cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16919
Views
75
Helpful
11
Replies

Ask the Expert- Endpoint Security: The Daunting Challenges of the Holiday Season

Cisco Moderador
Community Manager
Community Manager

This topic is a chance to discuss more about the best practices for Cisco Endpoint security, from its implementation, deployment, configuration and troubleshooting to its acquisition. The session will cover AMP for Endpoint and Cisco Security as well.

The holiday season is a time of family, fun, and relaxation. As the business year and weather cool down, however, the threat landscape heats up. The holiday season sees a surge in endpoint transactions, and as a result, endpoint threats. Join us to discuss how Cisco endpoint security can protect you and your business while you relax at home for the holidays.

 

To participate in this event, please use theJoin the Discussion : Cisco Ask the Expertbutton below to ask your questions

 

Ask questions from Monday November 5th to Friday 16th, 2018

 

Featured experts

Neil Patel.jpgNeil Patel is a Technical Product Marketing Manager for Cisco’s Advanced Threat solutions portfolio, focusing on AMP for Endpoints, Cisco’s Advanced endpoint security offering. Neil joined the industry five years ago, and has worked closely with various groups within the Cisco security product portfolio and also with customers in both pre and post sales. On the weekends he can usually be found under the hood of his car or hiking around one of the various North Carolina trails. Neil holds a bachelor’s degree in Computer Engineering from Georgia Tech.

 

evgeny.jpgEvgeny Mirolyubov is a Technical Marketing Engineer for Advanced Threats Security in the Security Business Group at Cisco. Evgeny works with the largest Cisco customers across the globe to help them realize the value and the benefits of their Cisco's security investments. He believes that with the right mix of security talent, processes, and technology in place, organizations can reduce the risk of being exposed to a severe compromise. Evgeny is passionate about topics such as endpoint and network security, practical use of machine learning in cybersecurity, operating systems, threat research, incident response, threat hunting, and many others. Evgeny is a graduate of the Moscow State Technological University with a major in Computer Sciences. He as well studied at Technion (Israel Institute of Technology), where his primary focus areas were systems and network security. Evgeny holds multiple industry certifications from Cisco and GIAC.

 

Neil and Evgeny might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Security  community.

Find other events https://community.cisco.com/t5/custom/page/page-id/Events?categoryId=technology-support  

 

FURTHER INFORMATION

  • More details about this topic on the blog “Endpoint Security – The Daunting Challenges of the Holiday Season” here
  • Request a free trial of this security solution here

 

**Helpful votes Encourage Participation! **
Please be sure to rate the Answers to Questions

11 Replies 11

karihtala
Level 1
Level 1

Hi guys,

 

I've got a question about the NSS labs test of AMP4E. I was happy to see that AMP scored well and actually had better security effectiveness than some of the hyped products. 

 

What I'd like to know is what evasions that AMP4E was suscpetible to and if there's any Cisco response that I can share with my customers if they ask about the said evasions?

 

BR
Mathias Karihtala

CCNP Security/Fire Jumper Advanced Threat

Mathias,

Thank you very much for the question! 

NSS AEP determined evasions based on blocking the threat within a time window. Beyond that time window AMP For Endpoints did detect all the threats. For these cases beyond initial block, AMP for Endpoints calls on patented retrospective security to find new threats that have bypassed other mechanisms. AMP continuously monitors files and vulnerable processes. If a file exhibits malicious behavior, AMP provides a full scope of the threat, quarantines the file and shares threat intelligence across the network, endpoint and cloud.

 

In addition, since the NSS AEP testing, AMP has released some newer innovations such as Malicious Activity Protection to help better protect endpoints. Learn a little more @ https://blogs.cisco.com/security/secure-your-endpoints-against-ransomware-introducing-malicious-activity-protection.

 

Thanks! 

-Neil

Hi Neil,

Thanks for the explanation. Do you know if the full explanation of the evasions are documented in the full NSS report? I read a breakout of the AMP4E test but as far as I recall they didn't give any details in it.

