Kristyanne Patullo

Consulting Systems Engineer – Advanced Threats Group

October 5, 2018

Discover the Threats You’ve Been Missing with Advanced Endpoint Protection

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential2

Traditional AV is not enough to defend against today’s threat landscape

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

Network threats are getting smarter

Industry average

detection time for

a breach

Industry average

time to contain

a breach

Average

cost of a

data breach

Motivated and targeted adversaries

Insider ThreatsIncreased attack

sophistication

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Endpoints continue to be the primary point of entry for attacks

Gaps in protection

65%of organizations say

attacks evaded existing

preventative tools

Gaps in Visibility

55%of organizations are

unable to determine

cause of breach

User error

48%of attackers bypass

endpoint defenses

because of user error

70% of breaches start on endpoint devices

Why?

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

An encryption tipping point

Web Traffic 2019

>80% encrypted

>55% encrypted

May 2017

Source: Gartner

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

New threat landscape

New attack vectors• Employees browsing over HTTPS: Malware infection, covert channel with command and control server,

data exfiltration

• Employees on internal network connecting to DMZ servers: Lateral propagation of encrypted threats

cannot detect

malicious content in

Encrypted Traffic

of attackers used

encryption to

evade detection

of organizations

have been victims

of a cyber attack

41%81% 64%

Source: Ponemon report, 2016

38%

62%

Organizations are at risk

Do not decrypt Decrypt

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

A few reasons traditional AV is not enough:

• Gaps in protection between

updates

• Limited amount of signatures

• Little or no Endpoint Detection and

Response capabilities

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential8

Evolve with the Threat Landscape:Cisco AMP for Endpoints

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

Many endpoint solutions claim to block 99% of

threats

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

But what about the of threats they’re missing?1%

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

Software-as-a-Service (Subscription)

Cloud managed (no infrastructure to

manage)

AMP for Endpoints lightweight connector

Protects Windows, Mac, Linux, Android,

iOS

Option of cloud or private cloud deployment

AMP Everywhere integrated architecture

AMP for Endpoints Next Generation Endpoint Security

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential12

Eliminate Blind Spots

The network and endpoint,

working together across all

operating systems

Discover Unknown Threats

With proactive threat hunting

Stop Malware

Using multiple detection and

protection mechanisms

Uncover the 1% with Cisco AMP for Endpoints

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

Prevent DetectReduce Risk

• Cloud Threat Intelligence

• Antivirus

• Fileless malware detection (Exploit Prevention)

• Client Indicators of Compromise

• System Process Protection

• Static analysis

• Sandboxing

• Malicious Activity Protection

• Machine learning

• Device flow correlation

• Cloud Indicators of Compromise

• Vulnerable software

• Low prevalence

• Proxy log analysis (CTA)

AMP for Endpoints – Protection Lattice

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential14

Dynamic analysis and sandboxingExecute, analyze, and test malware behavior in order to discover previously unknown zero-day threats

AMP for Endpoints Threat GridAnalysis Report

Suspicious File

© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential

DNS Email WebNetworkEdge Endpoint

Talos and the AMP Cloud

Exceptional threat intelligence,

across endpoint, network, and

web shared with a global

integrated community

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential16

See once, block everywhereShare intelligence across network, web, email, and endpoints to see once, block everywhere.

NGIPS CES/ESA WSA/SIGISRNGFW Endpoint

Talos Threat GridAMP Cloud

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential17

Where did the malware come from?

Where has the malware been?

What is it doing?

How do we stop it?

Endpoint Detection & Response

What happened?

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential18

Threat hunting

One click remediation

Intelligence correlation

Perform in-depth investigations

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential19

In Summary - Cisco’s Approach

• See the missed 1% - Visibility and Threat Hunting• See across endpoint, web, email, network, etc

• Can be the difference between hours, weeks, months, news/financial loss

• Work together as one• Share Threat Intelligence, Event Data, Policy Information, and Contextual Awareness across the

infrastructure

• Best of Breed Prevention – 99.X%• Stop everything you can, everywhere you can

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential20

Demo Time!