Cisco Security: Sourcefire Deep Dive Cisco Quick Hit Briefing Brian Avery Territory Business...

Cisco Security: Sourcefire Deep Dive

Cisco Quick Hit Briefing

Brian AveryTerritory Business Manager, Cisco

This session was recorded via Cisco WebEx! You can watch the live session recording via the following URL:

https://acecloud.webex.com/acecloud/lsr.php?RCID=48db113ab90b4883aef8d5641c47d8ca

Thanks for your interest and participation!




Cisco Security: Sourcefire Deep Dive

Cisco Quick Hit Briefing

Brian AveryTerritory Business Manager, Cisco

Connect using the audio conference box or you can call into the meeting:

1. Toll-Free: (866) 432-9903

2. Enter Meeting ID: 300 430 485and your attendee ID number.

3. Press “1” to join the conference.

Presentation Agenda

► Quick Hits and Customer Education

► Security in the 21st Century

► Conclusion

► Cisco Security Overview

► Sourcefire Deep DiveAbout Your HostBrian AveryTerritory Business Manager, Cisco Systems, Inc.

[email protected]

Cisco Confidential 4C97-731719-02 © 2014 Cisco and/or its affiliates. All rights reserved.

What Is a Quick Hit Briefing?

• A weekly partner briefing series designed for Cisco Commercial Territory partners

• Concise, relevant updates on:

• Cisco products and solutions

• Partner programs and promotions

• Partner Enablement – Demand Generation, Selling Skills, Closing Tools, etc.

• Welcome to Quick Hit Briefing #137– 28,222 attendees and growing!


Customer-facing WebEx Events - Let us sell for you!

Next event – Wednesday Nov 11th @ 1:30 p.m.You've Already Been Hacked. Now What? Cisco Next-Gen Security Can Help

Registration link | Invitation

Invite your customers to attend and we will notify you if they do!

Access registration links, invites and replays at: http://cs.co/cisco101

NEW! Cisco Customer Education Series (CCE)

https://acecloud.webex.com/acecloud/j.php?J=306072345&PW=CCEvent

http://www.ciscofiles.com/cce/cce_11112015.oft

http://cs.co/cisco101


Security in the 21st Century

7C97-734160-01 © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

The Reality: Organizations Are Under Attack

1990 1995 2000 2005 2010 2015 2020

Viruses1990–2000

Worms2000–2005

Spyware and Rootkits2005–Today

APTs CyberwareToday +

Phishing, Low Sophistication Hacking Becomes

an Industry Sophisticated Attacks, Complex Landscape

of large companies targeted by malicious traffic95% of organizations interacted

with websites hosting malware100% Cybercrime is lucrative, barrier to entry is low Hackers are smarter and have the resources to compromise your organization Malware is more sophisticated Organizations face tens of thousands of new malware samples per hour

Source: 2014 Cisco Annual Security Report


Dynamic Threat Landscape

It is a Community that hides in plain sight

avoids detection, and attacks swiftly

60%of data is stolen in hours

54%of breaches

remain undiscoveredfor months

100%of companies connect to domains that host

malicious files or services


Your customer says…

“I am just a small fish in a BIG pond.”

10Cisco ASA for SMB and Distributed Enterprise Presentation | © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Yet organizations of every size are targets

Adversaries are attacking you And using youBy targeting your organization’s: To attack your enterprise customers and partners:

Customer data

Intellectual property

Company secrets

60% of UK small businesses were compromised in 2014

(2014 Information Security Breaches Survey)

100% of corporate networks examined had malicious traffic

(Cisco 2014 Annual Security Report)

41% of targeted attacks are against organizations with fewer than 500 employees

(July 2014 The National Cyber Security Alliance (NCSA)


If you knew you were going to be compromised, would you do security differently?

12© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Cisco Security Overview


Defending Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum

Attack Continuum

BeforeDiscover EnforceHarden

DuringDetect Block Defend

AfterScope

ContainRemediate

Network Endpoint Mobile Virtual Cloud Email & Web

Point in Time Continuous



Attack Continuum



AfterScope

ContainRemediate

FireSIGHT and pxGrid

ASA VPN

NGFW Meraki

Advanced Malware Protection

Network as Enforcer

NGIPS

ESA/WSA

CWSSecure Access + Identity Services ThreatGRID



Comprehensive Security Requires

Breach PreventionRapid Breach Detection, Response, Remediation

Threat Intelligence

Source: http://www.pcworld.com/article/2109210/report-average-of-82-000-new-malware-threats-per-day-in-2013.html

http://www.pcworld.com/article/2109210/report-average-of-82-000-new-malware-threats-per-day-in-2013.html


Cisco Sourcefire



Cisco Advanced Malware ProtectionBuilt on unmatched collective security intelligence

1.6 millionglobal sensors

100 TBof data received per day

150 million+ deployed endpoints

600engineers, technicians, and researchers

35% worldwide email traffic

13 billionweb requests

24x7x365 operations

4.3 billion web blocks per day

40+ languages

1.1 million incoming malware samples per day

AMP Community

Private/Public Threat Feeds

Talos Security Intelligence

AMP Threat Grid Intelligence

AMP Threat Grid Dynamic Analysis10 million files/month

Advanced Microsoft and Industry Disclosures

Snort and ClamAV Open Source Communities

AEGIS Program

Email Endpoints Web Networks IPS Devices

WWW Automatic Updates in real time

101000 0110 00 0111000 111010011 101 1100001 1101100001110001110 1001 1101 1110011 0110011 101000 0110 00

1001 1101 1110011 0110011 101000 0110 00

101000 0110 00 0111000 111010011 101 1100001 1100001110001110 1001 1101 1110011 0110011 10100

1001 1101 1110011 0110011 101000 0110 00

Cisco® Collective Security

IntelligenceCisco Collective

Security Intelligence Cloud

AMPAdvanced Malware Protection


Cisco AMP Threat Grid Feeds Dynamic Malware Analysis and Threat Intelligence to the AMP Solution

Cisco® AMP Threat Grid platform

correlates the sample result with

millions of other samples and

billions of artifacts

Actionable threat content and intelligence is generated that can be utilized by AMP, or packaged and integrated into a variety of existing systems or used independently.

1100001110001110 1001 1101 1110011 0110011 101000 0110 00

101000 0110 00 0111000 111010011 101 1100001 110

1001 1101 1110011 0110011 101000 0110 00

Analyst or system (API) submits suspicious sample to Threat Grid

Low Prevalence Files

An automated engine observes, deconstructs, and analyzes using multiple techniques

Actionable threat content and intelligence is generated that can be packaged and integrated in to a variety of existing systems or

used independently.

AMP Threat Grid platform correlates the sample result with millions

of other samples and billions of artifacts

101000 0110 00 0111000 111010011 101 1100001 110

101000 0110 00 0111000 111010011 101 1100001 110

1001 1101 1110011 0110011 101000 0110 00

Threat Score/Behavioral IndicatorsBig Data Correlation

Threat Feeds

Sample and Artifact Intelligence Database

Actionable Intelligence

Proprietary techniques for static and dynamic analysis

“Outside looking in” approach

350 Behavioral Indicators


Unique to Cisco® AMP

Cisco AMP Delivers a Better Approach

Point-in-Time Protection

File Reputation, Sandboxing, and Behavioral Detection

Retrospective Security

Continuous Analysis


Cisco AMP Defends With Reputation Filtering And Behavioral Detection

Point-in-Time Detection Retrospective Security

Cisco Collective Security Intelligence

Continuous ProtectionReputation Filtering Behavioral Detection

Dynamic Analysis

Machine Learning

Fuzzy Finger-printing

Advanced Analytics

One-to-OneSignature

Indications of Compromise

Device Flow Correlation


Dynamic Analysis

Machine Learning


Advanced Analytics

One-to-OneSignature



Reputation Filtering Behavioral Detection

Dynamic Analysis

Machine Learning


Advanced Analytics

One-to-OneSignature



Reputation Filtering Is Built On Three Features



Unknown file is encountered, signature is analyzed, sent to cloud

1

File is not known to be malicious and is admitted 2

Unknown file is encountered, signature is analyzed, sent to cloud

3

File signature is known to be malicious and is prevented from entering the system

4

Collective Security Intelligence Cloud


Dynamic Analysis

Machine Learning


Advanced Analytics

One-to-OneSignature







Fingerprint of file is analyzed and determined to be malicious 1

Malicious file is not allowed entry2

Polymorphic form of the same file tries to enter the system 3

The fingerprints of the two files are compared and found to be similar to one another

