By Gedeon Hombrebueno As evasive and complex as today’s threats have become, it’s no wonder security professionals in organizations of all sizes are ripping out their legacy antivirus completely in favor of Endpoint Protection Platforms (EPP) and Endpoint Detection and Response (EDR) technologies. Endpoint Protection Platform (EPP) delivers next generation antivirus that stops today’s complex attacks. Endpoint Detection and Response (EDR) offers more advanced capabilities like detecting and investigating security incidents, and the ability to remediate endpoints quickly. The question then becomes, which should you choose? And why can’t you have both?
We believe you can AND we believe it should simplify your security operations. That’s why we’ve brought EPP and EDR capabilities together in a single cloud-delivered solution called Cisco® Advanced Malware Protection (AMP) for Endpoints. It is relentless at stopping breaches and blocking malware, then rapidly detects, contains, and remediates advanced threats that evade front-line defenses. Moreover, it’s easy to deploy, easy to use and leverages your existing security investments to help you address threats beyond the endpoint. That’s what we call relentless breach defense and here’s three ways Cisco AMP for Endpoints does this.
#1. Block threats. Before they target you.
How effective you are at protecting your endpoints really depends on how good the threat intelligence you’re acting on. That’s why at Cisco, we employ machine learning and automation to spot malware activity fast, malware attack prevention to block ransomware, exploit prevention to stop fileless malware and a variety of other protection engines fueled by Cisco Talos, the largest non-governmental threat intelligence group on the planet. We find more vulnerabilities than other vendors and push out protection before the bad guys can exploit them, giving you an advantage. And because we’re Cisco, Talos sees more network traffic than anyone else. Whether a threat begins on the Internet, in an email, or on someone else’s network. Our cloud-based global telemetry sees a threat once, anywhere in the world, and blocks it everywhere, across our endpoint ecosystem and our entire security platform.
#2. Know everything. About every endpoint.
We simplify threat hunting and investigation with our newly announced endpoint detection and response (EDR)capabilities that automate advanced investigative queries across any or all of your endpoints. Whether you are doing an investigation as part of incident response, threat hunting, IT operations, or vulnerability and compliance, we get you the answers you need. We have preloaded scripts so you can leverage the expertise of our Talos threat hunters or even customize your own. These queries are organized in a catalog of common use cases, even aligning with the Mitre ATT&CK. We provide deeper visibility on what happened to any endpoint at any given time by taking a snapshot of its current state – you can think about this as a “freeze-framing” activity on a device right to the moment when something malicious was seen. And we continuously monitor and analyze the behavior of your endpoints, giving you the information you need to investigate and respond to the riskiest threats quickly and confidently. If a file that appeared clean upon initial inspection ever becomes a problem, we can provide a full history of the threat’s activity to catch, isolate, contain, and remediate at the first sign of malicious behavior.
#3. Respond completely. With security that works together.
Threats are not one dimensional and neither should your defenses be. That’s why we built our endpoint security with out-of-the-box integrations with the rest of the Cisco security platform to block, detect, investigate and respond to threats across your entire environment – not just your endpoints. With security that works together, we help you streamline your security operations, making security investigations faster and easier. You will get to the root cause fast, and automate actions to stop a threat in its tracks. We empower you to respond to attacks at the first sign of malicious behavior using one-click isolation of any endpoint, everywhere. Importantly, we have broader control beyond just the endpoint. We instrument our endpoint security to leverage threat intelligence from web, email, cloud and network security solutions; and multi-factor authentication integration for Zero-Trust, creating security defenses that work together for more effective protection and response against the most challenging threats with less time, effort, and cost to do so.
Channel your inner threat hunter: register for one of our Threat Hunting Workshops. You’ll get hands on experience threat hunting, investigating and responding to threats so you and be relentless at breach defense too.

The post Relentless Breach Defense Endpoint Protection Platform + Endpoint Detection and Response appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Amanda Rogerson Challenges of Protecting Endpoints
With an estimated 70% of breaches starting on endpoints – laptops, workstations, servers, and mobile devices – organizations need visibility into the devices connecting to applications both on the network and in the cloud. Organizations need the ability to establish trust in the devices connecting to resources containing sensitive information.
Curious how you can determine if you can trust the endpoints that are connecting to your business resources? Ask yourself a few quick questions:
Are you able to automatically notify users of out-of-date software to reduce your help desk tickets or block devices that have been compromised? Or automatically quarantine malicious files from infecting your entire network?
Can you enforce endpoint controls for risky devices or corporate-owned devices? What about contractor devices or external third parties connecting to your network?
Can you enforce access policies based on the application risk or whether the device is a known healthy device that meets security guidelines?

