Done shopping? You can create a PDF of your cart for later or for your purchasing dept! Details at checkout.
- Malicious activity protection
AMP for Endpoints continually monitors all endpoint activity and provides run-time detection and blocking of abnormal behavior of a running program on the endpoint. For example, when endpoint behavior indicates ransomware, the offending processes are terminated, preventing endpoint encryption and stopping the attack.
- Cloud-based indicators of compromise
Cisco's industry-leading threat intelligence organization, Talos, constantly analyzes malware to discover new threat types and build behavioral and forensic profiles for emerging threats, otherwise known as Indicators of Compromise (IoCs). The forensic data, such as file locations or modifications to registry key values, are all data that AMP for Endpoints can use to help administrators identify systems that have been breached.
- Host-based IoCs
Administrators can write their own custom IoCs for use in incident response to scan for postcompromise indicators across the entire endpoint deployment. Custom IoCs are written in an open standard format (OpenIOC) making it easy to leverage data from any existing intelligence feeds.
AMP for Endpoints identifies vulnerable software across your environment to help reduce the attack surface. Endpoints running vulnerable software are listed out and are given priority based on industry CVE (Common Vulnerabilities and Exposures) scoring: the more severe a vulnerability, the more prominent it will be on the list. This provides administrators with a list of all hosts that need to be patched to prevent future exploit.
- Low prevalence
AMP for Endpoints will automatically identify executables that exist in low numbers across your endpoints and analyze those samples in the cloud-based sandbox to uncover new threats. Targeted malware or advanced persistent threats will often fly under the radar and start on only a few endpoints, but with low prevalence, AMP for Endpoints will automatically threat hunt to help easily uncover the 1% of threats that would have otherwise gone unnoticed.
- Cognitive intelligence
AMP for Endpoints performs agentless detections when deployed alongside a compatible web proxy through cognitive intelligence. This uses machine learning and artificial intelligence to correlate traffic generated by users to reliably identify command and control traffic, data exfiltration, and possibly unwanted applications already operating in the environment. For example, browser injection attacks, which leave no file footprint on the endpoint, can be identified based on their web traffic, which cognitive intelligence will see and analyze. Being agentless, cognitive intelligence also provides administrators visibility into any Internet-connected devices that can't have a traditional endpoint security agent deployed onto them.
Cisco Advanced Malware Protection (AMP) for Endpoints integrates prevention, detection, and response capabilities in a single solution, leveraging the power of cloud-based analytics. AMP for Endpoints will protect your Windows, Mac, Linux, Android, and iOS devices through a public or private cloud deployment.
In the rapidly evolving world of malware, threats are becoming harder and harder to detect. The most advanced 1% of these threats, those that will eventually enter and wreak havoc in your network, could potentially go undetected. However, AMP for Endpoints provides comprehensive protection against that 1%. This security software prevents breaches, blocks malware at the point of entry, and continuously monitors and analyzes file and process activity to rapidly detect, contain, and remediate threats that can evade front-line defenses.