Cisco Public

Checklist:

Top 6 Ways Cisco Prevents Ransomware with EPP & EDRRansomware penetrates organizations in multiple ways and is becoming especially problematic with the number of attacks increasing year-over-year. Cisco protects against ransomware with an integrated platform approach across a breadth of critical control points backed by best-in-class threat intelligence and research from Talos. Ransomware protection necessitates quick prevention and works best when it is intelligence-driven to fight threats on multiple fronts.

Cisco Public

Here are the top 6 ways that Cisco protects organizations from ransomware and other cyber threats

Behavioral protectionSecure Endpoint’s enhanced behavioral analysis continually monitors all user and endpoint activity to protect against malicious behavior in real-time by matching a stream of activity records against a set of attack activity patterns which are dynamically updated as threats evolve. For example, this enables granular control and protection from the malicious use of living-off-the-land tools.

y Read more about behavioral protection

1

2

Exploit preventionMemory attacks can penetrate endpoints, and malware evades security defenses by exploiting vulnerabilities in applications and operating system processes. The exploit prevention feature will defend endpoints from exploit-based, memory injection attacks.

y Read more about exploit prevention

3 Malicious activity protection Secure Endpoint continually monitors all endpoint activity and provides run-time detection and blocking of abnormal behavior of a running program on the endpoint. For example, when endpoint behavior indicates ransomware, the offending processes are terminated, preventing endpoint encryption, and stopping the attack.

y Read more about malicious activity protection

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco, the Cisco logo, Cisco SecureX, and Talos are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, see the Trademarks page on the Cisco website. Third-party trademarks mentioned are the property of their respective owners. The use of the word “partner” does not imply a partnership relationship between Cisco and any other company. (2008R)

Cisco Public

Dynamic analysisSecure Endpoint includes a built-in, highly secure sandboxing environment, powered by Cisco Threat Grid, to analyze the behavior of suspect files. File analysis produces detailed information on files, including the severity of behaviors, the original file name, screenshots of the malware executing, and sample packet captures. Armed with this information, you’ll have a better understanding of what is necessary to contain the outbreak and block future attacks.

y Read more about Cisco Secure Malware Analytics

4

SecureX Threat HuntingA proactive analyst-centric approach to detecting hidden advanced threats. This capability is offered exclusively as part of the new Premier license tier within Secure Endpoint. It tells the incident responders a narrative of how an attack was spotted or how it evolved and what to do next in terms of response. The purpose is to discover and thwart attacks before they cause any damage.

y Sign up for a Cisco threat hunting workshop

6

5

Ransomware investigation and responseCisco SecureX is a cloud-native, built-in platform that connects our Cisco Secure portfolio and your infrastructure. It allows you to radically reduce dwell time and human-powered tasks. Cisco Talos Incident Response has developed a ransomware plan of action (PoA) specifically for incident response, which has been tested and validated in multiple, compromised environments.

y Read more about Cisco Talos Incident Response

[cta]

Start your Cisco Secure Endpoint free trial

© 2021 Cisco and/or its affiliates. All rights reserved. Cisco, the Cisco logo, Cisco SecureX, and Talos are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, see the Trademarks page on the Cisco website. Third-party trademarks mentioned are the property of their respective owners. The use of the word “partner” does not imply a partnership relationship between Cisco and any other company. (2008R)