Threat Defense

**Week 8**

Call Guide (Focus AMP4E and Umbrella)

Q: How confident are you that the alerts your security technologies generate are of any real relevance to your organization? And how much time does your team waste in sorting through all those?
A: Cisco’s automated detection and response are force multipliers that free your team to focus on higher-priority issues. The big stats thrown around by security vendors can sound impressive, but how can they help you cut through the noise to get you to the 1% you actually care about? Cisco security is always-on using DNS protection as a first line of defense to prevent users from making malicious connections across the internet. This prevents many attacks at the internet edge, before they get into network, reducing the number of security alerts. With endpoint being the final stop, Cisco continuously monitors for signs of malicious activity whether that’s cryptomining, ransomware, or any other threat. As part of the Cisco security architecture, they have integrated this continuous monitoring with firewall, email, web, cloud, and endpoint security so when a threat is seen in one place, you are protected everywhere.Q: How long does it take your security analysts to research malware, assuming they have the time?
A: The average time it takes to detect a malware infection is 100 days—over three months! Imagine taking that time down to hours or less. You can with Cisco. Using Cisco’s endpoint security, they provide continuous, cloud-based threat analysis and retrospective security so when a threat is detected once, it is blocked everywhere. Umbrella analyze 175B DNS requests per day, so Cisco is in a unique position to identify threats across the internet and proactively block them before they become a problem. With AMP and Umbrella, the threat doesn’t even need to be detected on your network for your organization to be protected. And with true retrospective security, you can see the point of entry and what any malware may have touched and remediate for a central point.Q: How easily can you integrate current threat intelligence into your security products? How much is your access to threat intelligence costing you?
A: Cisco’s secret sauce is the Talos™ threat research team. They ingest telemetry from the technologies in the Cisco security architecture and third-party sources and from the security research from their team of roughly 300 threat researchers. All of their research is then pumped back into the architecture, completing a positive feedback loop. And how much does it cost to use Talos’ threat intelligence? Nothing! It’s included with Cisco AMP for Endpoints and Umbrella.Discovery

How many malware infections does your team deal with on a weekly basis?

Are you concerned with ransomware or malicious cryptomining?

How are you making sure that computers are protected when employees browse the Internet on and off the premises?

What tool are you using to discover any non-compliant endpoints in your network?

Do you have a way to automatically detect malicious file behavior once that file is already on your endpoints?

How has growth in mobility, the cloud, and IoT (Internet of Things) devices affected your ability to defend your network?

What are you currently doing to get visibility into what your users are doing on the internet? How are you protecting off-network users?

Detailed Call Script – [Cisco Umbrella + AMP for Endpoints]Simplify security with the most effective, open, and reliable cloud-delivered security on the market.INTRODUCTION
Hello, [Contact Name]. This is [Your Name] calling from [Partner Name]. Would you like to spend less time reimaging machines that have been infected by some piece of malware or other security threat?
Can I have a few minutes of your time to explain how your peers have reduced remediation time by 50%. Do you have a few minutes? [Wait for Response]
[NO] Is there a better time to call back? I’d love the chance to tell you how Umbrella works with Cisco AMP for Endpoints to stop attacks before they reach your networks and endpoints.
Cisco is offering a FREE trial of Cisco Umbrella and AMP for Endpoints, their cloud-delivered user security solution, and we don’t want you to miss your chance. [One quick question → proceed to questions]
[YES] Cisco blocks users from connecting to malicious sites at the DNS, IP, and HTTP/S layers, BEFORE a connection is made. That means less remediation (which saves time and money) and less risk of breach damage. AND Cisco can reduce security alerts by allowing the rest of your security solutions to work more efficiently. Simply put, Umbrella adds the first line of defense against threats, anywhere on the internet.QUESTIONS TO THEN ASK

Do your users go straight to cloud apps and bypass the VPN or perimeter security?

How do you protect devices when they are off the corporate network?

What products do you typically have in place for protecting endpoints, including mobile devices?

How many malware infections do you typically face weekly?

How long does it typically take for you to identify the point of origin and overall impact on your business?

AMP for Endpoints Specific Question: Do you have a way to automatically detect malicious file behavior once that files is already on your endpoints?
Umbrella-Specific Question: What are you currently doing for recursive DNS security and visibility organization-wide?
To learn more, please visit https://learn-umbrella.cisco.com/solution-briefs/umbrella-amp-for-endpoints

