The widespread adoption of remote work and cloud services has significantly transformed the security perimeter of companies. Now, it is known that most of the cyberattacks that compromised their target were based on compromising users’ access credentials. Using Cisco Endpoint Protection, companies can improve their response time to threats and vulnerabilities by up to 85%, while increasing the operational efficiency of the IT department.

For the last 18 months, everywhere organizations have reported an increased volume of cyber threats that they face, as the result of the cyberattack surface expansion. The phenomenon affects both the public and private sectors, mainly caused by the accelerated digitization of business processes, the adoption of remote work, and the increase of the number of Cloud services used. All these factors – for which the pandemic situation has been a favorable environment – made the companies re-evaluate the effectiveness of endpoint security protection and consider the opportunity to address it in an integrated security architecture.

In the current context, in order to be truly effective, end-user protection solutions can no longer be limited to simple antivirus applications. These should include advanced prevention, detection and response functionality, and to enable integration with email solutions, remote identity and access control, security in multi-cloud environments, firewalls, intrusion detection systems, etc.

For this reason, almost three-quarters (72%) of companies estimate that in the next 12-18 months will replace their endpoint security solutions (according to an ESG1 analysis). According to the same source, more than two-thirds (67%) of them are looking to adopt an Endpoint Security suite from a single supplier, in order to reduce the integration effort and benefit, from the beginning, of an improved visibility of threats.

 

What benefits offers Cisco Endpoint Protection

 

For an effective response to this set of conditions, Datanet specialists recommend Cisco Endpoint Protection (the new name of Advanced Malware Protection – AMP), a solution that stands out in the market through a number of important competitive advantages. The first is performance, with the superior level of protection provided by Cisco’s Endpoint Security solution being confirmed by numerous tests performed by independent evaluators – such as AV-Comparatives, NSS Labs, ATT & CK or Miercom – as well as market analysts such as IDC, Gartner, Radicati, and Forrester2.

However, Cisco Endpoint Protection also stands out for its operational efficiency increase, which is an important element in the current context, as the IT departments are frequently undersized – at least in relation to the volume of tasks they have to cover – and do not have advanced IT security skills.

The Cisco solution compensates for these shortcomings by ensuring:

  • Extended visibility for quick threat detection. Cisco Endpoint Protection constantly monitors a wide range of terminal-level compromise indicators (IoCs) as well as potential security events. The solution allows retrospective analysis to detect the trajectory of threats that have managed to penetrate the protection systems, identifying gaps and vulnerabilities that have allowed this.For this, the application integrates services such as Threat Intelligence – Cisco Talos, but also from other vendors, such as VirusTotal – as well as Machine Learning mechanisms for detecting new threats.The Premier license version of Cisco Secure Endpoints includes the feature called SecureX Threat Hunting, described below. A team of Cisco specialists, with twenty years of experience in Threat Hunting, is constantly developing and updating automatic Threat Hunting playbooks. These playbooks “hunt” tactics and techniques used in cyber-attacks and mapped to frameworks such as MITRE ATT&CK, to find incidents in the client’s organization. More than 50 hunts per day are scheduled to run in Cloud, on the telemetry data collected from Secure Endpoints agents, and their results are investigated by analysts. If a threat is identified, the client receives an incident notification in its Cisco Secure Endpoint console, which includes a summary of the threat, its behavior, the potential impact it may have on the organization, and a clear set of recommendations for threat investigation and remediation.

For more information on Cisco Endpoint Protection’s built-in features and technologies please access this link.

  • Automation of response methods. Cisco Endpoint Protection offers the ability to perform advanced searches by various criteria, periodically or on-demand, on all terminal equipment enrolled in the application. To simplify and increase the speed of security investigations, which require many repetitive processes, the solution integrates advanced options for workflow automation. For example, when Threat Intelligence services report a new threat, the solution can automatically perform a retrospective analysis, identifying and quarantining the malicious file without the need for any human intervention. Additionally, by restoring the path of the threat, Cisco Endpoint Protection can automatically isolate, after the confirmation of an administrator, each terminal that has been compromised, thus limiting the risks of spreading and related damage.
  • Higher level of interoperability. To improve the IT departments’ efficiency and responsiveness to cyber threats, Cisco Endpoint Protection integrates natively with several applications in the Cisco portfolio, as well as from other vendors.
    The solution is one of the core components of the XDR (Extended Detection and Response) platform, a suite of pre-integrated IT security products that brings together five of the most effective cloud protection applications and services in Cisco’s portfolio (Secure Firewall, Secure Email, Secure Endpoint, Umbrella, and SecureX).

For more information on Cisco XDR, please download this guide prepared by Datanet Systems.

 

Integration options

 

Cisco Endpoint Protection integrates with other Cisco solutions, such as Identity Services Engine (ISE). By using the two applications together, companies gain extended visibility, multiple options for automating response measures, centralized operations, and consistent deployment of the security and access policies. A detailed description of how Cisco Endpoint Protection – ISE integration works is available here.

Last but not least, Cisco Endpoint Protection also integrates with several solutions from partners such as Splunk, Palo Alto, Fortinet, RSA, LogRhythm, IBM, etc. At this level, Datanet Systems consultants can provide comprehensive services for deploying, configuring, integrating, and customizing Cisco’s Endpoint Security solution, which ensures you increase the performance of the security solutions you already have by integrating them into a consistent architecture.

Using Cisco Endpoint Protection in a company’s wide integrated security architecture, you benefit over:

  • improving the proactive protection of terminal devices, by reducing the attack surface;
  • ensuring a response time to threats and vulnerabilities by up to 85% less;
  • increase the operational efficiency of the IT department by up to 86%3.

For more technical and business information about the Cisco Endpoint Protection solution, its integration capabilities, and the provided services, please contact us at sales@datanets.ro

______________________

Resources:

  1. https://www.cisco.com/c/dam/m/en_us/products/security/endpoint-security/reimaging-endpoint-security-esg-white-paper/pdf/ESG-White-Paper-Cisco-Jul-2020.pdf
  2. https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/third-party-validation.html
  3. https://www.cisco.com/c/en_id/products/security/amp-for-endpoints/index.html#~benefits