cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
978
Views
5
Helpful
1
Replies

Ransomware

mlarnell210
Level 1
Level 1

Does cisco have any appliance IDS/IPS that helps with blocking ransomware from coming onto a network (email, web page)?

1 Reply 1

Oliver Kaiser
Level 7
Level 7

There are a variety of products that can be used against ransomware. Combining multiple solutions (network + endpoint) is the best way to block ransomware and other threats.

  • AMP for Endpoints: Behavioral analysis on mac/windows/android endpoint to detect threats like ransomware. ThreatGRID sandboxing is integrated to run threats in a cloud sandbox.
  • AMP for Networks (e.g. on Cisco Firepower): Detect threats by scanning traffic and verify file hashes. Analyze files using ThreatGRID sandboxing cloud integration
  • AMP for ESA: Scan email attachments on Email-Security Appliance using AMP.
  • Cisco Umbrella: DNS Security Intelligence. Do not resolve dns lookups to known malicious domains to block threats before they can even reach your network.

Other features on Cisco Firepower NGFW will also help blocking threats like Ransomware. IPS will detect CnC traffic and block traffic based on feeds (ip, dns, url) and known malicious traffic patterns.

Let me know if you want to know anything specific about any of the products. I tried to give a broad overview of possible products and what they can do to mitigate ransomware. Depending on your focus I can tell you more about specific solutions.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: