Cisco Security Agent (CSA) is a unique proposition that provides proactive host-based intrusion detection and prevention solutions for endpoint systems (desktop PCs, laptops, servers, and point of service [POS] terminals) for known and unknown (day-zero) threats. CSA goes beyond conventional security and does not rely on signature-based architecture. CSA provides endpoint security using a flexible policy-based and behavior-based architecture, thus offering defense against targeted attacks, virus, worm, spyware, adware, rootkit, and day-zero attacks that have not been discovered and new exploits and variants by taking advantage of known and unknown vulnerabilities.
CSA also provides policy compliance controls offering protection to sensitive information on the system. Examples include granular controls such as the restriction of the following: removable media storage (USB key), copy-paste sensitive information between applications, and peer-to-peer applications such as instant messaging (IM). CSA provides unique intelligence to correlate the behaviors of system functions, based on rules that define unacceptable behavior for a specific application, and it defines the necessary action to be taken. CSA is capable of implementing a wide range of granular policy-based compliance controls.
In addition, CSA provides numerous benefits:
Endpoint system protection (desktop, server, and point of service [POS] terminals)
Host-based intrusion prevention
Policy-based and behavior-based architecture
Personal firewall protection
Day-zero attack protection
Regulatory policy compliance enforcement
Acceptable corporate use policy compliance
Preventive protection against targeted attacks
Stability and protection of the underlying operating system
File and directory protection
Host application visibility
Application control
Correlation of system calls and application functions