Category Archives: automation

Why Endpoint Security Matters in Protecting Remote Workers – Part 1

As customers secure their remote workers, they tell us they are getting better visibility, better efficacy and getting time back!

Enabling your workforce to work securely on any endpoint, anywhere, at any time is more important now than ever before. And as such, Cisco has recently offered a new Cisco Secure Remote Worker solution that unifies user and endpoint protection at scale, making it easy to verify, enable secure access and defend remote workers at anytime from anywhere. Cisco AMP for Endpoints is a key component of and plays a critical role in this new solution.

To best describe this critical role, we recently conducted an endpoint survey to get our customer’s thoughts on the value that AMP for Endpoints brings to their business, and therefore to the Secure Remote Worker solution. This first blog of a 4 blog series summarizes the top 3 business values our customers highlighted. Later, in the next 3 blogs we will provide an in-depth look at each one of these values and demonstrate why they are so effective.

Now let’s look at these top 3 business values from the endpoint survey; each described in challenges, why it’s important to customers, the customer comments and how AMP for Endpoints helps.

Business Value #1: Better visibility into endpoints

Customer challenge:  My endpoints are under constant attack through phishing attempts, advanced persistent threats (APTs) and exploits. I want to arm my team with actionable insights.

Why it’s important: If you can’t see what’s in your endpoints, you really don’t know what malware exists or what malware type is there. If not, your team will spend an inordinate amount of time attempting to eradicate threats and be subject to lateral movement.

How Cisco helps: AMP for Endpoints, as part of the Cisco SecureX platform, provides seamless integration with other security technologies, backed by Talos threat intelligence, to help you block, detect, investigate, and respond to threats across your entire environment – not just at your endpoints.

Business Value #2: Better efficacy

Customer challenge:  I want tools refined enough and accurate enough so I can understand what malware may be on my endpoints so my team can take the appropriate action.

Why it’s important: I don’t want my team wasting time on false positives and I want to see accurate clear threat intelligence so my team can determine what the priority level is and what steps to take and feel confident about it. And clearly the process needs to be in sync with best practices such as the MITRE ATT&CK framework.

 How Cisco helps: Block known threats automatically using machine learning, exploit prevention, file reputation, antivirus, and a wide array of other attack prevention techniques that will stop both fileless and file-based attacks in their tracks – as proof of this Cisco AMP for Endpoints earned high marks in malware protection tests, while achieving the lowest false positives in the first AV Comparatives Business Main Test Series for 2020. You can count on AMP for Endpoint delivering consistent security efficacy, enabling you to get superior protection from advanced threats.

Business Value #3: Get time back

Customer challenge: I want my team to spend less time on each incident in their everyday workflows so they can do more with less effort.

Why it’s important: With better tools that are complementary to my security infrastructure and that actively leverage automation, enables my team to maximize our security investments, and respond faster to threats on my endpoints instead of spending time on manual, error prone tasks.

How Cisco helps: AMP for Endpoints, and the underlying platform, enable you to increase the efficiency and precision of your existing resources via automation. You can multiply your threat hunting capabilities by connecting your security infrastructure to get more value from your existing investments. This provides you with the best ability to orchestrate and automate your threat response capability in a timelier manner, and thus gives you time back to focus on more strategic efforts.

For the next entry in this series

In the next blog entry of this series we will provide a deep dive into the first of the 3 business values described above and demonstrate how our customers are getting the results they need.

In the meantime, please visit the TechValidate Survey to see examples of what our customer’s challenges were, and in their own words, express how they were able to achieve their business goals with Cisco AMP for Endpoints as part of the Cisco SecureX platform.

The post Why Endpoint Security Matters in Protecting Remote Workers – Part 1 appeared first on Cisco Blogs.

With the threat landscape continuously changing, businesses must be ready for anything

Despite efforts by organizations to layer up their cyber defenses, the threat landscape is changing, attackers are innovating and automating their attacks, NTT reveals. The threat landscape is changing Referencing the COVID-19 pandemic, the report highlights the challenges that businesses face as cyber criminals look to gain from the global crisis and the importance of secure-by-design and cyber-resilience. The attack data indicates that 55% of all attacks in 2019 were a combination of web-application and … More

The post With the threat landscape continuously changing, businesses must be ready for anything appeared first on Help Net Security.

Security and the rapidly growing importance of mobile apps

Organizations are under more pressure than ever before to rapidly produce both new apps and updates to existing apps, not only because it’s essentially the only way they can interact with their customers, but also because there will be a flood of new users who previously relied on physical locations to conduct their business. Continuous mobile development is now more critical than ever, and organizations must provide error-free, engaging user experiences. In the rush to … More

The post Security and the rapidly growing importance of mobile apps appeared first on Help Net Security.

Cisco Threat Response takes the leap with SecureX

Reimagine the grocery delivery experience

Even in typical times, grocery and household shopping is time consuming. Especially, if you need to visit multiple stores – a main supermarket for your basics, a specialty store to accommodate diet restrictions, and another for bulk items. In a fast-paced world – with time spent working, family caregiving, and other responsibilities – grocery shopping is a tedious but necessary chore…or is it? The evolution of acquiring groceries and household goods has been one to watch as grocery delivery services, such as Instacart and Shipt, is increasingly relevant. These companies have each built a platform with a network of grocery providers to solve the problem – a simple and efficient way for customers to purchase groceries without having to leave their homes.

