Cisco Doubles Down on Security Innovation and Investment to Protect the Endpoint and Email
April 2018 by Marc Jacob
Employees remain an organization’s greatest asset however they can be a risk when it comes to cybersecurity. Attackers are crafting highly targeted, fraudulent emails that look legitimate and use them to deliver malware to unsuspecting users. When successful, it costs the majority of companies $500K or more in lost revenue, customers, opportunities, and out-of-pocket costs. To combat the rise of advanced threats targeting employees, Cisco is announcing new email security services to protect users from these fraudulent emails, as well as new capabilities to protect employees’ devices from ransomware, cryptomining, and fileless malware.
Nearly all endpoint security solutions on the market claim to block 99 percent of malware. But what about the one percent of threats that evade detection using sophisticated techniques? Cisco® Advanced Malware Protection (AMP) for Endpoints, a cloud-managed endpoint security solution, prevents attacks and helps uncover the one percent of threats that can cripple a business. Cisco is adding a number of new capabilities to AMP for Endpoints, including:
• Sophisticated detection and protection mechanisms to stop today’s threats, including ransomware, and cryptomining: Cisco is now bolstering its threat protection even when a user is offline. The new AMP for Endpoints exploit prevention helps protect against fileless attacks, including those that reside solely in memory. Cisco AMP’s new malicious activity protection stops ransomware execution, killing the processes and preventing propagation.
o Cisco threat researchers analyzed ransomware variants to identify the common techniques used for encryption. The result: a new engine that continuously protects against ransomware encryption and propagation to keep businesses safe from ransomware.
o Fileless malware has recently gained popularity in part because of the difficulty in detecting it. Built directly into the foundation of Cisco AMP is a new protection mechanism that requires no tuning or adjustments to stop these threats. It protects against unpatched software vulnerabilities and keeps working around the clock, even when users are offline.
• Threat investigation with Cisco Visibility, a new cloud application built into the endpoint console which simplifies and accelerates security investigations so security analysts can rapidly investigate incidents with confidence, quickly and at scale. It ingests, normalizes, and enriches security events and provides a visual representation of the extent of a compromise spanning from endpoints to network to cloud.
o Cisco Visibility combines threat intelligence from Cisco Talos(TM) and third parties with internal security event and alert data from across an organization’s security infrastructure to simplify investigations, reduce complexity, and shorten incident triage and remediation time.
o Visibility minimizes the need to switch between multiple consoles to perform common tasks. With a few simple clicks, a user can dive deeper into the data from Talos, Cisco Umbrella Investigate(TM), Threat Grid, AMP, and other sources to quickly understand how observables exist in an environment and how they relate to each other.
Cisco invests in new email security services
No matter how much the threat landscape changes, malicious email and spam remain vital tools for adversaries to distribute malware, and many of these threats reach the endpoint. Organizations must protect their own company domains from being misused as the delivery mechanism of malicious emails, as well as protect their internal users from phishing and spoofing attacks from emails with suspect senders.
Cisco is helping address these issues and more effectively prevent email identity deception used in phishing attacks. Cisco has concluded an OEM agreement with Agari to market and sell new services that enhance its Email Security product. The new email security services introduced include:
• Cisco Domain Protection: Automates the process of using email authentication to prevent phishing, protect brands from fraud, and maintain email governance by analyzing, updating, and taking action against senders misusing their domain to send malicious email. This service uses Domain-Based Message Authentication, Reporting, and Conformance (DMARC), an email authentication standard, and real-time reporting back to domain users about noncompliant emails being sent from their domains. This will be a requirement for many organizations in the future, and as of October 2017, the U.S. Department of Homeland Security ordered federal agencies with .gov email domains to fully implement strict DMARC policies by October 2018.
• Cisco Advanced Phishing Protection: Adds sophisticated machine learning capabilities to Cisco Email Security to block advanced identity deception attacks for inbound email by assessing its threat posture. It also uses both global and local telemetry data combined with analytics and modeling to validate the reputation and authenticity of senders. This helps organizations understand which emails carry targeted phishing and business email compromise (BEC) attacks so only legitimate emails reach an employee inbox.
Deployment through managed security services
To enable customers of all sizes to realize the benefits of these new capabilities, Cisco is expanding its relationship with ConnectWise so managed service providers (MSP) can offer Cisco Security as a part of their portfolio. The expanded relationship will offer the new ConnectWise Advanced Security Dashboard. This cloud management platform fully integrates with the ConnectWise Manage business management solution and complements ConnectWise Unite with Cisco, the existing portal for MSPs based on leading Cisco cloud-managed products. The new ConnectWise Advanced Security Dashboard provides MSPs with the ability to deliver managed security services with Cisco’s security portfolio including Cisco AMP for Endpoints, Cisco Umbrella, Cisco Stealthwatch® Cloud, Cisco Adaptive Security Appliances, Cisco Next-Generation Firewall, and Cisco Meraki® MX appliances.