Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Cisco Extends Endpoint Protection With Advanced Email Security

    By
    Sean Michael Kerner
    -
    April 16, 2018
    Share
    Facebook
    Twitter
    Linkedin
      Cisco AMP for Endpoints Visibility

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Cisco announced on April 16 a series of enhancements to its Advanced Malware Protection (AMP) for Endpoints platform that provide improved email security and visibility capabilities.

      The new capabilities include Cisco Visibility, which provides a threat hunting capability to AMP for Endpoints, enabling security professionals to gather insights for investigations. Fileless malware detection and prevention has also been enhanced, as has email security with advanced phishing and domain protection services. The new email security features in AMP for Endpoints come to Cisco by way of an OEM integration with email security vendor Agari, which former Cisco executives founded in 2009.

      Jason Lamar, senior director in Cisco’s Security Business Group, said Cisco has had secure email gateway technology since it acquired IronPort in 2007. What Cisco had been missing is a Domain-based Message Authentication, Reporting and Conformance (DMARC) email authentication capability. 

      DMARC is a protocol that helps protect the integrity and authenticity of email. With the new domain protection services in AMP for Endpoints, Cisco is providing capabilities to enable organizations to set up DMARC for their own domains.

      “Through our OEM agreement with Agari, we are enhancing our email security product,” Lamar told eWEEK. “Agari has solid traction in the marketplace and the best technology to help protect our customers’ company domains from being misused as the delivery mechanism of malicious emails, as well as protect their internal users from phishing and spoofing attacks from emails with suspect senders.”

      Cisco is also using Agari’s technology to provide an advanced phishing protection technology that also benefits from DMARC. What happens with phishing emails is that organizations get third-party actors that send email that looks like email that is sent within the company, according to Lamar.

      “By implementing our DMARC-compliant email authentication service, the email gateway will not accept emails that are not authenticated,” he said.

      Fileless Malware 

      An increasingly popular form of attack is malware that does not make use of file, but rather executes entirely in memory. One of the most common fileless attack vectors is the use of PowerShell scripts, which is something that AMP for Endpoints can now help to defend against as well. Lamar explained that the new fileless malware prevention is part of a new engine that is available in AMP for Endpoints.

      “The engine watches when an application and all its resources load into memory, then it copies and randomizes the data,” Lamar said. “After creating the new memory structure, the engine creates a decoy of the original memory structure.”

      The fileless malware engine steers legitimate code to the correct memory structure and directs malicious code that is potentially using PowerShell to the decoy, where the exploit is neutralized and blocked, he added.  

      Cisco Visibility

      Another enhanced capability that has landed in AMP for Endpoints is Cisco Visibility, which includes threat intelligence from third-party vendors as well as Cisco’s Talos research group. In addition, Cisco Visibility provides threat hunting capabilities, Lamar said.

      “Going forward, we will have the ability to turn on other endpoint detection and response tools that are API-driven so companies can pull in their existing tools for additional context and correlation,” he said.

      AMP for Endpoints now also protects organizations against unauthorized cryptocurrency mining operations. Lamar said Cisco has integrated indicators of compromise (IOCs) into AMP to detect unauthorized cryptocurrency mining activities.

      “We correlate proxy log detections with a cloud-based proxy log analysis tool, and correlate with endpoint activity in AMP,” he said.

      The cryptocurrency blocking is further enabled with Cisco’s Umbrella cloud security platform, which has a category in it already that can block the communication channels back to the cryptocurrency mining domain. 

      “Cisco Umbrella is the first line of defense to help prevent malware from being downloaded. Cisco AMP for Endpoints is essentially the last line of defense in case malware gets installed in the machine agent,” Lamar said. “With our technology, AMP, the technology will detect and stop the malware from running on the endpoint.” 

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×