IT comes naturally
0203 239 2476

How to Immunise your Endpoints from a Cyber attack

When things are good and your business is healthy all the functions are working effectively and everything is great. A simple pathogen in the form of ransomware could bring all that productivity to a screeching halt. Endpoints are offline for weeks as they are reimaged. Staff are paralyzed as they wait for systems to come back online. Business is lost and money is spent just to get back to square one. Many organisations burn through a financial quarter just to recover from such an outbreak. And it all starts with an endpoint infection.

How vulnerable you are to an infection? An estimated 70% of breaches start on endpoint devices. So, why do endpoints continue to be the primary point of entry for attacks? For many organisations, antivirus is the only form of endpoint protection deployed. Advanced threats can easily evade this type of protection. In fact, 65% of organisations say attacks evade the existing prevention tools deployed.

Attackers use email or hijacked websites as ways to bypass the preventative measures to gain access. Despite all the training and warnings, it is inevitable that a user is going to open a malicious attachment or click on a link they shouldn’t. Attackers bypass endpoint defences 48% of the time simply because of user error.

Attacks that evade preventative measures can go undetected in the network for several months. Since more than half of organisations are unable to pinpoint the cause of the breach, consider this:

  • Do you have visibility into every endpoint on your network?
  • If there was a breach, could you identify the origin of the attack?

Not all hope is lost. A strong first and last line of the defence goes a long way to maintain the immune system of your organisation.


Building immunity

We want to prevent infection in the first place, but if an infection were to occur, we will need a way to get deep visibility into file activity and any malicious DNS requests originating from the endpoint. Cisco AMP for Endpoints and Cisco Umbrella provide the first and last line of defence on your endpoints from such malicious attacks.

Prevent infection Cisco Umbrella is the first line of defence to protect your endpoints from downloading malware. Umbrella blocks malicious requests from a variety of attack vectors whether it is a phishing attack with a malicious link in email or an infected webpage with malware trying to download in the background.

If a file were to be downloaded on the endpoint, AMP for Endpoints is there to prevent that malicious file from infecting the machine. AMP for Endpoints blocks malware using global data analytics, exploit prevention, cloud look ups, machine learning, fuzzy fingerprinting, rootkit scanning, and a built-in antivirus engine. The infection is quarantined before it can spread to any other part of your business. It is your immune system turned up to 11.

Accelerated treatment No one solution will ever block 100% of malware infections. Our last line of defence is to identify and remediate the infection quickly and easily before it spreads among the organisation. Umbrella Investigate provides up-to-the-minute threat data and historical context about domains, IPs, and file hashes for faster investigations.

AMP for Endpoints provides device and file trajectory to see compromised devices and how the malware file behaved over time. File analysis gives you detailed information on file behaviour, which you can turn in actionable results to quarantine files and block future attacks on all endpoints.


And finally…

Preventative is your first line of defence from any potential attack. Use Cisco Umbrella and Cisco AMP for Endpoints to prevent malicious files from infecting your endpoint. Yet any malware that evades front line defences could be disastrous. That’s why Umbrella and AMP for Endpoints also provides the best response to an infected endpoint by providing the context and visibility necessary to act.


Learn more on how to immunise your endpoints with our Free Hands-on Technical Workshop: Accelerating Incident Response on

Date: Wednesday 17th January 2018 10am-1:30pm
Location: Cisco Offices Park House, 16-18 Finsbury Circus, London EC2M 7EB

At this event, you’ll learn how to:

  • Immediately validate the efficacy of a detected information security event
  • Expose and analyse unknowns operating inside the enterprise
  • Aggregate internal and external threat intelligence
  • Zero-in on the source and full scope of threats
  • Remediate malware without bringing down systems
Register Now

Share this story:

Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInPin on PinterestEmail this to someone
Comments are closed.