CISCO AMP for terminals, prevents attacks and blocks Malware at the point of entry.Maria Cruz Alcocer
CISCO AMP for terminals, prevents attacks and blocks Malware at the point of entry
AMP for terminals offers complete protection against the most advanced attacks. Not only does it prevent gaps and block malware at the point of entry, it also detects, slows and puts a quick solution to threats if they bypass the front-line defenses and get sneaky.
If something finally gets through, AMP provides continuous monitoring and threat detection to quickly detect malicious behavior and response capabilities to quickly contain and eliminate threats before they occur.
To prevent attacks, Talos’s global threat intelligence strengthens its defenses. File signatures, partial fingerprint matches, and other detection systems are used to block malware at the point of entry.
We know that you can not always avoid all attacks and that some advanced malware could be introduced. In this case, AMP continuously records and analyzes all file, process and communications activity at its terminals to quickly detect threats. This continuous recording and analysis provides security teams with a holistic view of the activity in all its terminals including Windows, Mac, Linux and mobile devices.
AMP shows you all the history of the events registered in the system.
This allows what we call a retrospective security. It’s about going back in time to see everything that happened during the attack, which offers a deep level of visibility, context and control to detect attacks quickly, measure the threat and remedy the malware before it causes significant damage.
When it comes to malware, time is everything.
The average detection time in the sector is 100 days. AMP can detect malware in hours or even minutes.
From the AMP browser management console, you can protect your organization. Threat indications help you identify attacks before they fully materialize. AMP automatically correlates file events with malicious behavior to discover and prioritize coordinated attacks.
Traceability shows you the entire history of a threat on a device. The source of the threat, which causes affected applications, main processes, connections to remote hosts and unknown files downloaded by malware. Traceability allows switching between the display of a terminal and that of all terminals to see the machines affected by the threat. File analysis extracts information from the integrated sandbox with Threat Grid technology to show even more details such as threat scores, behavioral indicators, screenshots of malware execution and sample packet captures. The control of outbreaks allows to stop the advance of the malware automatically with a few clicks of the mouse.
For example, if you see malware in a terminal and you want to stop its execution in all the terminals of the network, just click with the right button and add it to a block list to put the file in quarantine and stop its execution in all the terminals. terminals. The low prevalence shows files in all the terminals that have gone unnoticed and that only a few users have executed. This allows you to further analyze these files to find out if they are malicious.
The vulnerable software function
t shows all the software on your terminals that is currently vulnerable to malware so you can fix it quickly.
AMP continuously crosses the files analyzed in the past with the intelligence of the most recent threats and quarantines files that were previously considered safe or unknown, but that are now known to be a threat.
AMP for terminals is part of the integrated security ecosystem that CISCO has designed to protect you.
Finally, in AMP for terminals it is not a product for specific moments and lacking synchronization. Includes an API to synchronize it with other security tools or SEM.
Threat information is shared and correlated between the AMPs for terminals in the network IPS, firewall, web proxies, mail gateways … In this way, if a threat is detected in one place, all others are protected.
Some of these capabilities allow:
make better security decisions,
speed up investigations,
simplify the management of terminal security and
greatly reduce the time to detect, contain and remedy malware.
It may seem that this involves a lot of analysis in the terminals, however, all these analyzes are done in the cloud. The consumption of resources that affects users and disables equipment is a thing of the past. The cloud and terminals communicate through the light AMP connector. It has no visible effects for users.