10-31-2018 05:19 PM - edited 02-20-2020 09:06 PM
This topic is a chance to discuss more about the best practices for Cisco Endpoint security, from its implementation, deployment, configuration and troubleshooting to its acquisition. The session will cover AMP for Endpoint and Cisco Security as well.
The holiday season is a time of family, fun, and relaxation. As the business year and weather cool down, however, the threat landscape heats up. The holiday season sees a surge in endpoint transactions, and as a result, endpoint threats. Join us to discuss how Cisco endpoint security can protect you and your business while you relax at home for the holidays.
To participate in this event, please use thebutton below to ask your questions
Ask questions from Monday November 5th to Friday 16th, 2018
Featured experts
Neil Patel is a Technical Product Marketing Manager for Cisco’s Advanced Threat solutions portfolio, focusing on AMP for Endpoints, Cisco’s Advanced endpoint security offering. Neil joined the industry five years ago, and has worked closely with various groups within the Cisco security product portfolio and also with customers in both pre and post sales. On the weekends he can usually be found under the hood of his car or hiking around one of the various North Carolina trails. Neil holds a bachelor’s degree in Computer Engineering from Georgia Tech.
Evgeny Mirolyubov is a Technical Marketing Engineer for Advanced Threats Security in the Security Business Group at Cisco. Evgeny works with the largest Cisco customers across the globe to help them realize the value and the benefits of their Cisco's security investments. He believes that with the right mix of security talent, processes, and technology in place, organizations can reduce the risk of being exposed to a severe compromise. Evgeny is passionate about topics such as endpoint and network security, practical use of machine learning in cybersecurity, operating systems, threat research, incident response, threat hunting, and many others. Evgeny is a graduate of the Moscow State Technological University with a major in Computer Sciences. He as well studied at Technion (Israel Institute of Technology), where his primary focus areas were systems and network security. Evgeny holds multiple industry certifications from Cisco and GIAC.
Neil and Evgeny might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Security community.
Find other events https://community.cisco.com/t5/custom/page/page-id/Events?categoryId=technology-support
FURTHER INFORMATION
**Helpful votes Encourage Participation! **
Please be sure to rate the Answers to Questions
11-05-2018 05:44 AM
Hi guys,
I've got a question about the NSS labs test of AMP4E. I was happy to see that AMP scored well and actually had better security effectiveness than some of the hyped products.
What I'd like to know is what evasions that AMP4E was suscpetible to and if there's any Cisco response that I can share with my customers if they ask about the said evasions?
BR
Mathias Karihtala
11-05-2018 02:55 PM - edited 11-06-2018 06:11 AM
Mathias,
Thank you very much for the question!
NSS AEP determined evasions based on blocking the threat within a time window. Beyond that time window AMP For Endpoints did detect all the threats. For these cases beyond initial block, AMP for Endpoints calls on patented retrospective security to find new threats that have bypassed other mechanisms. AMP continuously monitors files and vulnerable processes. If a file exhibits malicious behavior, AMP provides a full scope of the threat, quarantines the file and shares threat intelligence across the network, endpoint and cloud.
In addition, since the NSS AEP testing, AMP has released some newer innovations such as Malicious Activity Protection to help better protect endpoints. Learn a little more @ https://blogs.cisco.com/security/secure-your-endpoints-against-ransomware-introducing-malicious-activity-protection.
Thanks!
-Neil
11-07-2018 12:30 PM
11-07-2018 12:37 PM
Mathias,
The comparative report talks a little bit more about the evasions, but not specifics. You would need to reach out directly to NSS for details on the evasions that were utilized.
-Neil
11-07-2018 01:25 PM
11-05-2018 07:52 PM
I want to go in security so what I can do to start.
11-07-2018 11:18 AM
To get into the security space the best place to start is with trainings. A few places to get started:
The SANS Institute
SANS hosts the largest repository of information security trainings, resources, and documents, making it the industry leader in trainings for Cybersecurity.
As part of a partnership with the SANS institute, we will be running a webcast talking about Endpoint security.
The SANS webcast is on Dec 5 register for free! https://www.sans.org/webcasts/109495.
Cisco Learning Network
Cisco offers career path trainings for Cybersecurity as part of its learning network check them out @ https://learningnetwork.cisco.com/community/it_careers/cybersecurity-training-and-certifications
I recommend you take some time to go through both Cisco Learning Network and SANS content as a start to your journey!
Good Luck!
-Neil
11-07-2018 01:32 PM
Hi,
If you're interested in Network Security and would like to go the Cisco path I suggest to begin with CCNA Security. For a more Cyber-oriented approach I'd look into CCNA Cyber Security. It covers a lot of areas, not only technical but also commonly used processes.
If you'd like to get an idea about PEN testing and such, you can learn a lot from so called wargames. This one is aimed at beginners: http://overthewire.org/wargames/bandit/
Good luck with your studies!
BR
Mathias
11-16-2018 02:56 PM
Hi @neipatel and Evgeny
Thanks for sharing your time and expertise regards Cisco Endpoints.
Please help to reply to these common questions:
My branch will be shut down for the holiday. How can I know my remote workers are safe?
I want to take time off for the holiday. What can I do to automate threat hunting when I am not there?
After the holidays, how I filter all of the endpoint alerts, and how do I know where to start?
My employees are traveling for the holiday season. Will I be able to protect my endpoints wherever they go?
What can I do to keep up with the latest threats while away for the holiday?
11-19-2018 08:15 AM
Hello @Hilda Arteaga,
Thank you for your questions! Let me help you answer them below in-line.
My branch will be shut down for the holiday. How can I know my remote workers are safe?
EM: Remote works can rely on endpoint security that offers both prevention and detection of threats. The majority of all threats will be prevented by AMP for Endpoints, and it will also alert you if there are any that can make it through. In this case, you would have the historical data needed to prioritize triage and response actions.
I want to take time off for the holiday. What can I do to automate threat hunting when I am not there?
EM: Cisco provides multiple pre-built scripts that could be used to automate common security operations tasks. Threat Hunting itself is a proactive practice of looking through the environment for threats that wasn't detected. Once you have built your hunting techniques, you can automate them. Several examples could be found at https://github.com/CiscoSecurity
After the holidays, how I filter all of the endpoint alerts, and how do I know where to start?
EM: Cisco AMP for Endpoints will block most attacks and will group all endpoints that require attention into the Inbox. Inbox can be used to filter compromises by date or by severity. With severity-type of filtering, you can prioritize threats that have the most impact on your organization. Please review a brief video overview of this feature here.
My employees are traveling for the holiday season. Will I be able to protect my endpoints wherever they go?
EM: Yes, that's the main advantage of endpoint security. It allows you to be less dependent on security controls deployed inside of an enterprise or a branch office.
What can I do to keep up with the latest threats while away for the holiday?
EM: Please consider review Talos Intelligence blog post, which offers insights into most prevalent threats across the globe.
11-20-2018 02:18 PM
Hi @emirolyu
Thanks for sharing your expertise and time here
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide