1.
Addressing Advanced Web Threats
Next Generation Endpoint Security:
An Investment Checklist

2.
2© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Visibility and Control to Prevent, Detect, and Remediate
Advanced Malware Everywhere
When you buy a next-generation endpoint security solution, it should provide
the following must-have capabilities:
1. Cloud or on-premises deployment options, across multiple operating
systems
Cloud deployment of a next-gen endpoint security solution ensures flexibility,
easier management, scalability, and real-time threat intelligence delivery.
But sometimes organizations require an on-premises deployment to satisfy
stringent privacy requirements dictated by their industry, like in government or
finance. Your next-gen endpoint security solution should offer both options
for deployment.
Furthermore, every endpoint in the enterprise should be protected, whether
it’s a Windows PC, Mac, Linux system running on a server, or a mobile device.
No endpoint is immune to an advanced cyberattack. You need to ensure
that your next-gen endpoint security solution provides coverage for all of the
different types of endpoints used throughout the organization.
2. Prevention Capabilities
Prevention is your first line of defense. Preventing cyberattacks and blocking
malware at point-of-entry in real time is essential. To ensure the best possible
prevention, make sure your next-gen endpoint security solution provides the
following capabilities:
• Global Threat Intelligence – a team of threat hunters detecting the newest
threats and uncovering zero-days to keep you protected 24/7
• AV Detection – let your Next-Gen Endpoint Security solution do all the AV
heavy lifting and consolidate protection onto one lightweight agent
• Proactive Protection – identify and patch vulnerabilities, and analyze and
stop suspicious low-prevalence executables fast
3. Integrated Sandboxing Capabilities
Sandboxing is essential for static and dynamic analysis of unknown files. Don’t
settle for a third-party sandboxing product that must work alongside your
endpoint security solution. Sandboxing should be built-into, and fuly integrated
with, your next-gen endpoint security solution. Submitting suspicious files
to the sandbox should be easy and seamless, and not require multiple
management systems.
4. Continuous Monitoring and Recording
No prevention method will ever be 100% effective. Advanced malware can
get into your endpoints, and if you have no visibility into what files are doing on
your endpoints, you’ll be blind to the presence of a potential compromise.
Therefore a next-gen endpoint security solution must watch everything on
all of your endpoints (on and off the corporate network) at all times so you
can quickly spot malicious intrusions and stop them quickly. It must provide
continuous monitoring of all files on every endpoint, regardless of file
disposition, and record the activity of those files so you can quickly access
the recorded history of those files and quickly scope a compromise from start
to finish. This continuous monitoring will provide the ability to spot malicious
behavior and indications of compromise when they happen, giving you the
visibility into where malware came from, where it’s been, what it’s doing, and
how to stop it - before damage can be done.
5. Rapid Time to Detection
The industry average to detect a breach after it occurs is 100 days. That’s
more than enough time for malware to infiltrate your organization and exfiltrate
confidential information. Your next gen endpoint security solution should
be able to speed up your time to detection and spot threats in hours or
minutes, not days, weeks or months. It can do this by continuously watching
and correlating data, file activity and communications across all endpoints;
using the most up-to-date indications of compromise (IoCs) and the most
behavioral indicators; and prioritizing threat alerts so you are always resolving
the most pervasive threats first.
6. Agentless Detection
Sometimes an organization cannot install an endpoint agent on every single
endpoint throughout the enterprise, or they would like visibility into devices
that do not have an operating system that can support an endpoint agent.
Also, some malware is file-less and might not be visible to an endpoint agent.
Therefore, your next-gen endpoint security solution should provide agentless
Next Generation Endpoint Security:
An Investment Checklist

3.
3© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Visibility and Control to Prevent, Detect, and Remediate
Advanced Malware Everywhere
detection. Make sure it can uncover file-less or memory-only malware, catch
malware before it compromises the OS-level, get visibility into devices where
no agent is installed, and be able to manage all of it throught the next-gen
endpoint security solution’s management console, without the need to deploy
a third-party product that would add yet another management console for the
security team to manage.
7. Easy, streamlined management interface for efficient decision-making
Organizations face a myriad of attacks each day, often more than they can
handle or triage efficiently or effectively. Many security teams are simply
buried in security alerts each day. They need security solutions that are easy
to use and help them make fast and informed decisions.
Look for a next-gen endpoint security solution with an easy-to-use
management interface that even a tier 1 analyst can use. Make sure that the
interface allows you to quickly assess the health and state of your security
deployment at both a macro and micro level. Make sure that the workflow to
address a malware intrusion is seamless, intuitive and flexible, allowing you to
triage, manage, and respond to possible breaches fast and effectively. Make
sure to request a video or guided demonstration of the security tool to ensure
that it is easy for you and your team to use.
8. Simple, Automated Response
Responding to a cyberattack can be difficult and time-consuming. After a
breach, many security teams might not have the tools to rapidly respond and
remediate. Some reach out to costly third parties to do the work for them.
Your next-gen endpoint security solution should enable you to respond and
remediate threats quickly and comprehensively, without the need to engage
with an outside vendor. Make sure the solution can accelerate investigations
and reduce management complexity by searching across all endpoints
for IoC’s and malware artifacts; easily connect the dots on a malware
compromise, from start to finish, across all endpoints and the network; and
systemically respond to and remediate malware across PCs, Macs, Linux, and
mobile devices - automatically or with just a few clicks.
9. Not just a siloed point product but rather part of a larger integrated
security architecture
Many vendors offer endpoint security products that are just that - point-
products. These products are not integrated with other security tools, and
when deployed, simply add to the mixed bag of security products from
multiple vendors used throughout the enterprise. Many organizations use
upwards of 60 different security tools. Each product has its own management
system and displays information in different ways. This requires more people
to operate and makes it harder to decipher threat information, connect the
dots to understand the full scope of an attack, and respond quickly. Juggling
all of these siloed tools will slow you down.
Instead, your next-gen endpoint security solution should provide the ability to
achieve a more integrated threat defense, whereby every security tool in your
arsenal can work together to fight threats systemically. Make sure that your
next-gen endpoint security solution can be deployed as part of an integrated
system of security technologies that can work together to close security
gaps and detect threats faster across your entire security ecosystem - from
endpoint to network, email, and web. Threat information and event data
should be shared and correlated across all security tools, and communicated
to the security team in common formats.
A Next-Gen Endpoint Security Solution that
meets the checklist: Cisco AMP for Endpoints
Cisco AMP for Endpoints is a cloud-managed endpoint security solution that
provides the visibility, context and control to not only prevent cyberattacks,
but also rapidly detect, contain, and remediate advanced threats if they evade
front-line defenses and get inside—all cost-effectively, without affecting
operational efficiency, and before damage can be done. To learn more, visit:
• AMP for Endpoints Webpage • AMP for Endpoints Overview Video
• AMP for Endpoints Demo Video • AMP for Endpoints Data Sheet
• AMP Customer Testimonial • AMP Proof of Value Program
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks.
Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) C11-735641-01 12/16