Cisco has announced new enhancements for its Secure Endpoint solution for businesses which focus on two big cybersecurity challenges: misconfigurations and advanced threat detection.
On the first point about misconfigurations, Cisco’s threat intelligence group Talos said that 25% of incidents are down to Endpoint Detection and Response (EDR) misconfigurations so it’s releasing the Secure Endpoint Configuration Insights tool to let organizations visualize MITRE ATT&CK coverage, and then identify and resolve misconfiguration risks.
With the MITRE ATT&CK coverage map, administrators are shown which attack methods their current security setup can defend against. It helps to show where defenses are strong and where they may have gaps based on how their Secure Endpoint is configured. With MITRE ATT&CK, admins are able to learn more about adversary tactics and techniques that occur in the real-world.
The insights tool also helps by giving admins protection status monitoring which shows you endpoints (such as personal computers and servers) with their security engines switched on, off, or in audit mode (watching for threats but not blocking). With this, admins can find any users creating a weak link in the chain to ensure they get protections turned back on.
Finally, the tool doesn’t only just highlight flaws in your defenses, it also gives you targeted recommendations so that you can address any policies that aren’t optimized for Secure Endpoint’s MITRE-mapped protections. This lets admins secure their networks “faster than ever.”
Aside from misconfigurations, Cisco is also improving its ability to prevent advanced threats by enhancing how Secure Endpoint"s Exploit Prevention works with Cisco XDR. To help protect systems, Exploit Prevention uses advanced moving target defense (AMTD) techniques to hide operating systems and applications from attackers.
AMTD means that the attack surface is constantly changing, making it harder for threat actors to land a successful attack. Cisco says this method can be a real boost to organizations now that we live in a world of AI-enabled attacks.
The AMTD techniques Cisco is now using also makes it harder to exploit vulnerabilities through the stealthy Living off the Land techniques where attackers use legitimate tools and features present on systems to carry out their attacks. With AMTD, these tools become less predictable for the attacker.
If you’re already using Cisco XDR with Secure Endpoint, these new protections are automatically enabled with no extra work needed.
Image via Depositphotos.com