In my final post in this series, I wanted to focus on another powerful innovation made possible by combining a big data architecture and a continuous approach for more effective protection: automated, advanced analytics.
Today's advanced malware compromises environments from an array of attack vectors, takes endless form factors, launches attacks over time, and can obfuscate the exfiltration of data. To detect advanced attacks as they move laterally through the network and across endpoints, defenders need technologies that automatically look for Indicators of Compromise (IoCs) left behind by malware and exploits, as well as more advanced behaviors of compromise that happen over time.
Cisco AMP for Endpoints delivers this level of automation through advanced behavioral detection capabilities, not with the aim of providing yet another list of alerts to investigate, but to deliver a prioritized and collated view of top areas of compromise and breach activity. A big data architecture collects and stores real-time telemetry data from the network and endpoints. A continuous approach automatically analyzes and reanalyzes data against sophisticated algorithms to look for patterns of activity as they emerge so that security teams can quickly detect and focus their efforts on the threats with the greatest potential for damage.
Some of the specific analytic capabilities this new model allows include:
Automated, advanced analytics is a transformative innovation in the battle against advanced threats. Combing big data analytics and continuous capabilities to identify patterns and indications of compromise as they emerge enables security teams to focus their efforts on the threats that matter most.
To learn more about this new model that considers detection and response not as separate disciplines or processes but as an extension of the same objective -to stop advanced threats -download the whitepaper:Continuous Endpoint Threat Detection and Response in a Point-in-Time World.