Accelerate Malware Detection and Remediation with LogRhythm and Cisco Secure Endpoint

Woman detecting malware

When it comes to threat detection, protecting your organization is no easy feat. Despite your best efforts to block threats with detection solutions, the reality is malware can still get into your network. By the end 2021, experts predict there will be a ransomware attack on businesses every 11 seconds. This is where an integration with LogRhythm and Cisco Secure Endpoint can help.

Simplify Malware Monitoring and Automate Response

As part of our ongoing strategic partnership with Cisco, LogRhythm has deepened our Cisco support and released a new SmartResponse™ automation plugin with Cisco Secure Endpoint, formerly called Cisco Advanced Malware Protection. The Cisco Secure Endpoint plugin speeds your response to malware threats, minimizing damage and eliminating your need for security analysts to manually intervene.

Ransomware and other forms of malware continue to be a significant threat for organizations of all sizes. By 2021, experts expect total damage from ransomware to top out at over $20 billion. That’s why it’s crucial to have a mechanism in place for rapid threat detection and response.

By integrating LogRhythm NextGen SIEM Platform and Cisco Secure Endpoint, your security team will have greater context about the scope of an attack and the ability to trigger automated responses, take action, and stop threats before serious damage occurs.

LogRhythm and Cisco Secure Endpoint in Action

The LogRhythm NextGen SIEM Platform collects, enriches and analyzes data from all devices, applications, and sensors in an environment. The LogRhythm Open Collector agent connects to the Cisco Secure Endpoint API and collects all available logs in JSON format. LogRhythm’s Machine Data Intelligence (MDI) Fabric  then parses, normalizes, classifies and contextualizes the Cisco Secure Endpoint log messages. The LogRhythm NextGen SIEM finally analyzes and stores them in a dashboard. When SIEM analytics generate a security alert, LogRhythm’s SmartResponse plugin works with the Cisco Secure Endpoint to expedite threat containment and automate remediation action.

LogRhythm's Cisco AMP plugin
Figure 1: Cisco Secure Endpoint integrates with the LogRhythm NextGen SIEM Platform to accelerate malware detection and response

The Cisco Secure Endpoint plugin contains multiple actions that automatically fire when an alarm occurs or are used by the analyst to manually take workflow action. For example, when an alarm indicates suspicious activity on a host, an analyst can identify and then isolate the impacted computer and files using the “Get Vulnerabilities” action. When executed, information is retrieved via the Cisco Secure Endpoint API and displayed on the LogRhythm Console for follow-on investigation and action.

Finding Value with LogRhythm SmartResponse

The Cisco Secure Endpoint plugin is the latest integration as part of the LogRhythm-Cisco partnership, which helps organizations increase network visibility and secure their IT environments. To download the Cisco Secure Endpoint plugin, visit the LogRhythm Community. To find additional plugins, check out our SmartResponse Automation Plugin Library.