The Cisco Security Agent represents the last line of defense in a layered self-defending network. The Cisco Security Agent operates directly on the end station by monitoring the OS kernel and requests to the file system, network resources, and registry keys. The Cisco Security Agent can reside directly on the PC, laptop, or server in the network. Cisco Security Agent is supported on Windows, Solaris, and Linux machines. Cisco Security Agent can provide a day-zero defense against new network attacks since the Cisco Security Agent is looking for malicious behavior directly on a workstation instead of known worms and viruses that can participate in a network attack. Day-zero is a fancy way of saying that an attack can be stopped by looking at the symptoms of an attack, rather than a unique identifier or signature of the attack. For example, a virus may delete a specific system file, but day-zero protection would notify the user that something was trying to delete any system file rather than looking for a specific virus. Day-zero protection does not require any host signatures and is a good complement to other signature-based defenses, such as network IPS. The Cisco Security Agents are centrally managed by the Management Center. The Management Center features an easy-to-use web GUI and uses HTTPS between the Management Center and the Cisco Security Agent on the end station to ensure security during the configuration process. The Cisco Security Agent Management Center includes support for the following features:
Cisco Security Agent also contains an optional component known as the network shim. The network shim provides additional protection on end stations, including protection against attacks by detecting SYN floods, port scans, and malformed packets at shim layer on the OS at the end station. |