Arraya Insights | August 22, 2018
Let’s say you have Cisco’s Advanced Malware Protection (AMP) keeping an eye on your corporate network – so you’re good, right? After all, AMP promises to be a cyber security difference-maker, catching the 1% of threats legacy defensive tools miss. Here’s the thing, even though AMP can absolutely be the missing piece that helps your security environment take the final step up from 99% efficiency, it is not a tool you should set and forget.
In order to get the best value from your deployment, you should perform regular AMP health assessments. These assessments are an excellent opportunity to ensure your AMP solution is operating at top efficiency and in accordance with industry best practices. What should you look for during an assessment? Here’s a checklist of steps you can take in pursuit of Cisco AMP optimization.
- Ensure all AMP client software is up to date. As far as advice goes, this is fairly 101. However, keeping AMP software up to date is the only way to prepare it to go up against the advanced tactics and tools deployed by today’s cyber criminals. Without a doubt, this is the best place to start any assessment.
- Secure all AMP admin credentials. Multifactor authentication (MFA) is a best practice for all corporate (and personal) accounts. It is especially wise to use on any accounts granted AMP admin privileges. These accounts hold a tremendous amount of power over what comes and goes on your network and, as such, they must be kept safe.
- Schedule weekly scans for off-hours. IT should program weekly scans to launch during a device’s off-hours and to investigate the entire machine for malware. Such scans can be resource-intensive, leading to frustrating slowdowns and delays if performed during busy hours. The most effective security programs are the ones that function as partnerships with end users and this is a great way to keep them on your side.
- Tune notifications to the proper frequency. If danger is near, users – and more importantly – security needs to know about it. AMP admins must ensure notifications are in place to let users know about hazards they encounter – and that those alerts are properly customized to the environment. Additionally, a line of communication must extend to IT or security teams so that they remain acutely aware of what their users are seeing in the field.
- Enable (and review) monthly trend reports. AMP optimization should include activating the solution’s reporting capabilities. Doing so will keep you informed of everything AMP has caught and encountered. These reports can be invaluable to helping shape future cyber security initiatives – if they are actually reviewed. Separate from the health assessment, you should set time aside to parse through AMP’s logs regularly in search of malicious trends.
- Audit organizational AMP feature usage. AMP includes tools that can help organizations stay safe, it’s just a matter of using them. During a Cisco AMP optimization assessment, you should look to the feature sets your company frequently uses and those it doesn’t to ensure you’re not leaving value on the table. One tool you should be taking advantage of is AMP’s file analysis feature. This can shed light on the origins of malicious activity, leading to faster issue remediation.
- Weed out conflicts between AMP and other security solutions. AMP’s performance can degrade due to conflicts between it and legacy anti-virus utilities. You should take a look at AMP’s settings and configure them to exclude anti-virus directories from its scans – and vice versa. Not doing so can lead to one solution classifying another’s critical data as malicious, increasing false alarms and, potentially, breaking something.
Next steps: Don’t face Cisco AMP optimization alone
These are just some of the ways in which businesses can execute a Cisco AMP optimization initiative. If you’d like to learn more about the above steps – or need a hand performing your own Cisco AMP health assessment, reach out to Arraya Solutions today. Our team has the experience needed to ensure you’re getting the most out of your deployment. Visit https://www.arrayasolutions.com/contact-us/ to schedule your assessment now.
Leave us a comment on this or any of our blogs through social media. Arraya can be found on LinkedIn, Twitter, and Facebook. Once you’ve let us know what you think, follow us to stay updated on our industry insights and learning opportunities.