The Endless Evolution for Endpoint Security

Don’t you wish something — anything — in security was a checkbox? A box to tick and be done with it? Well, endpoint security isn’t one of those. Or is it? You and your organization must keep maturing along your security journey with better tools, more knowledge, and smarter people. The same is true for the security vendors you look to for protection. Vendors like Cisco must evolve as well, working to stay one step ahead of the bad guys to keep your data safe. The truth is, just like you, security vendors must keep investing in the improvements of their products and services.Cisco AMP for Endpoints has made great strides every year but 2020 is a standout year. This year we’ve introduced several new product capabilities – and made it easier to select the right package to fit your organization’s needs. In January of 2020, we launched AMP for Endpoints Advantage which includes Orbital Advanced Search to allow you to accelerate threat hunting and investigations by simplifying complex queries of your endpoints, and Threat Grid Cloud which allows you to perform in-depth advanced dynamic file analysis and malware threat intelligence fast. Then in June, we launched AMP for Endpoints Premier which includes SecureX Threat Hunting to help you identify threats found within your organization, delivered through highly automated human-driven hunts based on playbooks producing high-fidelity alerts.AMP for Endpoints helps maximize your benefits from MITRE ATT&CK™

Built-in ATT&CK Mappings. Are you using MITRE ATT&CK to improve your cyber defences? If so, this will thrill you. We’ve now mapped cloud IOCs to the ATT&CK knowledgebase. We created Automated Actions to trigger when compromise events at a severity level occur on an endpoint. We added script protection to protect our customers against new, script-based attack vectors. Also, we completely rebuilt our Android Connector from the ground up offering protection for devices to Android 10.

ATT&CK Evaluations. Cisco is pleased to announce that we will be participating in Round 3 of the MITRE ATT&CK evaluation. The results will be posted by MITRE in early 2021. Stay tuned!

AMP for Endpoints supports ATT&CK. It’s a key part of our comprehensive security portfolio that supports MITRE ATT&CK. You can learn more here or check out our Magic of Mitigations blog.

Enhanced Behavioral Protection. Finally, our latest innovation called Behavioral Protection will play a critical role in our journey towards Round 3 of the MITRE ATT&CK evaluation. This technology continually monitors all user and endpoint activity in real-time to spot suspicious patterns. How does it work? It generates and correlates activity records against attack patterns. And we continually update our activity pattern recognition as threats evolve. For example, this enables granular control and protection from the malicious use of living-off-the-land tools. This allows for better visibility, control, and protection into scripts, protection against malicious behaviours, and continuously updated attack pattern signatures curated by Cisco using Talos You can read more about behavioural protection mitigations here.

If you don’t already have Cisco AMP for Endpoints and are interested in trying out some of the new features mentioned above, sign up for our virtual Threat Hunting Workshop, or request a free trial.Source: blogs.cisco.com