Cisco seeks faster time to discovery for breaches, compromises

Cisco has announced security upgrades to cut the time compromises go unnoticed on endpoints, giving attackers less time to do damage if they get past preventive security measures.

Unveiled at the Cisco Partner Summit this week, the new AMP for Endpoints comes with a lightweight agent to gather data that is analyzed in the Cisco AMP cloud. This lifts the processing burden from customers’ infrastructure.

And the platform now includes an agentless feature for devices that can’t take an agent, such as visitors’ laptops.

In addition to the cloud version, the analytics part of the platform can also be purchased for deployment on customer premises in their own private clouds. Detection, analysis and recommended response are handled in the cloud and pushed to the endpoints.

AMP for Endpoints can be deployed as a standalone product to catch incursions or as part of a broader Cisco AMP architecture. As part of the broader architecture, it can share endpoint intelligence with telemetry from network control points, the network edge, email, Web and data centers to create a more holistic security environment, Cisco says.

AMP for endpoints continuously monitors and when an event pops up on the platform’s dashboard, clicking on the event reveals context about it – where did the event start, how long has it been in the environment and what can be done about it.

To help minimize the number of endpoint agents deployed, the AMP for Endpoints agent includes anti-virus so a separate anti-virus agent is unnecessary.

Part of the new AMP for Endpoint release includes agentless post-execution detection that monitors proxy logs for evidence of malicious activity and compromises. The analysis of the proxy logs is performed by the cloud-based analytics engine. When malware infects an endpoint and launches executables, the malicious actions of the executable can be picked up by analyzing the behaviors in the context of known bad behavior.

The main endpoint goal is reducing the time to detection of a breach or compromise and provide information about how to react, Cisco says.

Also at its partners’ conference, Cisco announced three new services customers can buy from either Cisco or its partners. These include deployment services, incident response if AMP discovers things they’ve never seen before. It also includes active threat analytics to monitor threat intelligence day to day.

+ MORE: 15 more useful Cisco sites +

In addition, Cisco is bundling security products into packages that address specific customer needs, and offers them at prices less than the sum of the individual products. The use cases include data center and access security.

IDG Insider


« Your very own canary for the wireless coal mine: Cape's new Wi-Fi monitor


Broadcom bids billions for Brocade in order to break it up »
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies


Do you think your smartphone is making you a workaholic?