4

Polymorphic malware is denied entry based on its similarity to known malware

5


Dynamic Analysis

Machine Learning


Advanced Analytics

One-to-OneSignature







Machine Learning Decision Tree

Possible clean file

Possible malware

Confirmed malware

Confirmed clean file

Confirmed clean file

Confirmed malware

Metadata of unknown file is sent to the cloud to be analyzed1

Metadata is recognized as possible malware2

File is compared to known malware and is confirmed as malware

3

Metadata of a second unknown file is sent to cloud to be analyzed

4

Metadata is similar to known clean file, possibly clean5

File is confirmed as a clean file after being compared to a similarly clean file

6


Dynamic Analysis

Machine Learning


Advanced Analytics



Behavioral Detection Is Built On Four Features




File of unknown disposition is encountered1

File replicates itself and this information is communicated to the cloud

2

File communicates with malicious IP addresses or starts downloading files with known malware disposition

3

Combination of activities indicates a compromise and the behavior is reported to the cloud and AMP client

4

These indications are prioritized and reported to security team as possible compromise

5


Dynamic Analysis

Machine Learning

Advanced Analytics







Collective User Base

AMP Threat Grid Sandbox

Dynamic Analysis Engine executes unknown files in on-premises or cloud sandboxes powered by Cisco® AMP Threat Grid

1

Two files are determined to be malware, one is confirmed as clean

2

Intelligence Cloud is updated with analysis results, and retrospective alerts are broadcast to users

3


Dynamic Analysis

Advanced Analytics






Collective User Base


Cisco® AMP Threat Grid Analysis

Receives information regarding software unidentified by Reputation Filtering appliances

1

Receives context regarding unknown software from Collective User Base

2

Analyzes file in light of the information and context provided3

Identifies the advanced malware and communicates the new signature to the user base

4


Dynamic Analysis

Advanced Analytics






IP: 64.233.160.0

Device Flow Correlation monitors communications of a host on the network

1

Two unknown files are seen communicating with a particular IP address

2

One is sending information to the IP address, the other is receiving commands from the IP address

3

Collective Security Intelligence Cloud recognizes the external IP as a confirmed, malicious site

4

Unknown files are identified as malware because of the association

5


Cisco AMP Delivers A Better Approach

Unique to Cisco® AMP

Point-in-Time Protection

File Reputation, Sandboxing, and Behavioral Detection

Retrospective Security

Continuous Analysis


Cisco AMP Defends With Retrospective Security



To be effective, you have to be everywhere

Continuously


Why Continuous Protection Is Necessary

0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110

1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00

Web

WWW

Endpoints NetworkEmail Devices

Gateways

File Fingerprint and Metadata

Process Information

Continuous feed

Continuous analysis

File and Network I/O

Breadth and Control points:

Telemetry Stream



Talos + Threat Grid Intelligence



Context Enforcement Continuous Analysis

Who What

Where When

How

Event History

Collective Security Intelligence




Cisco AMP Defends With Retrospective Security



TrajectoryBehavioralIndications

of Compromise

Elastic Search

Continuous Analysis

Attack Chain Weaving



of Compromise

BreachHunting

Continuous Analysis


Retrospective Security Is Built On…



Performs analysis the first time a file is seen

1

Persistently analyzes the file over time to see if the disposition is changed

2

Giving unmatched visibility into the path, actions, or communications that are associated with a particular piece of software

3



of Compromise

BreachHunting

Continuous Analysis





Uses retrospective capabilities in three ways:

File Trajectory records the trajectory of the software from device to device

File Trajectory1

Process Monitoring monitors the I/O activity of all devices on the system

Communications Monitoring monitors which applications are performing actions

Attack Chain Weaving analyzes the data collected by File Trajectory, Process, and Communication Monitoring to provide a new level of threat intelligence

Process Monitoring2

Communications Monitoring3



of Compromise

BreachHunting

Continuous Analysis





Behavioral Indications of Compromise uses continuous analysis and retrospection to monitor systems for suspicious and unexplained activity… not just signatures!

Using the power of Attack Chain Weaving, Cisco® AMP is able to recognize patterns and activities of a given file, and identify an action to look for across your environment rather than a file fingerprint or signature

An unknown file is admitted into the network

1The unknown file copies itself to multiple machines

2Duplicates content from the hard drive

3Sends duplicate content to anunknown IP address

4



of Compromise

BreachHunting





File trajectory automatically records propagation of the file across the network


Computer

Virtual Machine

Mobile

Mobile

Virtual Machine Computer

Network


Mobile

Mobile

File TrajectoryUnknown file is downloaded to device1

Fingerprint is recorded and sent to cloud for analysis2

The unknown file travels across the network to different devices

3

Sandbox analytics determines the file is malicious and notifies all devices

4

If file is deemed malicious, file trajectory can provide insight into which hosts are infected, and it provides greater visibility into the extent of an infection

5



of Compromise

BreachHunting




Computer

Unknown file is downloaded to a particular device

1

The file executes2

Device trajectory records this, the parent processes lineage and all actions performed by the file

3

File is convicted as malicious and the user is alerted to the root cause and extent of the compromise

4

Drive #1 Drive #2 Drive #3

Device Trajectory



of Compromise

ElasticSearch




Elastic Search is the ability to use the indicators generated by Behavioral IoCs to monitor and search for threats across an environment

1

When a threat is identified, it can be used to search for and identify if that threat exists anywhere else

2

This function enables quick searches to aid in the detection of files that remain unknown but are malicious

3


Cisco AMP Provides Contextual Awareness and Visibility That Allows You to Take Control of an Attack Before It Causes Damage

These applications are affected

What

The breach affected these areas

Where

This is the scope of exposure over time

When

Here is the origin and progression of the threat

How

Focus on these users first

Who


Cisco AMP Everywhere Strategy Means Protection Across the Extended Network

AMPAdvanced Malware

Protection

AMP for Networks

AMP on Web & Email Security Appliances

AMP on Cisco® ASA Firewall with FirePOWER Services

AMP for Endpoints

AMP for Cloud Web Security & Hosted Email

AMP Private Cloud Virtual Appliance

MAC OS

Windows OS Android Mobile

Virtual

CWS

AMP Threat Grid Malware Analysis + Threat

Intelligence EngineAppliance or Cloud

*AMP for Endpoints can be launched from AnyConnect


There Are Several Ways You Can Deploy AMP

AMPAdvanced Malware Protection

Deployment Options

AMP on Email and Web; Cisco® ASA; CWS

AMP for Networks(AMP on FirePOWER Network Appliance)

AMP for Endpoints AMP Private Cloud Virtual Appliance

Method License with ESA, WSA, CWS, or ASA customers

Snap into your networkInstall lightweight connector on endpoints

On-premises Virtual Appliance

Ideal for New or existing Cisco CWS, Email /Web Security, ASA customers

IPS/NGFW customers

Windows, Windows OS for POS, Mac, Android, virtual machines; can also deploy from AnyConnect client

High-Privacy Environments

Details

ESA/WSA: Prime visibility into email/web

CWS: web and advanced malware protection in a cloud-delivered service

AMP capabilities on ASA with FirePOWER Services

Wide visibility inside network

Broad selection of features- before, during, and after an attack

Comprehensive threat protection and response

Granular visibility and control

Widest selection of AMP features

Private Cloud option for those with high-privacy requirements

Can deploy full air-gapped mode or cloud proxy mode

For endpoints and networks

Windows/MAC Mobile Virtual


Protection Across Networks

The Network platform uses indications of compromise, file analysis, and in this example file trajectory to show you exactly how malicious files have moved across the environment

Endpoint

Content

Network

WWW


Protection Across Endpoints

The Endpoint platform has device trajectory, elastic search, and outbreak control, which in this example is shown quarantining recently detected malware on a device that has the AMP for Endpoints connector installed

Endpoint

Content

Network

WWW


Protection Across Web and Email

Cisco® AMP for Web and Email protects against malware threats in web and email traffic by blocking known malware and issuing retrospective alerts when unknown files are convicted

Endpoint

Content

Network

WWW

Conclusion



Attack Continuum



AfterScope

ContainRemediate

Network Endpoint Mobile Virtual Cloud Email & Web

Point in Time Continuous


Only Cisco Security Can Deliver…Visibility and Control Across the Full Attack Continuum

Attack Continuum



AfterScope

ContainRemediate

FireSIGHT and pxGrid

ASA VPN

NGFW Meraki


Network as Enforcer

NGIPS

ESA/WSA

CWSSecure Access + Identity Services ThreatGRID


Are You Able to Defend Against Advanced Malware?

