Security Products Flashcards
Advanced Malware Protection
(AMP) goes beyond point-in-time capabilities and is built to protect organizations before, during, and after an attack.
- AMP can be implemented throughout the network enabling customers to see threats once and block them everywhere
- Continuously monitors files even after they’ve been flagged as safe
- Gives customers the ability to quickly identify and remediate threats
AMP for Web Security
After a file crosses the web gateway, AMP watches, analyzes, and records its activity, regardless of its initial disposition.
AMP for Networks
Deploy AMP as a network-based solution integrated into a Cisco FP appliance or on an ASA with FP Services to block sophisticated attacks before entering the network
AMP for Email
AMP on your inboxes gives you the benefit of knowing what past emails were in fact malicious, and where exactly they were seen in your environment.
Email Security
Protects against ransomware, account compromises, spam, spoofing, & phishing by scanning in/out emails
How to pivot from AMP4EP
- Email gateways are the # 1 threat vector
- Known malicious emails are blocked before it enters the network
- Leverages TALOS intelligence (shares AMP4EP threat data)
- Ability to track users that have clicked on a malicious URL
- Protects against data loss by scanning outbound emails
- End to end email encryption
Email Security Appliance
Email Security monitors and filters all inbound and outbound email traffic using effective policy-based data loss prevention and encryption.
Cloud Email Security
Offers similar protection as an ESA but is cloud hosted for easier deployments and a lower TCO. We also guarantee performance & uptime with dedicated cloud infrastructure.
Hybrid
Hybrid model enables customers to have a blended approach of cloud and appliance based solutions. Hybrid would be used if confidential information would need to be stored on site.
Web Security
Protects users by blocking risky sites with URL filtering & testing unknown links before users click on them
- Leverages TALOS intelligence (shares AMP4EP threat data)
- Protects users when threats pass undetected through FW
- Analyzes malicious links, just not .exe files
- Comes in different delivery methods (appliance or cloud)
- Allows users to control micro applications
- Protects against malicious threats before they reach an endpoint
Web Security Appliance
Advanced threats can hide in plain sight on legitimate websites or in pop-up ads. WSA is a proxy that goes beyond basic content filtering by leveraging TALOS for real time threat intelligence.
Cloud Web Security
Offers the same protection as a WSA but is cloud hosted for easier deployment and a lower TCO.
Umbrella
Umbrella blocks malware at the DNS level by terminating the connection to malicious sites, before the traffic is able to pass through their firewall.
- How are your users protected off the network?
- Have you noticed a decline in firewall performance due to malicious traffic?
- What are you doing to protect your users from accessing malicious websites?
Cisco Umbrella provides predictive security at the DNS and IP layers, delivering internet wide visibility and protection. Umbrella prevents malware, phishing, and command & control callbacks from compromising systems or exfiltrating data over any port or protocol. In real-time, all internet activity across your organization is logged, categorized by threat and content, and then blocked when necessary. Acting as the first layer of defense for more than 12,000 organizations today, Umbrella can block threats before they even reach the network or endpoints. Plus, this cloud-delivered service can be deployed in minutes and protects devices, both on and off the corporate network. The Umbrella global infrastructure handles over 80 billion internet requests every day, which are analyzed by the security engine to learn where attacks are being staged even before the first victim is hit
Cloudlock
Cloudlock is a CASB solution that secures your cloud users, data, and 3rd party applications by combating account compromises, data breaches, and ecosystem risks.
CLOUDLOCK-SUB
- Protects companies from applications not currently monitored by AMP4EP (O365, Box, Google Apps)
- Protects against data loss and compromised users
- Helps companies maintain compliance standards
- How do you monitor sensitive data that could be stored in the cloud?
- What visibility do you have into data on 3rd party apps?
AnyConnect
AnyConnect is a secure VPN that empowers employees to work from anywhere by giving them the ability to access the corporate network securely from anywhere, at any time.
L-AC-PLS-LIC= | L-AC-APX-LIC=
- Can be used to deploy AMP4EP and Umbrella
- Is a proactive approach to threat containment as it can assess endpoint posture prior to network connection
- Grants users access to internal data away from office
- How do you assess the security posture of an endpoint before it connects to the corporate network?
ISE
Single policy control for secure access management. Creates a contextual identity by analyzing the time, user, location, type of device, and posture.
How to pivot from AMP4EP
- Gives users the ability to segment their network access based on role
- AMP quarantines the file, but ISE can quarantine and boot the user/device off the network
- Design guest access & BYOD
- How are you providing access control within your network?
- How do you protect yourself once a breach is detected?
