eBooks/eGuides

CHAPTER 4 Deploying Cisco Ransomware Defense 31 These materials are © 2017 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. At the same time, advanced malware provides a launching pad for a persistent attacker to move laterally throughout a compromised organization's network. Email phishing campaigns are a favorite — and astonishingly effective — malware attack vector for cybercriminals. Recent ransomware variants such as Locky and Chimera all use phishing techniques to infect their victims. Cisco Ransomware Defense solutions secure endpoints and pre- vent email threats include Cisco Advanced Malware Protection (AMP) for Endpoints and Cisco Cloud Email Security with AMP. Cisco Advanced Malware Protection (AMP) for Endpoints Traditional antimalware software that only uses point-in-time detection techniques alone will never be 100 percent effective. Yet, it takes only one threat that evades detection to compromise your entire environment. Using targeted context-aware mal- ware, sophisticated attackers have the resources, expertise, and persistence to outsmart point-in-time defenses. Point-in-time detection is also completely blind to the scope and depth of a breach after it happens, rendering organizations incapable of stopping an outbreak from spreading or preventing a similar attack from happening again. Although no antimalware solution can remove ransomware or decrypt files once an endpoint is infected, Cisco helps organiza- tions proactively detect ransomware and block it before it ever reaches the network. Based on this understanding of malware, Cisco created AMP for Endpoints to deliver a complete framework of detection capabilities and big data analytics to continuously analyze files and traffic in order to identify and block advanced malware threats. Sophisticated machine-learning techniques evaluate more than 400 character- istics associated with each file. Retrospective security — the ability to look back in time and trace processes, file activities, and com- munications in order to understand the full extent of an infection, establish root causes, and perform remediation — can detect and alert you to files that become malicious after the initial disposition.

• Cover
• Title Page
• Copyright Page
• Table of Contents
• Introduction
• About This Book
• Foolish Assumptions
• Icons Used in This Book
• Beyond the Book
• Chapter 1 What Is Ransomware?
• Defining Ransomware
• Recognizing Ransomware in the Modern Threat Landscape
• Understanding How Ransomware Operates
• Chapter 2 Implementing Best Practices to Reduce Ransomware Risks
• Before an Attack: Discover, Enforce, Harden
• During an Attack: Detect, Block, and Defend
• After an Attack: Scope, Contain, and Remediate
• Chapter 3 Building the "New Best-of-Breed" Security Architecture
• Recognizing the Limitations of Current Security Designs
• Defining the "New Best-of-Breed" Security Architecture
• Chapter 4 Deploying Cisco Ransomware Defense
• Leveraging DNS as the First Line of Defense in the Cloud
• Securing Endpoints and Addressing Email Threats
• Cisco Advanced Malware Protection (AMP) for Endpoints
• Cisco Email Security with Advanced Malware Protection (AMP)
• Protecting the Network with Next-Generation Firewalls and Segmentation
• Cisco Firepower Next-Generation Firewall (NGFW)
• Use the network as a sensor and enforcer
• Streamlining Deployments and Bolstering Incident Response
• Chapter 5 Ten Key Ransomware Defense Takeaways
• Ransomware Is Evolving
• Ransomware-as-a-Service Is an Emerging Threat
• Paying a Ransom Doesn't Solve Your Security Problems
• Build a Layered Security Architecture Based on Open Standards
• Deploy Integrated, Best-of-Breed Solutions
• Embed Security throughout Your Network Environment
• Reduce Complexity in Your Security Environment
• Leverage Cloud-Based, Real-Time Threat Intelligence
• Automate Security Actions to Reduce Response Time
• See Something, Say Something
• EULA