1 00:00:06,579 --> 00:00:08,807 - [Narrator] There have been tons of different, 2 00:00:08,807 --> 00:00:11,060 either personal firewalls, 3 00:00:11,060 --> 00:00:13,510 host intrusion prevention systems, 4 00:00:13,510 --> 00:00:14,470 antivirals, 5 00:00:14,470 --> 00:00:16,130 you know, the solutions are there, 6 00:00:16,130 --> 00:00:18,900 that you can install in your desktops, 7 00:00:18,900 --> 00:00:20,620 your laptops, your servers, 8 00:00:20,620 --> 00:00:21,800 and so on. 9 00:00:21,800 --> 00:00:23,259 However today, 10 00:00:23,259 --> 00:00:25,660 there are a lot more sophisticated software, 11 00:00:25,660 --> 00:00:28,330 that make basic antivirus, 12 00:00:28,330 --> 00:00:29,590 or personal firewalls, 13 00:00:29,590 --> 00:00:31,497 or host intrusion prevention systems, 14 00:00:31,497 --> 00:00:35,370 all that plethora of systems completely obsolete. 15 00:00:35,370 --> 00:00:36,410 For example, 16 00:00:36,410 --> 00:00:39,360 Cisco's Advanced Malware Protection for Endpoint, 17 00:00:39,360 --> 00:00:41,120 so Cisco AMP for endpoints, 18 00:00:41,120 --> 00:00:42,790 what you're seeing in the screen, 19 00:00:42,790 --> 00:00:44,920 is basically an ecosystem, 20 00:00:44,920 --> 00:00:46,770 'cause it's not only one agent, 21 00:00:46,770 --> 00:00:48,380 it's an ecosystem that basically, 22 00:00:48,380 --> 00:00:51,970 take advantage of telemetry from big data analytics, 23 00:00:51,970 --> 00:00:54,160 you know being provided from you know, 24 00:00:54,160 --> 00:00:57,492 many, many, many different agents to continuous analysis, 25 00:00:57,492 --> 00:01:01,330 advanced analytics provided by Cisco threat intelligence, 26 00:01:01,330 --> 00:01:03,023 to be able to detect, analyze, 27 00:01:03,023 --> 00:01:05,743 and stop advanced malware, 28 00:01:05,743 --> 00:01:07,850 across different types of endpoints, 29 00:01:07,850 --> 00:01:08,683 right, 30 00:01:08,683 --> 00:01:11,080 it provides these advanced malware protections, 31 00:01:11,080 --> 00:01:13,366 for many operating systems including windows, 32 00:01:13,366 --> 00:01:16,570 Mac O SX, Android, and Linux. 33 00:01:16,570 --> 00:01:19,430 Now attacks are getting really, really sophisticated, 34 00:01:19,430 --> 00:01:21,070 and very complicated, 35 00:01:21,070 --> 00:01:23,700 they can evade the traditional systems, 36 00:01:23,700 --> 00:01:25,280 and endpoint protection. 37 00:01:25,280 --> 00:01:26,113 Today's you know, 38 00:01:26,113 --> 00:01:28,320 attackers have the resources, 39 00:01:28,320 --> 00:01:29,650 the knowledge, 40 00:01:29,650 --> 00:01:31,140 and the persistence to be actually, 41 00:01:31,140 --> 00:01:34,090 be able to beat point in time detection, 42 00:01:34,090 --> 00:01:36,930 so, what we're trying to do with Cisco AMP for endpoint, 43 00:01:36,930 --> 00:01:39,130 is actually provide mitigation capabilities, 44 00:01:39,130 --> 00:01:42,380 that go beyond the point in time detection, 45 00:01:42,380 --> 00:01:44,260 it actually uses threat intelligence, 46 00:01:44,260 --> 00:01:47,424 from the Cisco Talos organization, 47 00:01:47,424 --> 00:01:50,640 to perform retrospective analysis, 48 00:01:50,640 --> 00:01:51,560 and