Establishing Trust in Endpoints
In order to effectively establish trust in user devices, organizations should have device-based policies in place to prevent access by any risky or unknown devices. By validating the device is both healthy and meets security policies, you can ensure they’re trustworthy – key components of the Cisco Zero Trust security approach for the workforce.
Cisco implements zero trust with a three-step methodology across the workforce, workloads and workplace by:
Establishing trust of a user, device, application, etc. – before granting access or allowing connections or communications.
Enforcing trust-based policies with granular controls based on changing context – such as the security posture of devices and the behavior of applications
Continuously verifying trust by monitoring for risky devices, policy noncompliance, behavior deviations and software vulnerabilities
With Duo and Cisco® Advanced Malware Protection (AMP) for Endpoints, organizations have the tools in place to effectively establish trust in users‘ devices connecting to protected applications. The ability to prevent, detect and respond are key elements when considering device trust in a zero-trust security approach for the workforce.
Trust Through Protection and Detection
Establishing trust extends beyond managing the status of the device to include inspecting the device and controlling access based on risk evaluations to ensure only devices that are healthy and meet your security controls are able to gain access to your corporate systems. With Duo Trusted Endpoints, you can enforce controls and policies to keep risky endpoints from accessing your applications. This includes devices that are unmanaged; don’t meet OS requirements; status of enabled security features (configured or disabled); full disk encryption.
AMP for Endpoints offers endpoint protection, advanced endpoint detection and response capabilities and a holistic view of your endpoints, regardless of operating system. AMP continuously monitors and analyzes all file and process activity within your network to find and automatically block threats that other solutions miss. It has more than 15 built-in protection and detection mechanisms to prevent threats from compromising your business. With a few clicks in AMP’s browser-based management console, the file can be blocked from running on all endpoints. AMP knows every other endpoint the file has reached, so it can quarantine the file for all users.
Available Soon – Integration between Duo Security and AMP for Endpoints
Adding AMP for Endpoints as a Trusted Endpoint in Duo provides the ability to protect applications from devices that have been flagged by AMP as an infected endpoint containing malware. This prevents access to any application that contains sensitive data reducing the risk of data loss.
Duo’s access policies will allow admins to entirely block access to devices flagged by AMP without blocking the user entirely, permitting them to access applications from an alternate device to ensure continued productivity.
The automatic isolation and blocking of compromised devices provides organizations the ability to quickly remediate potential threats, reducing their risk surface without completely interrupting user productivity.

Duo and AMP provide organizations with comprehensive tools to prevent, detect and respond to potential threats from endpoint devices, helping to establish trust in those devices.
Learn more about Cisco Zero Trust, and get started with a free trial of Duo and Cisco AMP for Endpoints to start establishing trust in your endpoints today.

The post Establishing Device Trust to Secure the Workforce appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Jeff Reed At a time when cybercrime costs three times more than natural disasters globally1, the demands on security are constantly growing. Whether you’re asked to protect a workforce that roams anywhere, a workplace that is digitized, or workloads that run wherever, your disparate security solutions are creating discord and an untenable level of complexity.
At Cisco, we’ve been on a quest to change that, and we believe we’re uniquely positioned to redefine security. As you’re innovating to build your future, we’re innovating to keep it secure — by creating a comprehensive platform approach and continuously evolving our security technologies.
That’s why I’m excited today to share some of the recent innovations across our security portfolio. With a cloud-powered platform approach in mind, these enhancements are designed to break down silos between SecOps, NetOps, and ITOps and free up your time by:
Simplifying your firewalling experience with more consistent policy management with cloud-native environments and cloud-based logging.
Accelerating your cloud adoption with new secure web gateway and firewall services in the cloud, deployed through a single IPsec tunnel.
Future-proofing your security with an industry-validated zero-trust approach for your workforce, workloads, and workplace, while integrating threat context.
Simplifying your breach defense experience with more visibility and actions for threat response, plus new services delivered by Cisco experts to help augment your team.

