As the world has become ever-more connected, the risk of cyberattack has risen dramatically. Simply being connected to the internet is enough to open any organisation to the huge amount of malware that lurks online, just waiting to sniff out unsecured ports and invade networks to infect vital resources.
This means that today, an effective IT security strategy is as important as the strategies that drive businesses toward growth and prosperity.
But securing IT infrastructure against attack is a big job, because malware has advanced alongside the good guys’ protection and detection technologies to the point where attacks are targeted, multi-faceted, and able to slip past prevention tools like traffic inspection that guard entry points to the network. And once they’re in, it’s difficult for prevention tools to provide any visibility into what, exactly, that malware is doing.
This leaves organisations vulnerable, asking themselves “What’s next?”, and “Where to from here?”. And with breaches in the headlines on a regular basis, and each incident costing organisations in the millions of dollars (not to mention the reputational damage they do), they are urgent questions that need answers.
Part of that answer is, as you might expect, more advanced malware protection. Cisco, one of the world’s largest vendors of network hardware and a company on the cutting edge of network security, is tackling this specific problem with what it calls its “Advanced Malware Protection Solution”, abbreviated to AMP for Endpoints.
AMP for Endpoints offers more than just front-line protection against threats; it’s also able to deal with any that might get past those defenses by providing security professionals the necessary insight into what that malware is doing on the network, and offers the tools and controls needed to stop it in its tracks.
In essence, AMP for Endpoints provides organisations the kind of visibility into the origins and extent of an attack, while also giving them the tools needed to detect, contain, and remediate any threats that defeat the network’s perimeter defenses.
Here’s a little insight into how AMP handles attacks before, during and after.
Before
No security solution is complete without cloud intelligence that provides real-time threat monitoring, and for Cisco this is provided by their Talos Security Intelligence and Research Group.
Talos processes 1.5 million unique malware samples, blocks over 20 billion threats, scans 600 billion email messages, and monitors 16 billion web requests every day. The entire internet is made up of 1.8 billion websites, each with a good number of pages, and Talos monitors them all, processing over 120 billion URLs a day.
Talos, together with Cisco’s Umbrella Threat Intelligence technology, thus “sees” the entirety of the internet, 51 times each and every day, giving the organisation excellent visibility into what’s going on from a malware perspective.
This, coupled with automated intelligence feeds and threat intelligence sharing, gives Talos unprecedented insight into the threat landscape which its 250+ researchers use to help keep Cisco’s customers as safe as they can.
During
Should an attack get underway, AMP uses a combination of the cloud-based intelligence of Talos, known malware signatures, and Cisco Threat Grid’s “dynamic malware analysis technology” to detect and block malicious activity.
After
After an attack, AMP continuously monitors the network for anomalous activity that it’s aware of through its cloud-based intelligence, and which go against established policies. Should any be detected, AMP immediately notifies security teams with information as to where the malware originated, what it managed to do, and which systems were involved. It also makes the tools available that allow security teams to stop the malware in its tracks with just a few clicks.
Comparatively speaking
Cisco put out an infographic outlining what AMP for Endpoints does, and how it stacks up against solutions from competing providers. It’s included below for your reference.
For more information on Cisco and its products, you can contact the Cisco team at Tarsus Distribution by email, or call them on 011 531 1000.