Cisco Secure Endpoint Overview
Cisco AMP for Endpoints, now rebranded as Cisco Secure Endpoint, is a comprehensive endpoint security solution designed to protect a wide range of devices, including desktops, laptops, servers, and mobile devices running on Windows, Mac, Linux, Android, and iOS.
Primary Function
Cisco Secure Endpoint is engineered to prevent breaches, block malware at the point of entry, and continuously monitor and analyze endpoint activity and behaviors. This solution integrates prevention, detection, threat hunting, and response capabilities into a single-agent architecture, leveraging the power of cloud-based analytics.
Key Features and Functionality
Antivirus and Malware Protection
- Secure Endpoint includes constantly updated, definition-based antivirus engines that operate locally on each endpoint, ensuring protection both online and offline. It also features custom signature-based detection, allowing administrators to enforce blocklists and deliver specific control capabilities.
Behavioral Protection
- The solution employs enhanced behavioral analysis that continually monitors all user and endpoint activity in real-time. This feature matches streams of activity records against dynamically updated attack activity patterns to protect against malicious behavior, including the use of living-off-the-land tools and ransomware.
Advanced Threat Detection
- Secure Endpoint uses multiple detection engines, including:
- TETRA: A full client-side antivirus solution (though disabled by default if another antivirus is present).
- Spero: A machine learning-based technology that identifies unknown threats based on their general appearance.
- Ethos: A “fuzzy fingerprinting” engine that uses static or passive heuristics to detect malware.
Polymorphic Malware Detection
- The solution can detect variations of the same malware through loose fingerprinting, which looks for similarities between suspicious files and known malware families.
Script Protection
- Secure Endpoint provides visibility into scripts executing on endpoints and protects against script-based attacks by preventing certain scripting DLLs from being loaded by commonly exploited applications.
Device Control
- Administrators can control the usage of USB mass storage devices, review device connect/disconnect events, and define granular rules to manage device usage.
Host Firewall
- The solution allows for the management of firewall rules centrally, enabling or blocking network connections using IPv4 and IPv6 5-tuple rules or application-based rules for greater control.
Cloud-Based Sandbox Analysis
- Secure Endpoint automatically analyzes unique executables with low prevalence across endpoints in a cloud-based sandbox to uncover new and evasive threats.
Vulnerability Management
- For customers on Advantage or Premier Tier, the solution integrates with Cisco Vulnerability Management (formerly Kenna Security) to identify known OS and application vulnerabilities, helping to proactively reduce the attack surface.
File Reputation
- Secure Endpoint maintains a comprehensive database of every file ever seen, allowing for the quick quarantine of known malware at the point of entry without processor-intensive scanning.
Response and Remediation
- The solution enables rapid detection, containment, and remediation of threats through its integrated response capabilities, including the ability to restore quarantined files and push installs of connectors to endpoints.
Conclusion
In summary, Cisco Secure Endpoint (formerly AMP for Endpoints) is a robust endpoint security solution that offers a multifaceted approach to protecting endpoints against a wide range of cyber threats, leveraging advanced technologies such as behavioral analysis, machine learning, and cloud-based analytics.