CTA Not Enabled

AMP for Endpoints: Cognitive Threat Analytics Hi Professional, Discover new threat categories and see more malware than ever before, even in devices where you cannot install an AMP for Endpoints connector. Activate Cisco Cognitive Threat Analytics (CTA) in your AMP for Endpoints to enable agentless detection. Here's How With CTA you can make investigations easier and faster for rapid incident response. Log in to your AMP for Endpoints management console to activate CTA. You must have one of the supported web proxies (Cisco CWS, Cisco WSA, BlueCoat ProxySG, and McAfee Web Gateway). If you have different proxies or need help, reach out to the Technical Assistance Center for further guidance. Sincerely, Your AMP for Endpoints Team On average, AMP for Endpoints sees about 30 percent more infections with CTA. Contact us

CTA Enabled – No Proxy

AMP for Endpoints: Cognitive Threat Analytics Hi Professional, According to our records as of , you started enabling Cognitive Threat Analytics to analyze your web proxy telemetry, but haven't finished yet. To complete the activation: • Log in to your AMP for Endpoints management console. • Click the “Configure” button in the CTA section of your Accounts > Business page to finalize your configuration of CTA capability. • You will need to add a device account per each one of your physical or virtual web proxies. • Please review the configuration manuals for Cisco WSA, BlueCoat ProxySG and, McAfee Web Gateway. If you would like to see a demo, check out this step-by-step video. Sincerely, Your AMP for Endpoints Team Contact us

Proxy Configured – No Data

AMP for Endpoints: Cognitive Threat Analytics Hi Professional, According to our records as of , you started enabling Cognitive Threat Analytics (CTA) to analyze your web proxy telemetry, but haven't finished yet. You appear to have added proxy device account(s) in CTA, but your proxies do not appear to be uploading any logs. Can you please review the log export configuration of your proxies? To finish the activation: • Log in to your AMP for Endpoints management console. • Click the “Configure” button in the CTA section of your Accounts > Business page to finalize your configuration of CTA capability. • You will need to add a device account per each one of your physical or virtual web proxies. • Please review the configuration manuals for Cisco WSA, BlueCoat ProxySG and, McAfee Web Gateway. If you would like to see a demo, check out this step-by-step video. Sincerely, Your AMP for Endpoints Team Contact us

Proxy Configured – Incorrect Data

AMP for Endpoints: Cognitive Threat Analytics Hi Professional, Are you still interested in enabling Cognitive Threat Analytics to analyze your web proxy telemetry? It seems that one of your proxies is not configured properly, and some of the exported logs can’t be processed by CTA. Please review the configuration manuals for Cisco WSA, BlueCoat ProxySG, and McAfee Web Gateway. If you can’t identify any configuration issues, reach out to the Technical Assistance Center for further assistance using CTA within your AMP for Endpoints. When you open your case, report that your CTA provisioning recordings show your proxy logs are not processed correctly and request a CTA level 3 support for resolution. Sincerely, Your AMP for Endpoints Team Contact us

Evaluation of whether features are being utilized is done. If they are not utilizing Continuous Analysis, Feature Utilization Email #1 is triggered. If contact does take advantage of the feature, dynamic content will congratulate and encourage usage.

AMP for Endpoints Feature Focus #1: Continuous Analysis AMP inspects files at point of entry into your network. Regardless of disposition, AMP continues to watch, analyze, and record file activity. If these files ever start exhibiting malicious behavior, you receive an indication of compromise with a full record of the threat’s history: where it came from, where it’s been, and what it’s doing. Get Better Visibility Check out “Three Ways to Get Better Visibility into Your Endpoints” to learn about the AMP for Endpoints features designed to provide you with continuous analysis. Then login to your management console to start using your indications of compromise, device trajectory, and file trajectory. Contact us

Two weeks after Email #1 is sent, an evaluation of whether features are being utilized is done. If they are not utilizing File Analysis and Sandboxing, Feature Utilization Email #2 is triggered. If contact does take advantage of the feature, dynamic content will congratulate and encourage usage.

AMP for Endpoints Feature Focus #2: Better Visibility, Better Threat Defense With your AMP for Endpoints, you have global threat intelligence, advanced sandboxing, and real-time malware blocking, so you have the visibility you need to prevent breaches. Take Action: Three Steps to Better Threat Defense Upload an executable into the sandbox environment to analyze behavior and score the threat level of that behavior. Get the detailed results of that file analysis in about seven minutes. All analysis results are added to the collective intelligence and are searchable with elastic search. Pivot from an indicator in a file analysis report to view everywhere else it has been in the entire enterprise. See sandboxing in action Use file analysis and sandboxing. Log in to your management console. Contact us

Two weeks after Email #2 is sent, an evaluation of whether features are being utilized is done. If they are not utilizing Retrospective Security, Feature Utilization Email #3 is triggered. If contact does take advantage of the feature, dynamic content will congratulate and encourage usage. **Emails #1, #2 and #3 are focused on feature utilization related to Visibility.

AMP for Endpoints Feature Focus #3: Retrospective Security Did you know that with retrospective security you can roll back time on would be attackers even after malware has already infiltrated the extended network? Watch a demo AMP for Endpoints traces processes, file activities, and communications to give you the full view of an infection and establish root causes, so you can remediate with just a few clicks. Check out the video to see retrospective security and quarantining in action. Then, log in to your management console to see if you have any updates. Of all the detection events alerted by AMP, an average of 18% are retrospective security alerts. Contact us

Two weeks after Email #3 is sent, an evaluation of whether features are being utilized is done. If they are not utilizing Malware Detection, Outbreak Control and Quarantines, Feature Utilization Email #4 is triggered. If contact does take advantage of the feature, dynamic content will congratulate and encourage usage. **Email #4 is focused on feature utilization related to Control.

AMP for Endpoints Feature Focus #4: Malware Detection, Outbreak Control and Quarantines You have the visibility you need now to implement a strategic defense. Now it’s time to learn how to get better control. With your AMP for Endpoints, you can stop the spread of malware with just a few clicks. Here’s how Check out “How to Stop Malware in its Tracks” to learn how to use malware detection and blocking, build outbreak control lists, and quarantine malicious files. When malware gets in, it acts quickly. 60% of data is compromised within hours of an attack according to the Ponemon Institute. Contact us