Archiv für das Monat: November, 2019

By Gedeon Hombrebueno As evasive and complex as today’s threats have become, it’s no wonder security professionals in organizations of all sizes are ripping out their legacy antivirus completely in favor of Endpoint Protection Platforms (EPP) and Endpoint Detection and Response (EDR) technologies. Endpoint Protection Platform (EPP) delivers next generation antivirus that stops today’s complex attacks. Endpoint Detection and Response (EDR) offers more advanced capabilities like detecting and investigating security incidents, and the ability to remediate endpoints quickly. The question then becomes, which should you choose? And why can’t you have both?
We believe you can AND we believe it should simplify your security operations. That’s why we’ve brought EPP and EDR capabilities together in a single cloud-delivered solution called Cisco® Advanced Malware Protection (AMP) for Endpoints. It is relentless at stopping breaches and blocking malware, then rapidly detects, contains, and remediates advanced threats that evade front-line defenses. Moreover, it’s easy to deploy, easy to use and leverages your existing security investments to help you address threats beyond the endpoint. That’s what we call relentless breach defense and here’s three ways Cisco AMP for Endpoints does this.
#1. Block threats. Before they target you.
How effective you are at protecting your endpoints really depends on how good the threat intelligence you’re acting on. That’s why at Cisco, we employ machine learning and automation to spot malware activity fast, malware attack prevention to block ransomware, exploit prevention to stop fileless malware and a variety of other protection engines fueled by Cisco Talos, the largest non-governmental threat intelligence group on the planet. We find more vulnerabilities than other vendors and push out protection before the bad guys can exploit them, giving you an advantage. And because we’re Cisco, Talos sees more network traffic than anyone else. Whether a threat begins on the Internet, in an email, or on someone else’s network. Our cloud-based global telemetry sees a threat once, anywhere in the world, and blocks it everywhere, across our endpoint ecosystem and our entire security platform.
#2. Know everything. About every endpoint.
We simplify threat hunting and investigation with our newly announced endpoint detection and response (EDR)capabilities that automate advanced investigative queries across any or all of your endpoints. Whether you are doing an investigation as part of incident response, threat hunting, IT operations, or vulnerability and compliance, we get you the answers you need. We have preloaded scripts so you can leverage the expertise of our Talos threat hunters or even customize your own. These queries are organized in a catalog of common use cases, even aligning with the Mitre ATT&CK. We provide deeper visibility on what happened to any endpoint at any given time by taking a snapshot of its current state – you can think about this as a “freeze-framing” activity on a device right to the moment when something malicious was seen. And we continuously monitor and analyze the behavior of your endpoints, giving you the information you need to investigate and respond to the riskiest threats quickly and confidently. If a file that appeared clean upon initial inspection ever becomes a problem, we can provide a full history of the threat’s activity to catch, isolate, contain, and remediate at the first sign of malicious behavior.
#3. Respond completely. With security that works together.
Threats are not one dimensional and neither should your defenses be. That’s why we built our endpoint security with out-of-the-box integrations with the rest of the Cisco security platform to block, detect, investigate and respond to threats across your entire environment – not just your endpoints. With security that works together, we help you streamline your security operations, making security investigations faster and easier. You will get to the root cause fast, and automate actions to stop a threat in its tracks. We empower you to respond to attacks at the first sign of malicious behavior using one-click isolation of any endpoint, everywhere. Importantly, we have broader control beyond just the endpoint. We instrument our endpoint security to leverage threat intelligence from web, email, cloud and network security solutions; and multi-factor authentication integration for Zero-Trust, creating security defenses that work together for more effective protection and response against the most challenging threats with less time, effort, and cost to do so.
Channel your inner threat hunter: register for one of our Threat Hunting Workshops. You’ll get hands on experience threat hunting, investigating and responding to threats so you and be relentless at breach defense too.

The post Relentless Breach Defense Endpoint Protection Platform + Endpoint Detection and Response appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Jeff Reed At a time when cybercrime costs three times more than natural disasters globally1, the demands on security are constantly growing. Whether you’re asked to protect a workforce that roams anywhere, a workplace that is digitized, or workloads that run wherever, your disparate security solutions are creating discord and an untenable level of complexity.
At Cisco, we’ve been on a quest to change that, and we believe we’re uniquely positioned to redefine security. As you’re innovating to build your future, we’re innovating to keep it secure — by creating a comprehensive platform approach and continuously evolving our security technologies.
That’s why I’m excited today to share some of the recent innovations across our security portfolio. With a cloud-powered platform approach in mind, these enhancements are designed to break down silos between SecOps, NetOps, and ITOps and free up your time by:
Simplifying your firewalling experience with more consistent policy management with cloud-native environments and cloud-based logging.
Accelerating your cloud adoption with new secure web gateway and firewall services in the cloud, deployed through a single IPsec tunnel.
Future-proofing your security with an industry-validated zero-trust approach for your workforce, workloads, and workplace, while integrating threat context.
Simplifying your breach defense experience with more visibility and actions for threat response, plus new services delivered by Cisco experts to help augment your team.

