Cisco has announced security upgrades to cut the time compromises go unnoticed on endpoints, giving attackers less time to do damage if they get past preventive security measures.
Unveiled at the Cisco Partner Summit this week, the new AMP for Endpoints comes with a lightweight agent to gather data that is analyzed in the Cisco AMP cloud. This lifts the processing burden from customers’ infrastructure.
And the platform now includes an agentless feature for devices that can’t take an agent, such as visitors’ laptops.
In addition to the cloud version, the analytics part of the platform can also be purchased for deployment on customer premises in their own private clouds. Detection, analysis and recommended response are handled in the cloud and pushed to the endpoints.
AMP for Endpoints can be deployed as a standalone product to catch incursions or as part of a broader Cisco AMP architecture. As part of the broader architecture, it can share endpoint intelligence with telemetry from network control points, the network edge, email, Web and data centers to create a more holistic security environment, Cisco says.
AMP for endpoints continuously monitors and when an event pops up on the platform’s dashboard, clicking on the event reveals context about it – where did the event start, how long has it been in the environment and what can be done about it.
To help minimize the number of endpoint agents deployed, the AMP for Endpoints agent includes anti-virus so a separate anti-virus agent is unnecessary.
Part of the new AMP for Endpoint release includes agentless post-execution detection that monitors proxy logs for evidence of malicious activity and compromises. The analysis of the proxy logs is performed by the cloud-based analytics engine. When malware infects an endpoint and launches executables, the malicious actions of the executable can be picked up by analyzing the behaviors in the context of known bad behavior.
The main endpoint goal is reducing the time to detection of a breach or compromise and provide information about how to react, Cisco says.
Also at its partners’ conference, Cisco announced three new services customers can buy from either Cisco or its partners. These include deployment services, incident response if AMP discovers things they’ve never seen before. It also includes active threat analytics to monitor threat intelligence day to day.
In addition, Cisco is bundling security products into packages that address specific customer needs, and offers them at prices less than the sum of the individual products. The use cases include data center and access security.