Now let’s take grocery shopping to the next level. What if you didn’t even need to proactively browse items and put them in your Instacart grocery order. Imagine if your “smart” refrigerator had sensors to detect inventory levels, and connected to Instacart, your recipes, and meal planning apps. Groceries could be ordered automatically or on-demand based on the menu you’ve planned and what you actually need. One platform with all of your apps integrated and automated to simplify not only your grocery shopping experience but your entire cooking experience. This and many other platform experiences have been developing over the last several years to bring two (or more) sides of a connection together with more efficiency and use cases.

What does grocery shopping have in common with cybersecurity?

The cybersecurity industry is ripe for this type of innovation. We all know that the industry has historically been quite fragmented – at last count, an estimated 3000+ vendors are in this space and customers use, on average, 75 security tools[1]. What does that mean for your security teams? Multiple tools share limited context between them with incomplete, labor-intensive workflows. Going back to the grocery experience, this is akin to visiting seven different stores in one day to tackle a shopping list for each store, and hoping you don’t miss an item. Also consider high lifecycle costs associated with maintaining interoperability, which is often limited. When you need to take into account an ever-evolving threat landscape and attack surface, this trend is not sustainable.

A platform journey two years in the making

Nearly two years ago, Cisco Threat Response debuted to combat this problem for Security Operations teams. As a valuable add-on application to several Cisco Security products — at no additional cost – Threat Response accelerated investigations and remediation by aggregating and correlating intelligence and data across your security products, both Cisco and third party. Threat Response has helped nearly 9,000 customers simplify their security operations. As Don Bryant, CISO for The University of North Carolina at Pembroke, says, “Having a holistic security platform has helped us simplify and accelerate our security operations. All of our tools seamlessly integrated through Threat Response gives us one view into our layered protection and valuable time back.”

Cisco Threat Response application for threat investigation and remediation
Figure 1: Cisco Threat Response application for threat investigation and remediation

As background, Threat Response provides a visual, real-time answer for if, and how, threats have impacted your environment, so, you can take first-strike response actions in the same interface. Security operations teams use Threat Response to:

  • Aggregate global threat intelligence: Search, consume, and operationalize threat intelligence, both public and private sources, with one application.
  • Accelerate threat hunting and investigations: Visualize threats and incidents across multiple technologies in one view, then take response actions without leaving the console.
  • Simplify incident management: Coordinate security incident handling across technologies and teams by centralizing and correlating alerts and triaging those that are high priority.

Now we’re continuing our mission of simplifying security and building on Threat Response core capabilities with SecureX, a built-in platform experience included with Cisco Security products. SecureX will make life even easier for Security Operations, and will also benefit Network Operations and IT Operations. Let’s talk about this evolution.

Is SecureX just a cool new name for Threat Response?

Since we announced SecureX at RSA Conference in February, you might be wondering, what’s the difference between Threat Response and SecureX? Are they one and the same – and SecureX is just a sleek rebranding?

The short answer is no. If Threat Response is like the Instacart of today, SecureX is the reimagined seamless grocery shopping experience we’ve envisioned above. Whether it’s the grocery or cybersecurity industry, the goal is always simplification. SecureX builds upon Threat Response’s core concepts of integrating your security products – both Cisco and third-party tools – to simplify security operations. Leveraging the success of Threat Response with Security Operations teams, SecureX takes this foundation to the next level to drive collaboration between SecOps, NetOps, and ITOps. SecureX simplifies security through:

Unifying visibility across your entire security environment.

Enabling automation in workflows to maximize your operational efficiency by eliminating repetitive tasks and human error.

Adding more out-of-box interoperability to unlock new potential from your Cisco Security investments and cascade them across your existing security infrastructure.

SecureX connects your entire security infrastructure
Figure 2: SecureX connects your entire security infrastructure

Enhanced Threat Response capabilities, now part of SecureX

Now as a key component of SecureX, Threat Response is enhanced to unlock even more value from your investments. Here’s how:

  • You already know that Threat Response aggregates and correlates security context from multiple technologies into a single view, but now as SecureX threat response, users will have a customizable dashboard with ROI metrics and operational measures. And when you leave the dashboard, SecureX follows you to maintain contextual awareness and improve collaboration wherever you are in your Cisco Security infrastructure.
  • Users will now be able to cut down investigation time even further by automating threat hunting and investigation workflows. With the orchestration feature in SecureX, users can set up event-based triggers to periodically hunt for indicators of compromise, create or add to a casebook, and post a summary in a chat room for collaboration.
  • Threat Response had been rapidly growing its partner ecosystem, and SecureX not only expands the ecosystem instantly upon commercial availability but extends past it to include your core infrastructure. Together, our out-of-box interoperability with built-in and pre-packaged integrations from Cisco or select technology partners reduces the time spent integrating multiple technologies, or worse, working across multiple consoles. We’ll continue to support custom integrations via APIs, so any of the features of SecureX will work with your existing investments.

Similar to the reimagined grocery experience, SecureX brings greater efficiency and simplification in the midst of major market forces. The enhanced visibility, automation, and integrated platform capabilities with SecureX threat response further reduces mean dwell time by accelerating investigations and MTTR for SecOps. Without having to swivel between multiple consoles or do the heavy lifting integrating disjointed technologies, you can speed time to value and reduce TCO. SecureX will enable better collaboration across SecOps, NetOps, and ITOps – and ultimately simplify your threat response.

To get warmed up for SecureX access next month, activate Cisco Threat Response today!

[1] Momentum Cyber Cybersecurity Almanac 2019

The post Cisco Threat Response takes the leap with SecureX appeared first on Cisco Blogs.