Many threats do not arrive through your network perimeter at all.
They arrive through the endpoint itself.Firewalls and VPN gateways get most of the attention when you design security.
But a single infected laptop inside your office bypasses every perimeter control you built.A Vast and Diverse Attack Surface
An endpoint is any device that connects to your network.
Every one is a potential entry point for an attacker.
Figure 1 – Endpoints come in many forms and all connect to your network
A laptop, a PC, a tablet, a smartphone, an IP phone, an IoT device, all of them qualify.
Thanks to BYOD (Bring Your Own Device) policies, personal devices connect to your corporate network every day.These devices may carry vulnerabilities, outdated software, or already-installed malware.
They bypass your network security entirely because they sit inside the trust zone.Answer the question below
What acronym describes the policy of letting personal devices connect to the corporate network?
The Limits of Traditional Antivirus
For decades, antivirus software protected endpoints by maintaining a database of known malware signatures.
When a file matched a known signature, your antivirus blocked it before execution.
Figure 2 – A known malware is matched in the signature database and blocked
This model works well as long as the threat is already known.
But attackers adapt constantly.
When a variant gets detected, they modify its code and change its hash.
The new version is invisible to your antivirus.
Figure 3 – A new variant has an unknown hash and reaches the endpoint
A static, point-in-time detection engine cannot keep pace with this dynamic threat landscape.
Your endpoints need continuous monitoring and cloud-backed intelligence.Answer the question below
What does traditional antivirus rely on to detect malware?
The ENCOR blueprint expects you to know the Cisco endpoint security product by name.
That product is Cisco Secure Endpoint, formerly known as AMP for Endpoints.
It follows the agent plus cloud model that now complements static antivirus across the industry.Note: AMP for Endpoints is the agent that runs on the device. It is different from Cisco AMP as a file inspection feature on the firewall, which you saw in the previous course.
The Agent on the Endpoint
Cisco Secure Endpoint deploys a lightweight agent on every protected device.
The agent sits on your laptop, your PC, or your server, ready to act on every file.
Figure 4 – A laptop with the Secure Endpoint agent installed
40 % Complete: you’re making great progress
Ready to pass your CCNP exam?