That same team also invests a lot of time and effort into continually improving the security efficacy of the product. These improvements often come in the form of new security engines and capabilities. This blog highlights some of the enhancements that were made available in the last quarter. Device Trajectory version 2 One of the critical prerequisites for effective incident response and threat hunting is in-depth historical endpoint visibility and comprehensive data collection. Most recently we have run through multiple iterations to improve its performance, data representation, and usability even further. Customers are now able to locate spikes in endpoint activity easily representing an increase in network or file activityprecisely identify cisco amp for endpoints double-click on compromises using the improved timeline feature, and enjoy enhanced activity filter customization. Performance improvements are achieved by loading the data on demand as you scroll through the timeline allowing access to a full 30 days of historical data. On top of that, the new Device Trajectory shows a more in-depth view of the endpoint; you can now see cisco amp for endpoints full relationship mappings between clean processes and files. New search capabilities are now available as well not reflected in the video above. We sincerely thank our customers and partners for their valuable feedback provided during the open beta. Threat Severity When understanding and prioritizing alerts becomes a challenge, high-impact threats can be left without proper attention. The new threat severity feature was introduced to help security teams make better-informed incident triage and response decisions. Related events now have associated severity tags Critical, High, Medium, Low and corresponding color-coding. This is a powerful tool for gathering and pivoting cisco amp for endpoints observables, assigning names to investigations, taking notes, and much more. As a result, it provides enhanced user experience through tighter integrations. This feature is made possible by Cisco Threat Response, our new integration platform that helps you increase the efficiency and effectiveness of your existing Cisco Security investments. New Overview Page What could be more powerful for the business leaders than seeing the real-time value of their investments. The new Overview Page is designed to serve as a visual representation, that gives executives a quick and easy way to view their endpoint security state. The color-coded indicators provide an easy to parse summary of threats, compromises, vulnerabilities, and more while simultaneously allowing users to rapidly pivot into specific areas of interest. Sometimes exclusions are necessary to ensure a healthy balance of performance and security on an endpoint system. The key is that exclusions often need to be uniquely tailored to each customer environment based on business needs and security policies. Although the user interface has changed, the functionality of Exclusions stays cisco amp for endpoints the same. Exploit Prevention Enhancements Strong prevention capability is one of the most highly-desired building blocks of any endpoint security offering. That may include preventing exploits 0-day or against unpatched vulnerabilitiesevasive malware, and file-less attacks, all without relying on rules or signatures for detection. It does so by applying a truly proactive prevention technology, that does not affect system performance or imply compatibility issues. The ease of enabling Exploit Prevention and the value it provides has led to the rapid adoption, and we strive to continue improving the protection levels. Check back soon for a technical whitepaper on that strong prevention capability. Сross-Layer Analytics The value of leveraging machine learning in endpoint security is apparent. It should be clarified however, that machine learning is a part of the solution to the problem, not the solution itself. At Cisco, we achieve the best efficacy through what we call Cross-Layer Analytics, which is a combination of multiple algorithms to process diverse sets of data from both endpoint and network. One example of how it is done is by associating the process hashes and associated command line arguments used during binary execution with network communication and destination servers. That drives higher catch rates for detection of novel variants of polymorphic malware without reliance on static or dynamic analysis techniques which have their benefits and drawbacks. The threat knowledge produced by Cross-Layer Analytics is then automatically fed back into the threat actor modeling, endpoint and network data analysis phases, allowing the system to reinforce those lessons for future use. You can learn more about the capabilities and their related benefits by reviewing the blogs below. Additional New Features and Enhancements What we have described in this blog only includes the highlights of what the team has been working on in the recent months. Please see the official for more details. Check back for updates as we continue to enhance this page. While this is not comprehensive explanation, it provides a high-level view of the protection capabilities provided.
