Articles
Defeating Polymorphic Malware with Cognitive Intelligence. Part 3: Static Analysis
Nowadays, everyone likes to talk about the use of machine learning in cybersecurity. Almost every security vendor leverages machine learning in one form or another. Organizations employ security teams with data analysis skills to automate threat hunts. But what does it really take to build a scalabl…
AMP for Endpoints Updates: Fall 2018
Written by Evgeny Mirolyubov, Ben Greenbaum, Jesse Munos on behalf of the AMP for Endpoints engineering and research team The AMP for Endpoints engineering and research team continuously releases new features and capabilities in the AMP for Endpoints Console with the goal of providing a superior use…
Empowering Defenders: AMP Unity and Cisco Threat Response
Defenders have a lot of work to do, and many challenges to overcome. While conducting the Cisco 2018 Security Capabilities Benchmark Study, where we touched more than 3600 customers across 26 countries, these assumptions were confirmed. We have seen that defenders are struggling with the orchestrati…
Defeating Polymorphic Malware with Cognitive Intelligence. Part 2: Command Line Argument Clustering
Co-authored with: Jan Jusko, Harry Nayyar, and Danila Khikhlukha. Adversaries continue to evolve their techniques to evade detection. Static analysis approaches are prone to evasion using malicious packers, code obfuscation, and polymorphism. That means that the vast majority of malware is unique to…
Cognitive Intelligence: Empowering Security Analysts, Defeating Polymorphic Malware
Co-authored with: Jan Jusko, Harry Nayyar, and Danila Khikhlukha. In psychology, the term “cognition” refers to a human function that is involved in gaining knowledge and intelligence. It helps describe how people process information and how the treatment of this information may lead to various deci…
Streamlining Threat Investigations with AMP Unity
Preventing malware incidents is very much like preventing bad things from happening in our day-to-day life. We all take precautions every day (well, most of us do, anyway). Actions as simple as carrying an umbrella when rain is forecasted, buckling a safety belt when driving, or using sun screen whe…
Take incident response to the next level with AMP for Endpoints and Cognitive Threat Analytics
Our data shows that there are 5 to 10 breaches per 1000 seats every week. That number is staggering and exemplifies the limits of traditional prevention. Most of these attacks will be done using repackaged malware distributed by known threat actors. We also see that such attacks not only remain unde…
Deep Dive into AMP and Threat Grid integration with Cisco Email Security
In our previous blog posts about AMP and Threat Grid on Cisco Email Security, we have discussed the approach to email security, that organizations could take to protect themselves against advanced threats. We have as well discussed the components of the solution and how they work together to protect…
Under the hood: Why you need AMP on ESA
With 95 percent of breaches starting with a malicious email campaign, it’s more important than ever for organizations to be prepared and to be certain that their email security solution will truly protect their data, assets and users. In a recent blog post we discussed the need for advanced threat p…