A layered defense strategy has long been a core tenet of information security. But with cyber threats rising and exploits growing more diverse, it’s now more critical than ever that IT security teams incorporate a range of detection and remediation methods throughout the enterprise network — including endpoint security for malware protection.
Signature-based antivirus and firewalls, after all, often prove ineffective against the targeted threats that federal agencies face. With attackers frequently targeting specific users and endpoints—and growing increasingly sophisticated and resourceful at doing so—bolstering your security posture requires solutions that go beyond traditional defenses. That doesn’t mean throwing out your existing security stack—it means embracing new solutions designed to integrate with and maximize your existing investments. Here’s how two federal agencies made that happen.
Threat intelligence grows increasingly prominent among organizations determined to develop a proactive security strategy and is critical to endpoint security in particular. Amidst the hype, however, it’s also become an industry buzzword, overshadowing its actual importance.
Threat intelligence involves collecting data from the internet and internal networks, identifying emerging threats and ongoing attacks, and then correlating that data to an organization’s IT environment and security posture. The result? A defense strategy informed by today’s ever-evolving threat landscape.
One federal agency—charged with financial oversight and economic development—had existing network-layer firewalls and web security appliances (WSAs), but wanted another layer of protection: Namely, an endpoint security solution that not only prevents, detects and responds to breaches, but one informed by real-time threat intelligence data—and with good reason.
Entrusted with safeguarding huge stores of financial data, this agency presents an alluring target for would-be cybercriminals. A breach could be catastrophic, not only for the agency, but for millions of American citizens whose personal financial data could be jeopardized simply by the click of a mouse. With so much at stake, this agency must continuously adapt to a high volume of daily and diverse cyberattacks, sometimes numbering in the thousands.
In recent years, personal devices have changed the endpoint security equation. With the line between organizational assets and employees’ personal computing permanently blurred, the security perimeter has been essentially decimated.
In a BYOD environment, vulnerabilities in employee’s personal devices can lead to comprises and breaches of an organization’s entire network. This federal client already had existing email security appliances (ESAs) and network-layer protection, but wanted to strengthen their defense to cover users working from personal devices.
The agency’s existing ESA worked by scanning all incoming email messages and attachments for malware and phishing symptoms. Their network-layer protections also flagged and blocked malicious traffic as it entered the enterprise network. But neither of these solutions protected the organization from employees working on devices outside the network perimeter—for instance, home offices or public wireless networks.
Like many organizations with a BYOD policy, the agency still grappled with an inadequate “perimeter defense.” Lacking the appropriate security measures, employees working remotely could easily and inadvertently download malware and subsequently upload it to the agency’s network the next time they connected.
Both agencies needed a robust, proactive endpoint security solution that protected their networks from endpoint attacks both within and outside the network perimeter. Moreover, both wanted a solution informed by real-time threat intelligence, allowing them to prevent, detect and respond to threats and breaches as they occur.
Ultimately, both agencies opted for Cisco AMP, an endpoint security solution backed by one of the world’s most prolific threat intelligence organizations, Talos. The Talos team of security experts examines millions of data samples sourced daily from across the web to identify and reverse-engineer malware. The resulting threat intelligence and real-time threat signatures are automatically fed to a large portfolio of security products, AMP included.
By combining robust threat intelligence with optimal network visibility and response capabilities, AMP offers a proactive defense against even the latest threats and attacks. And because this solution integrates easily with their existing security stacks, both agencies avoided a costly, time-intensive rip and replace of their existing technology. Most importantly: These agencies’ data stores—not to mention millions of American citizens—are better protected from constant endpoint attacks.