Assess your customers’ current level of endpoint protection

Assess your customers’ current level of network protection

Can your customers detect advanced malware in web and email? 1

2

3


Determine hardware requirements and configuration changes

Select POV length and delivery

Schedule kick-off meeting

Establish a timeframe and installation datefor POV

Get Started Now

Offer your customers a Proof-of-Value (POV) deployment1

2

3

4

5


http://www.cisco.com/web/partners/specializations/security-arch.html




Need Assistance Getting Cisco Express Security Specialized?

Call your Cisco Distributor

They will navigate with you, through the specialization requirementsThey host/sponsor the required AM & SE specialization classes

Offering FREE* ASA 5506

Enable you to complete Security Network Assessments –$1,500 spiff available

http://www.cisco.com/web/partners/specializations/express-security/index.html





• Advanced Malware Protection

• Cisco AMP Threat Grid - Appliances

• Cisco AMP Threat Grid - Cloud

• Cisco Advanced Malware Protection Virtual Private Cloud Appliance

• Cisco Advanced Malware Protection for Endpoints

• Cisco Advanced Malware Protection for Networks

Sourcefire Resources

http://www.cisco.com/c/en/us/products/security/advanced-malware-protection/index.html

http://www.cisco.com/c/en/us/products/security/advanced-malware-protection/index.html

http://www.cisco.com/c/en/us/products/security/amp-threat-grid-appliances/index.html

http://www.cisco.com/c/en/us/products/security/amp-threat-grid-cloud/index.html

http://www.cisco.com/c/en/us/products/security/fireamp-private-cloud-virtual-appliance/index.html

http://www.cisco.com/c/en/us/products/security/fireamp-endpoints/index.html

http://www.cisco.com/c/en/us/products/security/amp-appliances/index.html


Customer Case Studies

• Playlist of all Customer Testimonials on AMP

• John Chambers on Cisco Security and AMP

• SHSU.uses AMP for Endpoints

• Gartner Video-on-Demand: Strategies to Combat Advanced Threats featuring Cisco AMP

• ADP uses ThreatGrid https://www.youtube.com/watch?v=x7c21CgyH3o&feature=youtu.be


http://www.cisco.com/c/en/us/solutions/enterprise-networks/advanced-malware-protection/amp-testimonials.html

https://communities.cisco.com/community/technology/security/news_and_virtual_experiences?event=v1_2015?keycode=000736154

https://www.youtube.com/watch?v=RjPB__9BIww&list=PL6FEA443253B44EC2&index=3

https://www.youtube.com/watch?v=RjPB__9BIww&list=PL6FEA443253B44EC2&index=3

http://event.on24.com/r.htm?e=967685&s=1&k=4186D6FACFDC6074464854F397EECBD1

http://event.on24.com/r.htm?e=967685&s=1&k=4186D6FACFDC6074464854F397EECBD1

https://www.youtube.com/watch?v=x7c21CgyH3o&feature=youtu.be

https://www.youtube.com/watch?v=x7c21CgyH3o&feature=youtu.be


AMP Demos /Videos

• AMP + Threat Grid External Launch Video

• AMP for Endpoints Overview Video

• NSS Labs Breach Detection System test

• AMP for Networks Overview Video

• AMP on Techwise TV June 2015

• AMP Threat Grid Overview Video

• AMP Overview in 4 Minutes: Meet Tom, the IT Security Guy


https://www.youtube.com/watch?v=L2NRz34uvBM&feature=youtu.be

https://www.youtube.com/watch?v=L2NRz34uvBM&feature=youtu.be

https://www.youtube.com/watch?v=gfIIczWAF7o&list=PL6FEA443253B44EC2&index=3

https://www.youtube.com/watch?v=cwqpolbN_7I&feature=youtu.be&list=PL6FEA443253B44EC2