Experience the future of firewalling
As you’re moving applications into the cloud, the NetOps‘ job is expanding to include cloud-native firewalls. Securing all control points across this multicloud environment should not feel like reinventing the wheel. We’re simplifying the experience and enabling NetOps to maintain consistent policies across firewalls, and into the cloud, starting with support for AWS, with more cloud providers roadmapped. Additionally, to help you easily maintain consistent policies as you’re adopting SD-WAN, we’ve simplified policy management for Meraki MX, one of our SD-WAN solutions. Just a few clicks, that’s all it takes to seamlessly harmonize policies across your hybrid environment.
We’re also improving visibility and making compliance easier with cloud-based logging for our NGFWs. This new capability aggregates and centralizes the on-prem and cloud logs so you can search, filter, and sort them, accelerating investigations while ensuring your organization complies with industry regulations.
The increased user connectivity to the cloud creates new demands for faster speeds, so we’re raising the bar with our appliances as well. The latest models of our NGFWs offer a 3X performance boost over previous appliances and optimize the performance-to-price ratio to keep your network — and business — running smoothly and securely.
Accelerate cloud adoption securely
To help you transition to the cloud successfully— and protect any user, anywhere they connect to the internet — while saving a considerable amount of resources, we’ve consolidated a broad range of security services into a single, cloud-delivered security solution and dashboard. Alongside DNS-layer security, CASB, and interactive threat intelligence services, we’ve added secure web gateway and firewall services to our cloud security solution to deliver deeper visibility and control over all ports and protocols, even encrypted web traffic.
The secure web gateway (full proxy) provides complete web traffic visibility, control, and protection — with capabilities like decrypting and scanning files on any site, filtering out inappropriate or malicious URLs, sandboxing unknown files, and blocking applications or app functions.
With this comprehensive set of functionalities, you can rely on us for the full security stack at smaller branches as you adopt SD-WAN. A single configuration in our networking product dashboards deploys DNS-layer security across hundreds of network devices, including SD-WAN. Additionally, a single IPsec tunnel deploys secure web gateway and firewall from any network device, including SD-WAN. Our integrated approach and Anycast routing can efficiently protect your branch users, connected devices, and application usage from all internet breakouts with 100% business uptime.
Secure access with a zero-trust approach
We have been working over the past year to create a more comprehensive zero-trust framework. Based on customer feedback, we focused on securing three key pillars: workforce, workloads, and workplace. We are thrilled that Forrester recognized our strides and named Cisco a leader in the recently released Forrester Wave among Zero Trust eXtended Ecosystem Platform Providers. As the analyst report noted, “Cisco excels in zero trust with a renewed and targeted focus … and is well-positioned as a prominent zero-trust player.”
We continue to innovate in this space and are reducing risks based on device trust by integrating our threat-detection capabilities with multi-factor authentication. The majority of breaches originate on the endpoint, but what if ITOps could establish trust in a user device before it’s allowed any access to sensitive resources? By safeguarding against vulnerable or compromised endpoints and blocking their access, you’ll be able to better detect and respond to malware threats as well as prevent data breaches.
Adopt breach defense everywhere
Taking endpoint defense one step farther, we added the ability to isolate an endpoint, which stops malware from spreading while giving SecOps time to remediate without losing forensics data, or simply giving ITOps time to troubleshoot an unknown issue. Making breach defense less overwhelming, endpoint isolation empowers incident investigators to uncover endpoint data that wasn’t available before — using advanced search with more than 300 query parameters, such as listing applications with high memory utilization.
Malware is also a growing problem at the network level because adversaries have learned to hide behind encrypted traffic. We’ve extended the capability to analyze encrypted traffic behavior into the cloud, providing higher fidelity of threat protection and enabling cryptographic compliance. At the same time, we’re simplifying investigations, giving you deeper visibility at multiple layers, and helping you respond quicker across different vectors by integrating network security analytics with our unified threat response application.
If you need help preparing for and responding to attacks, you can augment your team with our incident response services, now part of Talos. You know Talos as the team who’s constantly researching new threats on your behalf, and now they can integrate that intel even faster across our entire portfolio — benefitting not only retainer customers but everyone. For even leaner teams that need next-level support, we’re adding managed threat detection and response services to help you leverage your Cisco Security investments 24x7x365.
Several of these innovations are industry firsts, and we’re excited to offer customers new ways to better manage their growing business demands. I encourage you to take a closer look at these enhancements and discover how they can make your security an enabler rather than a barrier.
Get Started
Ready to experience for yourself how Cisco can simplify your experience, accelerate your success, and secure your future?
Simplify security and respond to threats with a few clicks using the free Cisco Threat Response application, available for all our solutions as part of our platform approach.
Experience the future of firewalling — see how easy it is to harmonize firewall policies with a free trial to Cisco Defense Orchestrator and learn more about the new Firepower Next-Generation Firewall.
Accelerate your cloud adoption, starting with a free trial of Umbrella, our comprehensive cloud-security solution.
Start with securing your workforce with a zero-trust approach using a Duo free trial.
Enable SecOps to detect, investigate, and respond to threats more efficiently with a free trial to Advanced Malware Protection (AMP) for Endpoints, and get better visibility into encrypted traffic with a free trial to Stealthwatch, our network traffic security analytics solution.
Augment your team and improve your readiness for attacks with Talos Incident Response and our managed security

Source:
1Allianz Risk Barometer, 2019

The post Securing Your Future by Innovating Today appeared first on Cisco Blogs.

Source:: Cisco Security Notice