/Mathias
CCNP Security/Fire Jumper Advanced Threat

Mathias,

The comparative report talks a little bit more about the evasions, but not specifics. You would need to reach out directly to NSS for details on the evasions that were utilized. 

-Neil

Ok, thanks for your time. I'll see what I can dig out from NSS :)
CCNP Security/Fire Jumper Advanced Threat

Prsnkursingh11
Level 1
Level 1

I want to go in security  so what I can do to start. 

 

To get into the security space the best place to start is with trainings. A few places to get started: 

 

The SANS Institute

SANS hosts the largest repository of information security trainings, resources, and documents, making it the industry leader in trainings for Cybersecurity.

As part of a partnership with the SANS institute, we will be running a webcast talking about Endpoint security. 

The SANS webcast is on Dec 5  register for free! https://www.sans.org/webcasts/109495

 

Cisco Learning Network

Cisco offers career path trainings for Cybersecurity as part of its learning network check them out @ https://learningnetwork.cisco.com/community/it_careers/cybersecurity-training-and-certifications

 

I recommend you take some time to go through both Cisco Learning Network and SANS content as a start to your journey!

Good Luck!

-Neil

 

 

Hi,

 

If you're interested in Network Security and would like to go the Cisco path I suggest to begin with CCNA Security. For a more Cyber-oriented approach I'd look into CCNA Cyber Security. It covers a lot of areas, not only technical but also commonly used processes.

 

If you'd like to get an idea about PEN testing and such, you can learn a lot from so called wargames. This one is aimed at beginners: http://overthewire.org/wargames/bandit/

 

Good luck with your studies!

 

BR
Mathias

CCNP Security/Fire Jumper Advanced Threat

Hilda Arteaga
Cisco Employee
Cisco Employee

Hi @neipatel and Evgeny

Thanks for sharing your time and expertise regards Cisco Endpoints.

Please help to reply to these common questions:

 

My branch will be shut down for the holiday. How can I know my remote workers are safe?

I want to take time off for the holiday. What can I do to automate threat hunting when I am not there?

After the holidays, how I filter all of the endpoint alerts, and how do I know where to start?

My employees are traveling for the holiday season. Will I be able to protect my endpoints wherever they go?

What can I do to keep up with the latest threats while away for the holiday?

Hello @Hilda Arteaga

 

Thank you for your questions! Let me help you answer them below in-line.

 

My branch will be shut down for the holiday. How can I know my remote workers are safe?

EM: Remote works can rely on endpoint security that offers both prevention and detection of threats. The majority of all threats will be prevented by AMP for Endpoints, and it will also alert you if there are any that can make it through. In this case, you would have the historical data needed to prioritize triage and response actions.

 

I want to take time off for the holiday. What can I do to automate threat hunting when I am not there?

EM: Cisco provides multiple pre-built scripts that could be used to automate common security operations tasks. Threat Hunting itself is a proactive practice of looking through the environment for threats that wasn't detected. Once you have built your hunting techniques, you can automate them. Several examples could be found at https://github.com/CiscoSecurity

 

After the holidays, how I filter all of the endpoint alerts, and how do I know where to start?

EM: Cisco AMP for Endpoints will block most attacks and will group all endpoints that require attention into the Inbox. Inbox can be used to filter compromises by date or by severity. With severity-type of filtering, you can prioritize threats that have the most impact on your organization. Please review a brief video overview of this feature here.

 

My employees are traveling for the holiday season. Will I be able to protect my endpoints wherever they go?

EM: Yes, that's the main advantage of endpoint security. It allows you to be less dependent on security controls deployed inside of an enterprise or a branch office.

 

What can I do to keep up with the latest threats while away for the holiday?

EM: Please consider review Talos Intelligence blog post, which offers insights into most prevalent threats across the globe. 

Hi @emirolyu

Thanks for sharing your expertise and time here