CLOSE
Sell and provision quickly. Deploy via AnyConnect integration to eliminate extra software. Umbrella prevents connections to malicious destinations at the DNS/IP layers while AMP for Endpoints works at the file level to prevent malware execution. Together Umbrella + AMP work in harmony to provide visibility, context, and control to stop attacks targeting endpoints before damage.ObjectionsWe already have a firewall and other security products.
With Umbrella and AMP for Endpoints deployed you can protect both your users and devices. Umbrella acts as a first line of defense before attacks reach a firewall or other products by stopping threats at the DNS layer. Umbrella can protect roaming users, even when the user is off their organizations’ VPN. Plus, Umbrella is cloud-delivered and takes minutes to deploy. AMP for Endpoints is a cloud-managed endpoint security solution that can rapidly detect, contain, and remediate threats if they evade your firewalls and other front-line defenses.I already have endpoint security.
Attackers today are adept at finding the gaps in protection that point products inherently create. How well do those tools integrate? Do they all share threat intelligence among each other? Does your existing solution continuously analyze what you have already seen for potential threats? Cisco AMP for Endpoints and Cisco Umbrella work in concert as the first and last line of defense. Threat intelligence is aggregated across Cisco products by Cisco Talos our world class threat research team. This gives you the ability to detect and respond to threats faster and easier than any point products. Trials of AMP for Endpoints and Umbrella will be a great way for you to see the extent of visibility and control you can achieve to better protect your organization.We don’t have the budget for new security investments right now.
This is a common objection. Ask the customer questions to better understand their pain points:

What is your response plan?

How much time do your personnel spend wiping malware off machines?

Are your teams getting bogged down investigating incidents?

Tie their challenges back to the value of AMP and Umbrella. Try to articulate the value and effectiveness of our solutions.You can also share that AMP for Endpoints can be paid for on a monthly basis and Umbrella on an annual basis. If your network doesn’t have up-to-date capabilities, it may be time for an upgrade. Such an investment will help reduce the likelihood of a major data breach.I don’t want another agent on my endpoints.

Cisco AMP for Endpoints replaces your existing anti virus agent, adds continuous monitoring and cloud-based analysis, as well as pre-execution, run time protection, and ransomware prevention, all in a smaller footprint. Cisco Umbrella does not require an agent, simply point your DNS to our resolver. Do you already have AnyConnect? Through simple license activations, the AnyConnect agent can run Umbrella roaming and directly deploy AMP for Endpoints to your hosts for immediate protection.

My Microsoft enterprise agreement already provides endpoint protection.

Cisco AMP for Endpoints provides coverage across all your operating systems, including Android, Linux, Mac OS, and iOS. Additionally, AMP is the only solution on the market that correlates endpoint data with your network security telemetry so you can stop more threats at the edge and spend less time reimaging machines.

I can already see all users on my network.

Cisco Umbrella provides the visibility needed to protect internet access across all devices on your network, all office locations, and roaming users. Plus, it protects users when off the VPN, eliminating the off-network blind spot.

Social Posts

Facebook: https://bit.ly/2UMpypI

LinkedIn: https://bit.ly/2IuTNei

Twitter: https://bit.ly/2UpBF72

Cisco Seller Email: https://bit.ly/2IHp2SB

Email Copy

Subject Line: The first and last lines of defense, anywhere users go
Subject Line Alternative: Endpoint devices, the primary attack entry pointYour employees have more flexibility and freedom than ever before. Relying on traditional security controls designed for a locked-down workplace won’t protect your roaming and remote users.
According to IDC, 70% of breaches start on endpoint devices. You need to detect and prevent malware now, before it reaches the perimeter or endpoints.Cisco Umbrella is a cloud-delivered security platform that provides visibility and enforcement for threats hosted on the internet, whether users are on or off the corporate network. Umbrella works with Cisco Advanced Malware Protection (AMP) for Endpoints to prevent, detect, and respond to attacks before damage can be done. Both products are easy to deploy and, when implemented together, provide you with strong first and last lines of defense against threats, anywhere users go.Let’s set up some time to discuss further.Cheers, [Insert Name]

Target Audience

Top 20 Meraki FY19 Spend with no U/D/A
Top 30 Security BE Spend in FY18/19
Top 20 Security Wallet with <$10k Cisco Security Spend (Top Whitespace)

Top of Funnel/Assets

Zero Trust eBook

Zero Trust AAG

Incentives

The Cisco AMP for Endpoints and Cisco Umbrella bundle. Bundle security solutions to save 12% discount in a single SKU – AMP4E-UMB-BUN.

It includes AMP for Endpoints + Umbrella Insights or Platform packages

It offers 12% discount off list price

Is available as 1-, 3-, or 5-year terms

It’s important to note that AMP for Endpoints is priced per endpoint and Umbrella per user, so there’s no 1:1 mapping.PresentationsCisco Advanced Malware Protection (AMP) and Cisco Umbrella BDMDemos

AMP for Endpoints dCloud demo

Umbrella dCloud demo

3 minute Demo Video

Webinar

Cisco Security Webinars on demand

Protecting Microsoft applications in minutes with Duo Security

VideoTurkish Airlines VideoComparison Guide