https://www.youtube.com/watch?v=HmWapzC-t2s&index=4&list=PL6FEA443253B44EC2

http://www.cisco.com/web/learning/le21/onlineevts/offers/twtv/en/twtv173/ondemand.html




https://www.youtube.com/watch?v=Ltk-uwyfjLA&list=PL6FEA443253B44EC2&index=1

https://www.youtube.com/watch?v=7lbl7DXWSs4&list=PL6FEA443253B44EC2&index=10

https://www.youtube.com/watch?v=7lbl7DXWSs4&list=PL6FEA443253B44EC2&index=10


Updated Data Sheets, At-a-Glances, Infographic, Whitepapers

• AMP Solution Overview

• AMP Solution AAG

• AMP for Networks: Data Sheet | AAG

• AMP for Endpoints: Data Sheet | AAG

• Security Everywhere Whitepaper (direct link)

• AMP Threat Grid Solution Overview

• AMP Threat Grid – Appliance: Data Sheet | AAG

• AMP Threat Grid – Cloud: Data Sheet

• Malware Infographic


http://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/advanced-malware-protection/solution-overview-c22-734228.pdf

http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/advanced-malware-protection/at-a-glance-c45-731876.pdf

http://www.cisco.com/c/en/us/products/security/amp-appliances/datasheet-listing.html

http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/advanced-malware-protection/at-a-glance-c45-731875.pdf

http://www.cisco.com/c/en/us/products/collateral/security/fireamp-endpoints/datasheet-c78-733181.pdf

http://www.cisco.com/c/en/us/products/security/fireamp-endpoints/at-a-glance-listing.html

http://www.cisco.com/web/offers/pdfs/security-everywhere-whitepaper.pdf

http://www.cisco.com/c/en/us/solutions/collateral/enterprise-networks/amp-threat-grid/solution-overview-c22-734156.pdf

http://www.cisco.com/c/en/us/products/collateral/security/amp-threat-grid-cloud/datasheet-c78-733495.pdf

http://www.cisco.com/c/dam/en/us/products/collateral/security/amp-threat-grid-cloud/at-a-glance-c45-733452.pdf

http://www.cisco.com/c/en/us/products/collateral/security/amp-threat-grid-cloud/datasheet-c78-733495.pdf

http://www.slideshare.net/CiscoSecurity/malware-n-breaches-infographic

http://www.slideshare.net/CiscoSecurity/malware-n-breaches-infographic

Cisco Confidential 59© 2013-2014 Cisco and/or its affiliates. All rights reserved.

Invite Your Customers to the next CCE Event Next event – Wednesday Nov 11th @ 1:30 p.m.

You've Already Been Hacked. Now What? Cisco Next-Gen Security Can Help

Registration link | Invitation Invite your customers to attend and we will notify you if they do! Access registration links, replays at: http://cs.co/cisco101

Call to Action

https://acecloud.webex.com/acecloud/j.php?J=306072345&PW=CCEvent

http://www.ciscofiles.com/cce/cce_11112015.oft

http://cs.co/cisco101


Join Us Next Week!

Next Quick Hit BriefingBig Data = Big $$$$ - Learn how to Monetize Big Data with Cisco

Thursday Nov 5th, 2015 at 9:30 ET

Check http://cs.co/quickhit for registration links and replays

Thank you.


Appendix: How AMP Works


How Cisco AMP Works: Network File Trajectory Use Case


An unknown file is present on IP: 10.4.10.183, having been downloaded from Firefox


At 10:57, the unknown file is from IP 10.4.10.183 to IP: 10.5.11.8


Seven hours later the file is then transferred to a third device (10.3.4.51) using an SMB application


The file is copied yet again onto a fourth device (10.5.60.66) through the same SMB application a half hour later


The Cisco® Collective Security Intelligence Cloud has learned this file is malicious and a retrospective event is raised for all four devices immediately.


At the same time, a device with the AMP for Endpoints connector reacts to the retrospective event and immediately stops and quarantines the newly detected malware


Eight hours after the first attack, the Malware tries to re-enter the system through the original point of entry but is recognized and blocked.

Cisco Security: Sourcefire Deep Dive Cisco Quick Hit Briefing Brian Avery Territory Business...

Documents

Transcript of Cisco Security: Sourcefire Deep Dive Cisco Quick Hit Briefing Brian Avery Territory Business...