. Files executed by only a few users may be malicious (such as a targeted advanced persistent threat) or questionable applications you may not want on your extended network. Endpoint IoCs Users can submit their own IoCs to catch targeted attacks. These Endpoint IoC’s let security teams perform deeper levels of investigation on lesser known advanced threats specific to applications in their environment. Vulnerabilities Identify vulnerable software and close attack pathways. This feature shows a list of hosts that contain vulnerable software, a list of the vulnerable software on each host, and the hosts most likely to be compromised. Powered by our threat intelligence and security analytics, AMP identifies vulnerable software being targeted by malware, shows you the potential exploit, and provides you with a prioritized list of hosts to patch. Command Line Visibility This feature provides visibility into what command lines arguments are used to launch executables. See into command line arguments to determine if legitimate application, including Windows utilities, are being used for malicious purposes. For instance, see if vssadmin is being used to delete shadow copies or disable safe boots; get visibility into PowerShell- based exploits; see into privilege escalation, modifications of access control lists (ACLs), and attempts to enumerate systems. Application Programming Interface (API) With a bi-directional (read and write) API enabled on AMP for Endpoints, users can more easily integrate with third- party security tools and SIEMs, and access data and events in their AMP for Endpoints account without the need to log into the management console. Outbreak control Achieve control over suspicious files or outbreaks, and quickly and surgically control and remediate an infection without waiting for a content update. Within the outbreak control feature, simple custom detections can quickly block a specific file across all or selected systems; advanced custom signatures can block families of polymorphic malware; application blocking lists can enforce application policies or contain a compromised application being used as a malware gateway and stop the re-infection cycle; custom whitelists will help ensure that safe, custom, or mission-critical applications continue to run no matter what; and device flow correlation will stop malware call-back communications at the source, especially for remote endpoints outside the corporate network. Integration with Threat Grid The integration of Threat Grid’s sandboxing technology and advanced malware analysis capabilities into AMP for Endpoints provides over 700 unique behavioral indicators analyzing the actions of a file, easy to understand threat scores, and billions of malware artifacts at your disposal for unmatched scale and coverage from global threats. No need to deploy a sandbox from a third party or worry about any type of outside integration. Integration with Cognitive Threat Analytics (CTA) Get agentless detection when AMP for Endpoints is deployed alongside a compatible web proxy, like Cisco WSA, or a third-party web proxy like Blue Coat ProxySG. See an average 30% more infections across your environment; uncover file-less or memory-only malware, and infections that live in a web browser only; catch malware before it compromises the OS-level; get visibility into devices with no AMP for Endpoints connector installed; see CTA detection events in the AMP for Endpoints management console. Support Disconnected Mode If an AMP for Endpoints Connector does not have access to the cloud, then all activities which are normally tracked and recorded to the cloud are instead cached on the endpoint until such time that the Connector establishes a connection to the AMP Cloud. It will then transmit all cached activity thereby removing a blind spot during that time the Connecter was disconnected. (coming January 2017) Currently, the connector sends hash information over the internet when it does not have corporate network access. AMP Private Cloud Virtual Appliance AMP for Endpoints can be deployed as an on-premises, air-gapped solution built specifically for organizations with high-privacy requirements that restrict using a public cloud. Launch from AnyConnect v4.1 With a Cisco AnyConnect v4.1 remote access VPN client installed, users can elect to launch the AMP for Endpoints connector on that remote endpoint. This allows for a rapid expansion of endpoint threat protection to VPN-enabled endpoints and further minimizes the potential of an attack from a remote host. Gain more insight into remote endpoints, and accelerate remediation efforts during or after an attack.
  • 9. © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 9 of 10 Table 2. Software Requirements Cisco AMP for Endpoints ● Microsoft Windows XP with Service Pack 3 or later ● Microsoft Windows Vista with Service Pack 2 or later ● Microsoft Windows 7 ● Microsoft Windows 8 and 8.1 ● Microsoft Windows 10 ● Microsoft Windows Server 2003 ● Microsoft Windows Server 2008 ● Microsoft Windows Server 2012 ● Mac OS X 10.7 and later ● Linux Red Hat 6.5 and 6.6 ● Linux CentOS 6.4, 6.5, and 6.6 Cisco AMP for Endpoints on Android mobile devices ● Android version 2.1 and later Platform Support and Compatibility Cisco AMP for Endpoints includes Cisco AMP for Endpoints licenses and subscriptions (1, 3, and 5 year options) and the lightweight connector. Cisco AMP for Endpoints is compatible with Cisco AMP for Networks and other AMP deployments. Cisco AMP for Endpoints can also be launched from Cisco AnyConnect v4.1 on remote endpoints. Warranty Information Find warranty information on the Cisco.com Product Warranties page. Ordering Information Cisco AMP for Endpoints can be ordered using the appropriate License and Subscription part numbers: 1. Begin by searching for the AMP for Endpoints license part number: FP-AMP-LIC= 2. Enter the quantity that equals the number of AMP for Endpoints connectors that are being purchased 3. After the number is entered, the correct Subscription part number will be auto-selected. A 1-year subscription is the default 4. AMP for Endpoints accounts are term-based subscriptions of 1, 3, or 5 years. Terms of 3 or 5 years will require editing the Service/Subscription term for the FP-AMP-LIC= part number Figure 5 shows the structure of the AMP for Endpoints part numbers. Figure 5. Example of AMP for Endpoints Subscription Part Number
  • 10. © 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 10 of 10 To place an order, visit the Cisco Ordering Home Page, contact your Cisco sales representative, or call us at 800 553-6387. Cisco Capital Financing to Help You Achieve Your Objectives Cisco Capital can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce CapEx, accelerate your growth, and optimize your investment dollars and ROI. Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment. And there’s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more. For More Information For more information, please visit the following link: ● Cisco AMP for Endpoints Printed in USA C78-733181-08 11/16