Arraya Insights | November 16, 2016
Two members of Arraya’s leadership team recently made the journey from our corporate HQ to San Francisco, CA for Cisco’s Partner Summit 2016. This yearly, invite-only event brings together Cisco partners from around the world to network, discuss strategies, and get a look at the new technologies waiting on the horizon. Upon their return, our leadership team members had plenty to share concerning digital transformation, new licensing models, and, of course, cybersecurity.
One cybersecurity update in particular from the Partner Summit that caught our attention was the AMP for Endpoints announcement. This news acknowledged many organizations are going about building malware defense strategies the wrong way. The way people connect to their business, their coworkers, and perform the basic functions of their job have all modernized while defense strategies haven’t always followed suit.
That’s how you end up with figures that indicate, on average, it takes organizations more than 100 days to detect a threat in their environment. Think of the amount of damage cybercriminals can inflict with a more than three-month-long head start.
How will deploying AMP for Endpoints pay off?
So how does AMP for Endpoints help alleviate this? Let’s go through four common endpoint security issues – and study how AMP is capable of solving them.
- Solutions that only face outward. Obviously the ideal is to keep threats on the outside looking in. But what happens if a threat breaches a company’s outer defenses? Cue the flashback to that 100-day figure. AMP for Endpoints does both. It works to repel threats while also monitoring the interior, across endpoints, for suspicious activity in case something should get in.
- Attackers outpace defenders. Cybercriminals are able to change tactics quickly, often leaving cybersecurity pros struggling to keep up. AMP for Endpoints is supported by Cisco’s Talos group, which uses global big data tactics to detect and catalogue threats as they emerge. That information is stored in a detailed history of malware types and behavior patterns which is then relayed to AMP for Endpoints in real time, effectively leveling the cybersecurity playing field.
- Limited endpoint coverage. End users aren’t connecting to the business in a uniform way. Everyone has their device type of choice and this has opened up a wide array of possible attack vectors for cybercriminals. AMP for Endpoints addresses this by covering devices running Windows, Mac OS, Android, and more, ensuring user flexibility without sacrificing security.
- Security at the expense of performance. There are few better ways to undermine the credibility of a security solution than if employees start to see it as a hindrance rather than a help. If technology fails to perform at the same levels it did before a cybersecurity solution was deployed, their complaints could hit close to home. AMP for Endpoints is SaaS-based, meaning with the help of AMP’s lightweight connector, it performs checks in the cloud and not on devices themselves, resulting in no negative impact on performance.
Cancel out cybercriminals’ head start
There’s no doubt 100 days is far too long for a threat to go unnoticed and unaddressed. AMP for Endpoints functions as part of Cisco’s larger cybersecurity architecture to shrink that time frame down to something much more acceptable. It does this by coordinating data across the Cisco cybersecurity solutions that make up that architecture, including, but not limited to, the entire AMP family. The result of this synchronized knowledge-sharing effort is a time to detection (TTD) rate that drops from more than three months to less than three minutes in almost 92% of cases.
Arraya’s award-winning Cisco Practice has helped businesses from all industries architect and deploy highly-secure, intelligent solutions. No matter where your business is on its cybersecurity journey, our team has the knowledge and experience to help.