Addressing Advanced Web Threats

Next Generation Endpoint Security:An Investment Checklist

2© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.

Visibility and Control to Prevent, Detect, and Remediate Advanced Malware Everywhere

When you buy a next-generation endpoint security solution, it should provide the following must-have capabilities:

1. Cloud or on-premises deployment options, across multiple operating systems

Cloud deployment of a next-gen endpoint security solution ensures flexibility, easier management, scalability, and real-time threat intelligence delivery. But sometimes organizations require an on-premises deployment to satisfy stringent privacy requirements dictated by their industry, like in government or finance. Your next-gen endpoint security solution should offer both options for deployment.

Furthermore, every endpoint in the enterprise should be protected, whether it’s a Windows PC, Mac, Linux system running on a server, or a mobile device. No endpoint is immune to an advanced cyberattack. You need to ensure that your next-gen endpoint security solution provides coverage for all of the different types of endpoints used throughout the organization.

2. Prevention Capabilities

Prevention is your first line of defense. Preventing cyberattacks and blocking malware at point-of-entry in real time is essential. To ensure the best possible prevention, make sure your next-gen endpoint security solution provides the following capabilities:

• Global Threat Intelligence – a team of threat hunters detecting the newest threats and uncovering zero-days to keep you protected 24/7

• AV Detection – let your Next-Gen Endpoint Security solution do all the AV heavy lifting and consolidate protection onto one lightweight agent

• Proactive Protection – identify and patch vulnerabilities, and analyze and stop suspicious low-prevalence executables fast

3. Integrated Sandboxing Capabilities

Sandboxing is essential for static and dynamic analysis of unknown files. Don’t settle for a third-party sandboxing product that must work alongside your endpoint security solution. Sandboxing should be built-into, and fuly integrated with, your next-gen endpoint security solution. Submitting suspicious files

to the sandbox should be easy and seamless, and not require multiple management systems.

4. Continuous Monitoring and Recording

No prevention method will ever be 100% effective. Advanced malware can get into your endpoints, and if you have no visibility into what files are doing on your endpoints, you’ll be blind to the presence of a potential compromise.

Therefore a next-gen endpoint security solution must watch everything on all of your endpoints (on and off the corporate network) at all times so you can quickly spot malicious intrusions and stop them quickly. It must provide continuous monitoring of all files on every endpoint, regardless of file disposition, and record the activity of those files so you can quickly access the recorded history of those files and quickly scope a compromise from start to finish. This continuous monitoring will provide the ability to spot malicious behavior and indications of compromise when they happen, giving you the visibility into where malware came from, where it’s been, what it’s doing, and how to stop it - before damage can be done.

5. Rapid Time to Detection

The industry average to detect a breach after it occurs is 100 days. That’s more than enough time for malware to infiltrate your organization and exfiltrate confidential information. Your next gen endpoint security solution should be able to speed up your time to detection and spot threats in hours or minutes, not days, weeks or months. It can do this by continuously watching and correlating data, file activity and communications across all endpoints; using the most up-to-date indications of compromise (IoCs) and the most behavioral indicators; and prioritizing threat alerts so you are always resolving the most pervasive threats first.

6. Agentless Detection

Sometimes an organization cannot install an endpoint agent on every single endpoint throughout the enterprise, or they would like visibility into devices that do not have an operating system that can support an endpoint agent. Also, some malware is file-less and might not be visible to an endpoint agent. Therefore, your next-gen endpoint security solution should provide agentless

Next Generation Endpoint Security: An Investment Checklist

3© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.

Visibility and Control to Prevent, Detect, and Remediate Advanced Malware Everywhere

detection. Make sure it can uncover file-less or memory-only malware, catch malware before it compromises the OS-level, get visibility into devices where no agent is installed, and be able to manage all of it throught the next-gen endpoint security solution’s management console, without the need to deploy a third-party product that would add yet another management console for the security team to manage.

7. Easy, streamlined management interface for efficient decision-making

Organizations face a myriad of attacks each day, often more than they can handle or triage efficiently or effectively. Many security teams are simply buried in security alerts each day. They need security solutions that are easy to use and help them make fast and informed decisions.

Look for a next-gen endpoint security solution with an easy-to-use management interface that even a tier 1 analyst can use. Make sure that the interface allows you to quickly assess the health and state of your security deployment at both a macro and micro level. Make sure that the workflow to address a malware intrusion is seamless, intuitive and flexible, allowing you to triage, manage, and respond to possible breaches fast and effectively. Make sure to request a video or guided demonstration of the security tool to ensure that it is easy for you and your team to use.

8. Simple, Automated Response

Responding to a cyberattack can be difficult and time-consuming. After a breach, many security teams might not have the tools to rapidly respond and remediate. Some reach out to costly third parties to do the work for them.

Your next-gen endpoint security solution should enable you to respond and remediate threats quickly and comprehensively, without the need to engage with an outside vendor. Make sure the solution can accelerate investigations and reduce management complexity by searching across all endpoints for IoC’s and malware artifacts; easily connect the dots on a malware compromise, from start to finish, across all endpoints and the network; and systemically respond to and remediate malware across PCs, Macs, Linux, and mobile devices - automatically or with just a few clicks.

9. Not just a siloed point product but rather part of a larger integrated security architecture

Many vendors offer endpoint security products that are just that - point-products. These products are not integrated with other security tools, and when deployed, simply add to the mixed bag of security products from multiple vendors used throughout the enterprise. Many organizations use upwards of 60 different security tools. Each product has its own management system and displays information in different ways. This requires more people to operate and makes it harder to decipher threat information, connect the dots to understand the full scope of an attack, and respond quickly. Juggling all of these siloed tools will slow you down.

Instead, your next-gen endpoint security solution should provide the ability to achieve a more integrated threat defense, whereby every security tool in your arsenal can work together to fight threats systemically. Make sure that your next-gen endpoint security solution can be deployed as part of an integrated system of security technologies that can work together to close security gaps and detect threats faster across your entire security ecosystem - from endpoint to network, email, and web. Threat information and event data should be shared and correlated across all security tools, and communicated to the security team in common formats.

A Next-Gen Endpoint Security Solution that meets the checklist: Cisco AMP for EndpointsCisco AMP for Endpoints is a cloud-managed endpoint security solution that provides the visibility, context and control to not only prevent cyberattacks, but also rapidly detect, contain, and remediate advanced threats if they evade front-line defenses and get inside—all cost-effectively, without affecting operational efficiency, and before damage can be done. To learn more, visit:

• AMP for Endpoints Webpage • AMP for Endpoints Overview Video

• AMP for Endpoints Demo Video • AMP for Endpoints Data Sheet

• AMP Customer Testimonial • AMP Proof of Value Program

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) C11-735641-01 12/16