Cisco AMP Endpoints 1 AÑO 25-99 Users
FP-AMP-1Y-S1
Licencia de Cisco AMP(Advanced Malware Protection). Duración: 1 Año. Precio de licencia por Usuario. Modalidad válida de 25 a 99 usuarios. Características:
Continuous analysis Once a file lands on the endpoint, AMP for Endpoints continues to watch, analyze, and record all file activity, regardless of the files disposition. When malicious behavior is detected, AMP shows you a recorded history of the malwares behavior over time: where it came from, where its been, and what its doing. This helps you scope the compromise and quickly respond. Continuous analysis in 4 minutes. Retrospective security Retrospective security is the ability to look back in time and trace processes, file activities, and communications in order to understand the full extent of an infection, establish root causes, and perform remediation. The need for retrospective security arises when any IoC occurs, such as an event trigger, a change in the disposition of a file, or an IoC trigger. Watch Demo Dashboards Gain visibility into your environment through a single pane of glass - with a view into hosts, devices, applications, users, files, and geolocation information, as well as advanced persistent threats (APTs), threat root causes, and other vulnerabilities - to provide a comprehensive contextual view so that you can make informed security decisions. Comprehensive global threat intelligence Cisco Talos Security Intelligence and Research Group, and Threat Grid threat intelligence feeds represent the industrys largest collection of real-time threat intelligence with the broadest visibility, the largest footprint, and the ability to put it into action across multiple security platforms. Indications of compromise File, telemetry, and intrusion events are correlated and prioritized as potentially active breaches, helping security teams to rapidly identify malware incidents and connect them to coordinated attacks. File reputation Advanced analytics and collective intelligence are gathered to determine whether a file is clean or malicious, allowing for more accurate detection. Antivirus Engine Perform offline and system-based detections, including rootkit scanning, to complement Ciscos advanced endpoint protection capabilities such as local IOC scanning, and device and network flow monitoring. The engine can be enabled and used by customers that want to consolidate their antivirus and advanced endpoint protection in one agent. File analysis and sandboxing A highly secure environment helps you execute, analyze, and test malware behavior in order to discover previously unknown zero-day threats. Integration of Threat Grids sandboxing technology into AMP for Endpoints results in more dynamic analysis checked against a larger set of behavioral indicators. Watch Demo Retrospective detection Alerts are sent when a file disposition changes after extended analysis, giving you awareness and visibility to malware that evaded initial defenses. File trajectory Continuously track file propagation over time throughout your environment in order to achieve visibility and reduce the time required to scope a malware breach. Device trajectory Continuously track activity and communication on devices and on the system level to quickly understand root causes and the history of events leading up to and after compromise. Watch Demo Elastic search A simple, unbounded search across file, telemetry, and collective security intelligence data helps you quickly understand the context and scope of exposure to an IoC or malicious application. Endpoint search A simple interface to easily and quickly search across all endpoints looking for artifacts left behind as part of the malware ecosystem, extending search capabilities beyond data stored in the cloud to the endpoint itself. Exploit Prevention Memory attacks can penetrate endpoints, and malware evades security defenses by exploiting vulnerabilities in applications and operating system processes. The Exploit Prevention feature will defend endpoints from all exploit-based, memory injection attacksincluding ransomware using in-memory techniques, web-borne attacks that use shellcode to run a payload, and zero-day attacks on software vulnerabilities yet to be patched. Low prevalence executables Display all files that have been executed across your organization, ordered by prevalence from lowest to highest, to help you surface previously undetected threats seen by a small number of users. Files executed by only a few users may be malicious (such as a targeted advanced persistent threat) or questionable applications you may not want on your extended network. Endpoint IoCs Users can submit their own IoCs to catch targeted attacks. These Endpoint IoCs let security teams perform deeper levels of investigation on lesser known advanced threats specific to applications in their environment. Vulnerabilities Identify vulnerable software and close attack pathways. This feature shows a list of hosts that contain vulnerable software, a list of the vulnerable software on each host, and the hosts most likely to be compromised. Powered by our threat intelligence and security analytics, AMP identifies vulnerable software being targeted by malware, shows you the potential exploit, and provides you with a prioritized list of hosts to patch. Command Line Visibility This feature provides visibility into what command lines arguments are used to launch executables. See into command line arguments to determine if legitimate application, including Windows utilities, are being used for malicious purposes. For instance, see if vssadmin is being used to delete shadow copies or disable safe boots; get visibility into PowerShell-based exploits; see into