Solution Briefs

Umbrella + AMP for Endpoints

Issue link: https://learn-umbrella.cisco.com/i/891757

Contents of this Issue

Navigation

Page 0 of 1

Protect your endpoints with Cisco AMP for Endpoints and Cisco Umbrella Challenges of protecting endpoints An estimated 70% of breaches start on endpoints - laptops, workstations, servers, and mobile devices 1 . Why do endpoints continue to be the primary point of entry for attacks? Gaps in protection When users and endpoints are off-network, preventative tools like antivirus are often the only protection available. This is not enough when it comes to today's advanced threats. Gaps in visibility Organizations are often blind to malware attacks and the scope of a compromise. They have limited visibility into user and endpoint activity, and lack the context to see where malware came from, where it has been, and what it's doing. They can't detect what they can't see. User error An attacker sends out a phishing email with a malicious attachment or link. Despite training or countless warnings, it's inevitable, users are going to open or click things that they shouldn't. Needs of an organization Organizations need deep visibility into what files and users are doing on the endpoint itself, and where that endpoint is trying to connect to on the internet—plus the control to stop malicious behavior. Effective protection for endpoints Cisco AMP for Endpoints and Cisco Umbrella are two security solutions that work in harmony to provide the visibility, context, and control needed to prevent, detect and respond to attacks targeting endpoints, before damage can be done. PREVENT DETECT RESPOND AMP for Endpoints • Blocks known malware at initial inspection • Uses sandbox (powered by Threat Grid) to analyze unknown files Umbrella • Blocks malicious internet requests (domain, URL, & IP) requests, regardless of delivery mechanism (email, web drive-by, etc.) AMP for Endpoints • Continuously analyzes all file activity on endpoints to quickly detect malicious behavior and retrospectively alert security teams Umbrella • Prevents command and control (C2) callbacks to attacker's servers to stop data exfiltration and execution of ransomware encryption AMP for Endpoints • Shows the full history and context of a compromise • Can stop attacks via outbreak control capabilities and quarantining files Umbrella Investigate • Provides up-to-the-minute threat data and historical context about domains, IPs, and file hashes for faster investigation © 2017 Cisco and/or its affiliates. All rights reserved. 65% 55% DAYS 48% of organizations say attacks evaded existing preventative tools 2 average time to detection 4 of organizations are unable to determine cause of breach 3 of attackers bypass endpoint defenses because of user error 5 100 S O LU T I O N B R I E F

Articles in this issue

view archives of Solution Briefs - Umbrella + AMP for Endpoints