The resurgence of the COVID-19 pandemic is forcing companies to adopt solutions that can protect both employees working remotely and the infrastructure they access. With Cisco Advanced Malware Protection (AMP) for Endpoints and Identity Service Engine (ISE) solutions, you have extended organization-wide malware protection.
Endpoint security features in Cisco AMP
Cisco has dominated the Endpoint security solutions market for several years, with the latest recognitions coming from AV-Comparatives and Radicati. The efficiency of the malware protection solution is given by the fact that it acts on all three levels. Prevents threats, automatically detects compromised terminal devices, and eliminates risks when possible. Cisco AMP for Endpoints is compatible with devices running on Microsoft Windows, Linux, Android, and Apple operating systems. To fulfill its above-mentioned roles, Cisco AMP integrates the following features:
- Cognitive Threat Analytics. Detects compromised equipment by correlating and analyzing generated traffic data, recognizing models using Machine Learning algorithms;
- Device Flow Correlation. Inspects network communications of processes or files and allows restrictive actions;
- Endpoint Indicators of Compromise (IoCs). Identifies indications of terminal compromise based on information provided by Cisco Talos Security Intelligence Service;
- Low Prevalence Analysis. Automatically detects “rare” executables and analyzes their behavior in their own sandbox application (Cisco Threat Grid), identifying unknown threats;
- Exploit Prevention. Prevents File-less attacks and changes the RAM structure before the attack starts;
- System Process Protection. Protects critical Windows systems from being compromised by Memory Injection attacks;
Malicious Activity Protection (MAP). Detects and blocks abnormal behavior associated with files or processes specific to ransomware attacks.
(More information about Cisco AMP can be found HERE.)
Secure access with Cisco ISE
Identity Services Engine (ISE) also has won numerous awards, the latest awards being the Trust Awards Best NAC Solution and the Frost & Sullivan 2020 Global NAC Market Leadership Award. Cisco ISE provides three critical features when users access the network, no matter how they do it (Wired, Wireless, or VPN):
- Authentication – determines which user and equipment requires network access;
- Authorization – determines which infrastructure resources have the right to access an authenticated terminal (depending on several criteria);
- Traceability – constantly monitors what resources a terminal device accesses after authentication.
Cisco ISE simplifies the access management effort by centralizing and unifying authentication and authorization methods, but also by uniformly defining and enforcing access policies. With virtually every Cisco solution, you can manage any type of device trying to access the network. You grant or block access depending on the level of compliance with the pre-set requirements and the rights allocated based on role categories. Authentication implies both the existence of login data and security certificates, as well as the observance of specific security conditions. For example, running certain supported versions of operating systems, the existence of active applications and service packs, performing updates, etc.
For details on how Cisco ISE works, we also recommend the article 3 reasons to improve users’ access to your organization.
Integration generates protection against malware
The integration of Cisco AMP with Cisco ISE ensures a higher level of cybersecurity, by correlating the data provided by the two solutions. Specifically, Cisco AMP for Endpoints can send email alerts to network administrators when a terminal is behaving abnormally. The AMP will also automatically send the ISE information about the incident and the compromised device. By integrating Cisco ISE – AMP for Endpoints, network administrators can see in real-time in the Cisco ISE web interface the information transmitted by AMP for Endpoints, such as the fact that a threat has been discovered, its severity, the MAC and IP addresses of the device, the user name it.
Thus, on the basis of the compromise indicators provided, administrators can make informed decisions for the application of certain measures.
For example, the Cisco ISE administrator may decide to:
- dynamically change the access level of terminal equipment to the network;
- inserts the terminal into a quarantine VLAN until the issues reported by Cisco AMP are fixed;
- end the end-user session;
- close a port.
The advantage of integration is that all these operations can be performed centrally, in real-time. This reduces the risk that the company’s infrastructure will be compromised and that infected equipment will affect other terminals. In addition, administrators have extended visibility and can quickly investigate the causes of the security event by making the necessary decisions.
Datanet is Cisco’s main partner in Romania and an IT system integrator with experience in the field of IT security solutions. Datanet can provide a state-of-the-art malware protection system, consisting of Cisco AMP for Endpoints and Cisco ISE. The company also provides design, installation, integration, training, technical assistance, and swift service.
Are you interested in improving malware protection with Cisco products? Contact us at firstname.lastname@example.org for a technical and commercial offer.