privilege escalation, modifications of access control lists (ACLs), and attempts to enumerate systems. Application Programming Interface (API) With a bi-directional (read and write) API enabled on AMP for Endpoints, users can more easily integrate with third-party security tools and SIEMs, and access data and events in their AMP for Endpoints account without the need to log into the management console. Outbreak control Achieve control over suspicious files or outbreaks, and quickly and surgically control and remediate an infection without waiting for a content update. Within the outbreak control feature, simple custom detections can quickly block a specific file across all or selected systems; advanced custom signatures can block families of polymorphic malware; application blocking lists can enforce application policies or contain a compromised application being used as a malware gateway and stop the re-infection cycle; custom whitelists will help ensure that safe, custom, or mission-critical applications continue to run no matter what; and device flow correlation will stop malware call-back communications at the source, especially for remote endpoints outside the corporate network. Watch Demo Integration with Threat Grid The integration of Threat Grids sandboxing technology and advanced malware analysis capabilities into AMP for Endpoints provides over 800 unique behavioral indicators analyzing the actions of a file, easy to understand threat scores, and billions of malware artifacts at your disposal for unmatched scale and coverage from global threats. No need to deploy a sandbox from a third party or worry about any type of outside integration. Integration with Cognitive Threat Analytics (CTA) Get agentless detection when AMP for Endpoints is deployed alongside a compatible web proxy, like Cisco WSA, or a third-party web proxy like Blue Coat ProxySG. See an average 30% more infections across your environment; uncover file-less or memory-only malware, and infections that live in a web browser only; catch malware before it compromises the OS-level; get visibility into devices with no AMP for Endpoints connector installed; see CTA detection events in the AMP for Endpoints management console. See Overview AMP Private Cloud Virtual Appliance AMP for Endpoints can be deployed as an on-premises, air-gapped solution built specifically for organizations with high-privacy requirements that restrict using a public cloud. Launch from AnyConnect v4.1 With a Cisco AnyConnect v4.1 remote access VPN client installed, users can elect to launch the AMP for Endpoints connector on that remote endpoint. This allows for a rapid expansion of endpoint threat protection to VPN-enabled endpoints and further minimizes the potential of an attack from a remote host. Gain more insight into remote endpoints, and accelerate remediation efforts during or after an attack.
Continuous analysis Once a file lands on the endpoint, AMP for Endpoints continues to watch, analyze, and record all file activity, regardless of the files disposition. When malicious behavior is detected, AMP shows you a recorded history of the malwares behavior over time: where it came from, where its been, and what its doing. This helps you scope the compromise and quickly respond. Continuous analysis in 4 minutes. Retrospective security Retrospective security is the ability to look back in time and trace processes, file activities, and communications in order to understand the full extent of an infection, establish root causes, and perform remediation. The need for retrospective security arises when any IoC occurs, such as an event trigger, a change in the disposition of a file, or an IoC trigger. Watch Demo Dashboards Gain visibility into your environment through a single pane of glass - with a view into hosts, devices, applications, users, files, and geolocation information, as well as advanced persistent threats (APTs), threat root causes, and other vulnerabilities - to provide a comprehensive contextual view so that you can make informed security decisions. Comprehensive global threat intelligence Cisco Talos Security Intelligence and Research Group, and Threat Grid threat intelligence feeds represent the industrys largest collection of real-time threat intelligence with the broadest visibility, the largest footprint, and the ability to put it into action across multiple security platforms. Indications of compromise File, telemetry, and intrusion events are correlated and prioritized as potentially active breaches, helping security teams to rapidly identify malware incidents and connect them to coordinated attacks. File reputation Advanced analytics and collective intelligence are gathered to determine whether a file is clean or malicious, allowing for more accurate detection. Antivirus Engine Perform offline and system-based detections, including rootkit scanning, to complement Ciscos advanced endpoint protection capabilities such as local IOC scanning, and device and network flow monitoring. The engine can be enabled and used by customers that want to consolidate their antivirus and advanced endpoint protection in one agent. File analysis and sandboxing A highly secure environment helps you execute, analyze, and test malware behavior in order to discover previously unknown zero-day threats. Integration of Threat Grids sandboxing technology into AMP for Endpoints results in more dynamic analysis checked against a larger set of behavioral indicators. Watch Demo Retrospective detection Alerts are sent when a file disposition changes after extended analysis, giving you awareness and visibility to malware that evaded initial defenses. File trajectory Continuously track file propagation over time throughout your