https://community.cisco.com/t5/endpoint-security/spero-and-ethos/m-p/4710899#M7150 <P>Hello,</P> <P>I am just getting familiar with Secure Endpoint and would like to know more about Spero and Ethos engine.</P> <P>I could not find DETAILED information about how these engines work and what they do.</P> <P>Would be grateful if someone provides documentation.</P> <P>Thanks&nbsp;&nbsp;</P> Wed, 26 Oct 2022 14:34:00 GMT llomjaria 2022-10-26T14:34:00Z https://community.cisco.com/t5/endpoint-security/spero-and-ethos/m-p/4710899#M7150 <P>Hello,</P> <P>I am just getting familiar with Secure Endpoint and would like to know more about Spero and Ethos engine.</P> <P>I could not find DETAILED information about how these engines work and what they do.</P> <P>Would be grateful if someone provides documentation.</P> <P>Thanks&nbsp;&nbsp;</P> Wed, 26 Oct 2022 14:34:00 GMT https://community.cisco.com/t5/endpoint-security/spero-and-ethos/m-p/4710899#M7150 llomjaria 2022-10-26T14:34:00Z https://community.cisco.com/t5/endpoint-security/spero-and-ethos/m-p/4710930#M7151 <A href="https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2020/pdf/DGTL-BRKSEC-3446.pdf" target="_blank">https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2020/pdf/DGTL-BRKSEC-3446.pdf</A><BR />specifically page 53 of that PDF.<BR /><BR /> Wed, 26 Oct 2022 14:48:05 GMT https://community.cisco.com/t5/endpoint-security/spero-and-ethos/m-p/4710930#M7151 Ken Stieers 2022-10-26T14:48:05Z https://community.cisco.com/t5/endpoint-security/spero-and-ethos/m-p/4711561#M7153 <P>Thank you for the information.</P> <P>It's useful but not as detailed.&nbsp;</P> Thu, 27 Oct 2022 06:42:15 GMT https://community.cisco.com/t5/endpoint-security/spero-and-ethos/m-p/4711561#M7153 llomjaria 2022-10-27T06:42:15Z https://community.cisco.com/t5/endpoint-security/spero-and-ethos/m-p/4715120#M7159 <P>Hello&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1422564">@llomjaria</a>&nbsp;,<BR />enclosed some infos:<BR /><BR /></P> <P><STRONG>SPERO (Machine Learning):</STRONG>&nbsp;We use hundreds of infos of a file, which we call a SPERO fingerprint. This is sent to the cloud and SPERO trees determine whether a file is malicious. Note, a Spero Hash is a hash based on file characteristics, not the file itself</P> <P><STRONG>ETHOS (File Grouping):</STRONG>&nbsp;The engine is designed to detect polymorphic threats by checking specific characteristics of a file. Much malware tries to pack/unpack/re-pack to change itself and to hide from detection. The engine is detection such activity and is able to "group" an unknown file based on its behaviour to a known malware family.<BR /><BR />Greetings,<BR />Thorsten</P> Wed, 02 Nov 2022 19:21:10 GMT https://community.cisco.com/t5/endpoint-security/spero-and-ethos/m-p/4715120#M7159 Troja007 2022-11-02T19:21:10Z