Tech giant Cisco is bulking up its enterprise security offerings with a new endpoint security tool. The company launched Cisco AMP for Endpoints as part of its annual Cisco Partner Summit taking place in San Francisco this week.
The new tool aims to combine prevention, detection, and response into a single platform that takes a more aggressive approach to security than a prevention-only strategy.
“By leveraging the scale and power of the cloud and Cisco’s threat-centric security architecture, AMP for Endpoints (pictured above) allows customers to see and stop more threats, faster,” the company said in a statement.
A New Approach to Endpoint Security
The company was critical of other tools that adopt a prevention-only strategy, arguing that taking such a relatively passive attitude toward security was inappropriate given the modern landscape of threats in the cyber world. This is partly due to an overreliance on legacy tools that may have been patched with additional upgrades over time but are still not suited to protecting modern network infrastructure yet add to the complexity of security solutions.
“With the fact that it takes enterprises, on average, over 100 days to detect a threat in their own environment, it is clear that organizations need a new approach to endpoint security,” the company said.
AMP for Endpoints will provide enterprises with a simpler and more effective solution for endpoint security by combining prevention, detection and response in one SaaS-deployed, cloud-managed solution, according to Cisco. The new tool reduces complexity by combining multiple capabilities into a single platform, the company aaid.
More Effective Responses
To boost the prevention capabilities of AMP for Endpoints, Cisco is giving the tool access to global threat intelligence from Talos, its in-house cybersecurity intelligence organization. It will also include built-in sandboxing technology to quarantine and analyze unknown files, the company said.
AMP will also offer greater visibility and faster detection through continuous monitoring and shared analytics to detect stealth attacks, according to Cisco. AMP for Endpoints will record all file activity to monitor and detect malicious behavior, which it can then use to alert security teams. The platform shares and correlates threat information in real time, which should help reduce time to detection to minutes, the company said.
In addition, Cisco said AMP will offer enterprises a more effective response, thanks to the platform’s deep visibility and a detailed recorded history of the behavior of malware over time, including details such as where it came from, where it has been, and what it has been doing.
AMP for Endpoints accelerates investigations and reduces complexity through a cloud-based user interface that searches across all enterprise endpoints for Indicators of compromise, Cisco said. Users can then systemically respond to attacks across PCs, Macs, Linux and mobile devices, removing malware with a few clicks.