We have a Meraki MX100 running w/ Advanced Security licensing. This licensing has AMP/anti-malware protection and Anti-virus/anti-phishing. I was thinking to also add endpoint protection for users, an actual client install. Do you guys think this is excessive? Since I have protection at the edge, the endpoint piece isn't needed?
I came across Carbon Black and Cylance, and was impressed with the way they handle threats and monitoring. I figured if I had the budget, might as well use it and get even better protection.
You want multiple layers for security. Endpoint protection is a necessity.
And that's what I was thinking and kind of felt was the way to go. I just needed to voice it out. Thanks deanwebb!!
Do you have any preferences for endpoint security? Have you used either Carbon Black or Cylance?
The meraki edge device cannot look into HTTPS or encrypted sessions so if they contain malware; they are allowed to pass on to the endpoint. You need endpoint protection in addition to be able to stop things such as this on the endpoint itself.
Quote from: fsck on December 05, 2018, 06:15:12 PM
And that's what I was thinking and kind of felt was the way to go. I just needed to voice it out. Thanks deanwebb!!
Do you have any preferences for endpoint security? Have you used either Carbon Black or Cylance?
I was talking with a guy about that last night. He did a bake-off between Crowdstrike, Carbon Black, and Cylance. Crowdstrike did the best job of identifying the malware and what it was trying to do, both Crowdstrike and Cylance stopped his custom malware in all use cases attempted. Cylance also involves whitelisting stuff, so it's very aggressive in blocking stuff, which was too much for his liking.
I use Cisco AMP. Do you know how that fairs up to those products, Dean?
Quote from: Dieselboy on December 07, 2018, 02:50:57 AM
I use Cisco AMP. Do you know how that fairs up to those products, Dean?
He wasn't impressed with them because of the way the firewall module competed for resources with the firewall in a way that could brick the firewall.
Was that solely FTD or ASA as well?
Although the Cisco AMP I am referring to is the software install on Windows / Mac / iOS / Android.
This was on the ASA.
As for the AMP client, I've actually used CounterACT to deploy it in an incident response. That was some vendor cooperation, I tell you what! :)
Did not get to see it in a PoC, though.