Cybercrime is escalating dramatically, with much of the increase driven by attacks that exploit vulnerabilities in endpoint devices such as PCs, laptops and smartphones. More than 40 percent of global organizations reported a major security incident stemming from a compromised endpoint in the last two years, according to a recent Cisco study on endpoint security.
Attackers are exploiting the increased use of endpoint devices by massive numbers of remote and mobile users. According to one recent study, a typical organization today supports an average of 750 network-connected devices — although nearly a third of respondents admitted they don’t know how many endpoints their organizations have.
The federal government is taking the threat seriously. Following President Biden’s May 2021 executive order aimed at improving the nation’s cybersecurity, the Office of Management and Budget (OMB) has ordered government agencies to work with the Cybersecurity and Infrastructure Security Agency (CISA) on endpoint detection and response (EDR) solutions that can improve early detection, response and remediation of threats.
Bypassing the Perimeter
Once a network-connected device is compromised, attackers can circumvent perimeter security controls such as firewall rules and network access restrictions. They can then maintain persistent access while moving laterally through the network. This activity often appears legitimate to conventional signature-based antivirus solutions that only look for known patterns or traits that have been previously identified and indexed as malware.
Although state and local government agencies aren’t bound by the OMB’s directive, they should still consider following the feds’ lead. EDR solutions such as Cisco Secure Endpoint (formerly AMP for Endpoint) use machine learning (ML) and continuous monitoring to identify stealthy threats that evade the usual signs of an infection.
Unlike traditional signature-based tools, Secure Endpoint is trained by ML algorithms to “learn” to identify malicious files and activity based on a variety of traits. With real-time monitoring, behavioral analysis and automated response capabilities, Secure Endpoint can help detect and stop emerging threats such as fileless malware, polymorphic malware, advanced persistent threats, PowerShell attacks, phishing and ransomware.
When a known threat is identified, Secure Endpoint triggers rules-based responses such as sending an alert or automatically disconnecting the device from the network. Additionally, data about all identified and suspected threats is recorded in a central database for further analysis and investigation.
Cisco’s Enhanced Protections
Unfortunately, first-generation EDR solutions had a reputation for producing high numbers of false positive alerts. In a 2018 Bitdefender survey of U.S. chief information security officers (CISOs)found that 76 percent said their current endpoint security and EDR solutions were contributing to alert fatigue.
Cisco addressed that shortcoming by integrating extended detection and response (XDR) capabilities into Secure Endpoint. Advanced automation and analytics capabilities allow Secure Endpoint to unify real-time security data from multiple functional silos such as servers, firewalls, endpoints, cloud instances and threat intelligence sources. The result is a single-pane-of-glass view of security data that allows IT teams to rapidly detect and respond to stealthy threats.
With a Premier license, agencies can also gain threat-hunting capabilities with Secure Endpoint. Using a powerful cloud-based analytics platform, the Cisco solution identifies an attack’s unique tactics, techniques and procedures (TTPs) — information it can then use actively hunt for similar threats sitting undetected in the network and disrupt them in advance of an attack.
City, state and county government entities have become increasingly popular targets for ransomware and other attacks, and endpoint vulnerabilities are often the attack vector of choice. Let us show you how Cisco Secure Endpoint can augment your perimeter security measures and boost your overall security posture.