Experience the future of firewalling
As you’re moving applications into the cloud, the NetOps‘ job is expanding to include cloud-native firewalls. Securing all control points across this multicloud environment should not feel like reinventing the wheel. We’re simplifying the experience and enabling NetOps to maintain consistent policies across firewalls, and into the cloud, starting with support for AWS, with more cloud providers roadmapped. Additionally, to help you easily maintain consistent policies as you’re adopting SD-WAN, we’ve simplified policy management for Meraki MX, one of our SD-WAN solutions. Just a few clicks, that’s all it takes to seamlessly harmonize policies across your hybrid environment.
We’re also improving visibility and making compliance easier with cloud-based logging for our NGFWs. This new capability aggregates and centralizes the on-prem and cloud logs so you can search, filter, and sort them, accelerating investigations while ensuring your organization complies with industry regulations.
The increased user connectivity to the cloud creates new demands for faster speeds, so we’re raising the bar with our appliances as well. The latest models of our NGFWs offer a 3X performance boost over previous appliances and optimize the performance-to-price ratio to keep your network — and business — running smoothly and securely.
Accelerate cloud adoption securely
To help you transition to the cloud successfully— and protect any user, anywhere they connect to the internet — while saving a considerable amount of resources, we’ve consolidated a broad range of security services into a single, cloud-delivered security solution and dashboard. Alongside DNS-layer security, CASB, and interactive threat intelligence services, we’ve added secure web gateway and firewall services to our cloud security solution to deliver deeper visibility and control over all ports and protocols, even encrypted web traffic.
The secure web gateway (full proxy) provides complete web traffic visibility, control, and protection — with capabilities like decrypting and scanning files on any site, filtering out inappropriate or malicious URLs, sandboxing unknown files, and blocking applications or app functions.
With this comprehensive set of functionalities, you can rely on us for the full security stack at smaller branches as you adopt SD-WAN. A single configuration in our networking product dashboards deploys DNS-layer security across hundreds of network devices, including SD-WAN. Additionally, a single IPsec tunnel deploys secure web gateway and firewall from any network device, including SD-WAN. Our integrated approach and Anycast routing can efficiently protect your branch users, connected devices, and application usage from all internet breakouts with 100% business uptime.
Secure access with a zero-trust approach
We have been working over the past year to create a more comprehensive zero-trust framework. Based on customer feedback, we focused on securing three key pillars: workforce, workloads, and workplace. We are thrilled that Forrester recognized our strides and named Cisco a leader in the recently released Forrester Wave among Zero Trust eXtended Ecosystem Platform Providers. As the analyst report noted, “Cisco excels in zero trust with a renewed and targeted focus … and is well-positioned as a prominent zero-trust player.”
We continue to innovate in this space and are reducing risks based on device trust by integrating our threat-detection capabilities with multi-factor authentication. The majority of breaches originate on the endpoint, but what if ITOps could establish trust in a user device before it’s allowed any access to sensitive resources? By safeguarding against vulnerable or compromised endpoints and blocking their access, you’ll be able to better detect and respond to malware threats as well as prevent data breaches.
Adopt breach defense everywhere
Taking endpoint defense one step farther, we added the ability to isolate an endpoint, which stops malware from spreading while giving SecOps time to remediate without losing forensics data, or simply giving ITOps time to troubleshoot an unknown issue. Making breach defense less overwhelming, endpoint isolation empowers incident investigators to uncover endpoint data that wasn’t available before — using advanced search with more than 300 query parameters, such as listing applications with high memory utilization.
Malware is also a growing problem at the network level because adversaries have learned to hide behind encrypted traffic. We’ve extended the capability to analyze encrypted traffic behavior into the cloud, providing higher fidelity of threat protection and enabling cryptographic compliance. At the same time, we’re simplifying investigations, giving you deeper visibility at multiple layers, and helping you respond quicker across different vectors by integrating network security analytics with our unified threat response application.
If you need help preparing for and responding to attacks, you can augment your team with our incident response services, now part of Talos. You know Talos as the team who’s constantly researching new threats on your behalf, and now they can integrate that intel even faster across our entire portfolio — benefitting not only retainer customers but everyone. For even leaner teams that need next-level support, we’re adding managed threat detection and response services to help you leverage your Cisco Security investments 24x7x365.
Several of these innovations are industry firsts, and we’re excited to offer customers new ways to better manage their growing business demands. I encourage you to take a closer look at these enhancements and discover how they can make your security an enabler rather than a barrier.
Get Started
Ready to experience for yourself how Cisco can simplify your experience, accelerate your success, and secure your future?
Simplify security and respond to threats with a few clicks using the free Cisco Threat Response application, available for all our solutions as part of our platform approach.
Experience the future of firewalling — see how easy it is to harmonize firewall policies with a free trial to Cisco Defense Orchestrator and learn more about the new Firepower Next-Generation Firewall.
Accelerate your cloud adoption, starting with a free trial of Umbrella, our comprehensive cloud-security solution.
Start with securing your workforce with a zero-trust approach using a Duo free trial.
Enable SecOps to detect, investigate, and respond to threats more efficiently with a free trial to Advanced Malware Protection (AMP) for Endpoints, and get better visibility into encrypted traffic with a free trial to Stealthwatch, our network traffic security analytics solution.
Augment your team and improve your readiness for attacks with Talos Incident Response and our managed security

Source:
1Allianz Risk Barometer, 2019

The post Securing Your Future by Innovating Today appeared first on Cisco Blogs.

Source:: Cisco Security Notice

Source:: Innovaphone

Ab sofort sind unsere bewährten Wandplaner in der 2020er Version verfügbar.

Erhältlich sind die Kalender kostenfrei bei uns im Büro, oder bei unseren Vertriebsmitarbeitern.

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Oct 25 and Nov 1. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More
Reference:
TRU11012019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice