discover the threats you’ve been missing with advanced ... · kristyanne patullo consulting...
TRANSCRIPT
Kristyanne Patullo
Consulting Systems Engineer – Advanced Threats Group
October 5, 2018
Discover the Threats You’ve Been Missing with Advanced Endpoint Protection
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential2
Traditional AV is not enough to defend against today’s threat landscape
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Network threats are getting smarter
Industry average
detection time for
a breach
Industry average
time to contain
a breach
Average
cost of a
data breach
Motivated and targeted adversaries
Insider ThreatsIncreased attack
sophistication
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Endpoints continue to be the primary point of entry for attacks
Gaps in protection
65%of organizations say
attacks evaded existing
preventative tools
Gaps in Visibility
55%of organizations are
unable to determine
cause of breach
User error
48%of attackers bypass
endpoint defenses
because of user error
70% of breaches start on endpoint devices
Why?
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
An encryption tipping point
Web Traffic 2019
>80% encrypted
>55% encrypted
May 2017
Source: Gartner
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
New threat landscape
New attack vectors• Employees browsing over HTTPS: Malware infection, covert channel with command and control server,
data exfiltration
• Employees on internal network connecting to DMZ servers: Lateral propagation of encrypted threats
cannot detect
malicious content in
Encrypted Traffic
of attackers used
encryption to
evade detection
of organizations
have been victims
of a cyber attack
41%81% 64%
Source: Ponemon report, 2016
38%
62%
Organizations are at risk
Do not decrypt Decrypt
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
A few reasons traditional AV is not enough:
• Gaps in protection between
updates
• Limited amount of signatures
• Little or no Endpoint Detection and
Response capabilities
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential8
Evolve with the Threat Landscape:Cisco AMP for Endpoints
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Many endpoint solutions claim to block 99% of
threats
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
But what about the of threats they’re missing?1%
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Software-as-a-Service (Subscription)
Cloud managed (no infrastructure to
manage)
AMP for Endpoints lightweight connector
Protects Windows, Mac, Linux, Android,
iOS
Option of cloud or private cloud deployment
AMP Everywhere integrated architecture
AMP for Endpoints Next Generation Endpoint Security
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential12
Eliminate Blind Spots
The network and endpoint,
working together across all
operating systems
Discover Unknown Threats
With proactive threat hunting
Stop Malware
Using multiple detection and
protection mechanisms
Uncover the 1% with Cisco AMP for Endpoints
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
Prevent DetectReduce Risk
• Cloud Threat Intelligence
• Antivirus
• Fileless malware detection (Exploit Prevention)
• Client Indicators of Compromise
• System Process Protection
• Static analysis
• Sandboxing
• Malicious Activity Protection
• Machine learning
• Device flow correlation
• Cloud Indicators of Compromise
• Vulnerable software
• Low prevalence
• Proxy log analysis (CTA)
AMP for Endpoints – Protection Lattice
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential14
Dynamic analysis and sandboxingExecute, analyze, and test malware behavior in order to discover previously unknown zero-day threats
AMP for Endpoints Threat GridAnalysis Report
Suspicious File
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Partner Confidential
DNS Email WebNetworkEdge Endpoint
Talos and the AMP Cloud
Exceptional threat intelligence,
across endpoint, network, and
web shared with a global
integrated community
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential16
See once, block everywhereShare intelligence across network, web, email, and endpoints to see once, block everywhere.
NGIPS CES/ESA WSA/SIGISRNGFW Endpoint
Talos Threat GridAMP Cloud
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential17
Where did the malware come from?
Where has the malware been?
What is it doing?
How do we stop it?
Endpoint Detection & Response
What happened?
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential18
Threat hunting
One click remediation
Intelligence correlation
Perform in-depth investigations
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential19
In Summary - Cisco’s Approach
• See the missed 1% - Visibility and Threat Hunting• See across endpoint, web, email, network, etc
• Can be the difference between hours, weeks, months, news/financial loss
• Work together as one• Share Threat Intelligence, Event Data, Policy Information, and Contextual Awareness across the
infrastructure
• Best of Breed Prevention – 99.X%• Stop everything you can, everywhere you can
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Confidential20
Demo Time!