Users & Malicious Emails: Stay Safe with Rapid Threat Containment

Picture this: An end user manages to overlook the red flags and clicks on an email attachment that actually contains malware. So what happens next? According to industry averages, it can take IT roughly 100-200 days to detect and solve the subsequent problems. That’s more than enough time for the malware to inflict some significant damage. IT knows this and it’s done its best to speed up its response capabilities. As IT has gotten faster, so have threats. The end result is a security footrace with a company’s data waiting at the finish line.

In today’s business landscape, near-instantaneous response is required to make sure private data doesn’t fall into the hands of cyber criminals. Beyond that immediate response, security must be prepared to evolve right along with malware and other threats. The bad guys aren’t standing still and so neither can the people (and solutions) on the other side of the aisle.

This is exactly what Rapid Threat Containment from Cisco brings to the table. This solution features Cisco FireSIGHT Management Center (FMC) and Identity Services Engine (ISE). It unifies those two solutions to provide a next-level security solution capable of standing up to next-level threats.  Organizations leveraging Rapid Threat Containment also gain:

• The peace of mind that comes from automatic malware detection and containment of compromised endpoints
• Threat intelligence that is continually updated to keep pace with the always-changing methodologies of cyber criminals
• Increased visibility into security risks, allowing for more efficient and effective responses from IT
• Expanded networking capabilities thanks to its easy integration with already-deployed Cisco solutions and devices

Securing IT against end user gaffes 

Going back to that original example of the end user and the malicious email attachment, if that user’s employer had Rapid Threat Containment deployed, the situation would have played out differently. Instead of the organization being left open to a potentially lengthy and costly intrusion, the following would take place:

1. The downloaded file would be scanned by Cisco sensors and that data would be passed along to FMC.
2. FMC would identify the suspicious file and alert ISE about the issue. ISE would, in turn, assign new access policies to the user and the device reflecting the suspicious activity.
3. This new policy would inform network enforcers to automatically begin restricting the user and the device’s access.
4. The suspect device would be quarantined and access denied until the necessary remediation and mitigation procedures could be taken.

Gain a leg up on cyber crooks with Rapid Threat Containment 

IT teams are being pushed to their limits defending their organizations against sophisticated cyber criminals. Not only are attack methods advancing, but the attack surface itself is growing. As more devices gain connectivity through Internet of Things technology, it gives IT more doors to lock and attackers more ways in. Rapid Threat Containment can help seal those doors.

Arraya Solutions’ Cisco team has decades of experience supporting industry-leading technology. It stands ready to help businesses determine whether Rapid Threat Containment is the correct fit for them and aid in the deployment and fine-tuning of the solution.

Want to learn more about Rapid Threat Detection or the other ways Arraya can help minimize IT headaches? Visit: http://www.arrayasolutions.com/contact-us/. Or, we can be contacted directly through our Twitter account, @ArrayaSolutions. Be sure to click the “Follow” button to be among the first to know about all of our latest blogs, events, and special offers.