If the laptop was already infected before connecting to the network umbrella wouldn't help much at that point, the device is free to infect the local network.
Yes you could get AMP for Endpoints, but usually that would be deployed to corp owned assets, it's not that practical to deploy to contractor devices.
Ideally use NAC, with ISE and TrustSec. The contractor would connect to the network, be classified differently to a corp user/device and have limited access to the network. Their limited access would prevent them from communicating with corp devices and give them only the required access. You could also use posturing to determine whether the devices connecting to the network are compliant.
If you have FTD you could also integrate with ISE and automatically/manually quarantine the device, restricting their access completely.
Listen: https://smarturl.it/CCRS8E47 Follow us: twitter.com/ciscochampions
Ransomware, fileless malware, and zero-day attacks continue to target organizations around the world. In response, organizations have resorted to deploying a variety of d...
This is a general information page for Cisco Threat Centric (TC-NAC) with ISE
Threat Centric Network Access Control (TC-NAC) feature enables you to create authorization policies based on the threat and vulnerability attributes received from the th...
The 2021 IT Blog Awards, hosted by Cisco, is now open for submissions. Submit your blog, vlog or podcast today. For more information, including category details, the process, past winners and FAQs, check out: https://www.cisco.com/c/en/us/t...
Cisco Secure Endpoint (formerly AMP for Endpoints) will decommission legacy cloud servers, which results in Legacy Windows Connector Versions 3.x/4.x and Mac Connector Version 1.0.x ceasing to ...
IntroductionRequirementsWhat problem does CSDAC solve?CSDAC ComponentsConfiguration CSDAC Login Connector AdaptersCSDAC WorkflowFMC Policy Configuration with Dynamic ObjectsUse Case: Blocking IP address using dynamic object without a policy push