Cisco Systems at RSA Conference 2018 significantly expanded its Advanced Malware Protection (AMP) for Endpoints cloud security service by adding support for machine learning algorithms, analytics and modeling capabilities that collectively serve to thwart spear phishing and other types of cyberattacks launched via email.
In addition, Cisco announced it has developed a new engine that continuously protects against ransomware encryption and propagation, including those attacks launched using fileless malware. Built directly into AMP, this capability works both online and offline with no ongoing tuning or adjustments required by cybersecurity professionals to stop these threats, the company said.
Cisco is also adding a Cisco Visibility module enabling cybersecurity teams to create a visual map of a successful cybersecurity breach using security events ingested from both Cisco and third-party threat intelligence services.
Finally, Cisco announced support for the Domain-Based Message Authentication, Reporting, and Conformance (DMARC), an email authentication standard that prevents corporate entities from having their URLs compromised, and expanded its alliance with ConnectWise, a provider of professional services automation (PSA) software that is widely employed by managed service providers (MSPs). Any MSP that uses the ConnectWise platform will be able to directly manage both Cisco security and networking services exposed as a cloud service by Cisco.
Jason Lamar, senior director of product management for security for Cisco, said Cisco AMP for Endpoints is designed to prevent spear phishing attacks from ever getting in front of a user. That approach eliminates the chance of users being tricked into downloading content consisting of, for example, ransomware, Lamar said.
He added that while most endpoint protection offerings block 99 percent of threats, Cisco AMP for Endpoints addresses that extra 1 percent of attacks other offerings miss.
A recent survey of 3,600 chief security officers (CSOs) and security operations (SecOps) managers conducted by Cisco finds the volume of instances in which cybercriminals are employing encryption to hide malware has increased more than 50 percent. In total, Cisco said it has discovered a threefold increase in encrypted network communication in malware samples inspected over a 12-month period. Cisco AMP for Endpoints is intended to close this avenue of attack before it becomes epidemic, said Lamar.
In general, cybersecurity has become an arms race. Cybercriminals employ thousands of creative hackers to generate emails that look legitimate to even the most senior employees. Cybercriminals also have the financial wherewithal the invest in everything from bots that automate attacks at scale to scanners employing machine learning algorithms to discover vulnerabilities resulting from applications being unpatched.
The only way to combat those threats is to rely more on cloud services infused with machine learning algorithms. Those algorithms only become effective, however, when they can analyze massive amounts of data, which in turn can only be cost-effectively aggregated in the cloud.
Cisco is betting that it will be in a better position to aggregate that data as it traverses the network than any other vendor. Of course, however, Cisco is not the only vendor with similar ambitions to come out on top once this latest cybersecurity arms race comes to an end.