A security administrator notices that several endpoints in the finance department are exhibiting unusual network behavior, including connections to known malicious IP addresses. The administrator has deployed Cisco Secure Endpoint (formerly AMP for Endpoints) with TETRA and has enabled the built-in firewall. What is the best course of action to quickly identify the root cause and contain the threat?
Trap 1: Disable the built-in firewall on the endpoints to allow full…
Disabling the firewall increases risk; TETRA works with firewall enabled.
Trap 2: Wait for the weekly threat report from Cisco Talos to identify the…
Waiting delays response; threat must be contained immediately.
Trap 3: Uninstall the Cisco Secure Endpoint connector and reinstall it with…
Uninstalling removes protection; reinstallation is not necessary.
- A
Disable the built-in firewall on the endpoints to allow full traffic inspection by the TETRA engine.
Why wrong: Disabling the firewall increases risk; TETRA works with firewall enabled.
- B
Use the Cisco Secure Endpoint console to review the TETRA engine's real-time traffic analysis and isolate the affected endpoints.
TETRA provides real-time traffic analysis; the console allows immediate visibility and isolation.
- C
Wait for the weekly threat report from Cisco Talos to identify the malware family and then apply a signature update.
Why wrong: Waiting delays response; threat must be contained immediately.
- D
Uninstall the Cisco Secure Endpoint connector and reinstall it with a fresh policy.
Why wrong: Uninstalling removes protection; reinstallation is not necessary.