environment in order to achieve visibility and reduce the time required to scope a malware breach. Device trajectory Continuously track activity and communication on devices and on the system level to quickly understand root causes and the history of events leading up to and after compromise. Watch Demo Elastic search A simple, unbounded search across file, telemetry, and collective security intelligence data helps you quickly understand the context and scope of exposure to an IoC or malicious application. Endpoint search A simple interface to easily and quickly search across all endpoints looking for artifacts left behind as part of the malware ecosystem, extending search capabilities beyond data stored in the cloud to the endpoint itself. Exploit Prevention Memory attacks can penetrate endpoints, and malware evades security defenses by exploiting vulnerabilities in applications and operating system processes. The Exploit Prevention feature will defend endpoints from all exploit-based, memory injection attacksincluding ransomware using in-memory techniques, web-borne attacks that use shellcode to run a payload, and zero-day attacks on software vulnerabilities yet to be patched. Low prevalence executables Display all files that have been executed across your organization, ordered by prevalence from lowest to highest, to help you surface previously undetected threats seen by a small number of users. Files executed by only a few users may be malicious (such as a targeted advanced persistent threat) or questionable applications you may not want on your extended network. Endpoint IoCs Users can submit their own IoCs to catch targeted attacks. These Endpoint IoCs let security teams perform deeper levels of investigation on lesser known advanced threats specific to applications in their environment. Vulnerabilities Identify vulnerable software and close attack pathways. This feature shows a list of hosts that contain vulnerable software, a list of the vulnerable software on each host, and the hosts most likely to be compromised. Powered by our threat intelligence and security analytics, AMP identifies vulnerable software being targeted by malware, shows you the potential exploit, and provides you with a prioritized list of hosts to patch. Command Line Visibility This feature provides visibility into what command lines arguments are used to launch executables. See into command line arguments to determine if legitimate application, including Windows utilities, are being used for malicious purposes. For instance, see if vssadmin is being used to delete shadow copies or disable safe boots; get visibility into PowerShell-based exploits; see into privilege escalation, modifications of access control lists (ACLs), and attempts to enumerate systems. Application Programming Interface (API) With a bi-directional (read and write) API enabled on AMP for Endpoints, users can more easily integrate with third-party security tools and SIEMs, and access data and events in their AMP for Endpoints account without the need to log into the management console. Outbreak control Achieve control over suspicious files or outbreaks, and quickly and surgically control and remediate an infection without waiting for a content update. Within the outbreak control feature, simple custom detections can quickly block a specific file across all or selected systems; advanced custom signatures can block families of polymorphic malware; application blocking lists can enforce application policies or contain a compromised application being used as a malware gateway and stop the re-infection cycle; custom whitelists will help ensure that safe, custom, or mission-critical applications continue to run no matter what; and device flow correlation will stop malware call-back communications at the source, especially for remote endpoints outside the corporate network. Watch Demo Integration with Threat Grid The integration of Threat Grids sandboxing technology and advanced malware analysis capabilities into AMP for Endpoints provides over 800 unique behavioral indicators analyzing the actions of a file, easy to understand threat scores, and billions of malware artifacts at your disposal for unmatched scale and coverage from global threats. No need to deploy a sandbox from a third party or worry about any type of outside integration. Integration with Cognitive Threat Analytics (CTA) Get agentless detection when AMP for Endpoints is deployed alongside a compatible web proxy, like Cisco WSA, or a third-party web proxy like Blue Coat ProxySG. See an average 30% more infections across your environment; uncover file-less or memory-only malware, and infections that live in a web browser only; catch malware before it compromises the OS-level; get visibility into devices with no AMP for Endpoints connector installed; see CTA detection events in the AMP for Endpoints management console. See Overview AMP Private Cloud Virtual Appliance AMP for Endpoints can be deployed as an on-premises, air-gapped solution built specifically for organizations with high-privacy requirements that restrict using a public cloud. Launch from AnyConnect v4.1 With a Cisco AnyConnect v4.1 remote access VPN client installed, users can elect to launch the AMP for Endpoints connector on that remote endpoint. This allows for a rapid expansion of endpoint threat protection to VPN-enabled endpoints and further minimizes the potential of an attack from a remote host. Gain more insight into remote endpoints, and accelerate remediation efforts during or after an attack.
- Fabricante
- Cisco
- Gama de producto
- Enterprise
Nuevo
16 otros productos en la misma categoría:
ELECTRÓNICA DE RED
Threat prevention subscription 3YR term HA PA850
Toca para hacer zoom