protection, 49 00:01:51,560 --> 00:01:54,611 basically also provides device, 50 00:01:54,611 --> 00:01:57,348 and file trajectory capabilities, 51 00:01:57,348 --> 00:01:58,730 to be able to, 52 00:01:58,730 --> 00:02:00,266 you know, to show, 53 00:02:00,266 --> 00:02:01,410 to administrator, 54 00:02:01,410 --> 00:02:04,050 or to an analyst in a security operations center, 55 00:02:04,050 --> 00:02:05,560 what's actually happening, 56 00:02:05,560 --> 00:02:08,960 across the full ex spectrum of an attack. 57 00:02:08,960 --> 00:02:10,770 Now it also allows you to perform, 58 00:02:10,770 --> 00:02:13,710 a lot of different threat hunting scenarios, 59 00:02:13,710 --> 00:02:14,543 and as a matter of fact, 60 00:02:14,543 --> 00:02:15,710 what I'm showing in here, 61 00:02:15,710 --> 00:02:17,702 is the secure X threat hunting, 62 00:02:17,702 --> 00:02:19,840 you know, different incidents, 63 00:02:19,840 --> 00:02:23,900 part of the same ecosystem of the AMP four Endpoints. 64 00:02:23,900 --> 00:02:24,733 So for example, 65 00:02:24,733 --> 00:02:26,570 if I click on one of them in here, 66 00:02:26,570 --> 00:02:27,630 you see different tactics, 67 00:02:27,630 --> 00:02:28,950 and techniques that were actually, 68 00:02:28,950 --> 00:02:31,369 you know, use like Defense Evasion, 69 00:02:31,369 --> 00:02:33,230 Execution, Initial Access, 70 00:02:33,230 --> 00:02:34,480 and Persistence, 71 00:02:34,480 --> 00:02:37,340 and all these are being mapped, 72 00:02:37,340 --> 00:02:39,080 to the Mitre Attack Framework, 73 00:02:39,080 --> 00:02:39,913 right, 74 00:02:39,913 --> 00:02:41,012 so if you actually click on that, 75 00:02:41,012 --> 00:02:43,940 you will pull the specific tactic, 76 00:02:43,940 --> 00:02:46,210 and technique that you know, 77 00:02:46,210 --> 00:02:48,630 was used for this specific, 78 00:02:48,630 --> 00:02:49,500 in this case you know, 79 00:02:49,500 --> 00:02:50,700 of course the demo, 80 00:02:50,700 --> 00:02:54,170 using a file called Certutil.exe, 81 00:02:54,170 --> 00:02:55,780 that was actually executed, 82 00:02:55,780 --> 00:02:57,370 by another file, 83 00:02:57,370 --> 00:02:58,460 or by another process, 84 00:02:58,460 --> 00:02:59,510 is the scheduled task, 85 00:02:59,510 --> 00:03:01,730 a process within a windows environment, 86 00:03:01,730 --> 00:03:02,563 right, 87 00:03:02,563 --> 00:03:04,020 it actually tells you in here, 88 00:03:04,020 --> 00:03:06,980 you know, basically that the whole details about a case, 89 00:03:06,980 --> 00:03:09,930 so it goes beyond just detecting that, 90 00:03:09,930 --> 00:03:13,250 hey there's might be a signature based detection, 91 00:03:13,250 --> 00:03:14,860 like most antivirus, 92 00:03:14,860 --> 00:03:15,693 that's what they use, 93 00:03:15,693 --> 00:03:17,110 they use a signature based detection, 94 00:03:17,110 --> 00:03:19,980 and in this case it's actually using threat intelligence, 95 00:03:19,980 --> 00:03:22,010 it's using behavioral analytics, 96 00:03:22,010 --> 00:03:22,970 it's using big data, 97 00:03:22,970 --> 00:03:24,446 it's using a lot of different things, 98 00:03:24,446 --> 00:03:28,903 that those traditional solutions never provided.