Security breaches are more common than ever, and the number of organizations falling victim to attacks is growing steadily. Hackers are becoming more sophisticated and can now create advanced malware capable of evading even the best point-in-time detection tools, including antivirus and intrusion prevention systems.
These tools are designed to inspect traffic at every point of entry in your extended network, but cannot detect 100% of the potential threats and risks attempting to make their way into your system. In addition, they provide barely any visibility into the activity of these threats after they have invaded your first-line defenses. This, unfortunately, leaves your IT team blind to the scope of the potential damage and are unable to detect and contain malware quickly enough to prevent it from wreaking havoc.
Cisco AMP
Cisco Advanced Malware Protection, also known as AMP, reaches beyond point-in-time detection and is built specifically to protect your organization before, during, and after an attack. This is how it does so:
- Before an attack – AMP uses the absolute best global threat detection to strengthen your defenses and ward off uninvited intruders.
- During an attack – using known file signatures, global threat detection, and dynamic file analysis technology, malware is blocked from trying to infiltrate your IT environment.
- After an attack – AMP provides continuous monitoring and analysis of all file activity, communications, and processes. Files exhibiting malicious behavior will be detected by AMP and retrospective alerts will be provided.
AMP is effective not only at detecting breaches, but can also quickly detect, contain, and remediate threats that manage to evade front-line defenses in a cost effective way, without negatively impacting your operations.
Threat Intelligence and Malware Analysis
AMP is compiled of a wide-ranging collection of real-time threat intelligence and innovative malware analytics that are supplied by Cisco Collective Security Intelligence, Talos Security Intelligence, and Research Group, and AMP Threat Grid intelligence feeds.
You benefit from AMP with:
- Over a million incoming malware samples a day.
- 6 million global sensors.
- 100 terabytes of data per day.
- A dedicated team of technicians, engineers, and researchers.
- 13 billion web requests.
- Around the clock operations.
By integrating r AMP Threat Grid technology into Cisco AMP you are also provided with context-rich intelligence feeds. This technology analyzes millions of samples on a monthly basis against more than 350 behavioral indicators. This results in billions of artifacts and an easily understood threat score to help security teams prioritize their responses.
Continuous Analysis and Retrospective Security
Cisco AMP provides continuous monitoring, analysis, and recording of all file activity. If any suspicious or malicious activity is observed then security teams are alerted letting them know of the compromise. AMP also provides details as to exactly what happened, showing teams a complete history of the threat and answering such questions as:
- Where the malware came from?
- What specific systems have been affected?
- What does the threat consist of?
- How can it be stopped?
Security teams are able to use this information and quickly take action using AMP’s user friendly browser-based management console.
Flexible Deployment
Cisco AMP solution offers flexible deployment across a number of platforms, including:
- Cisco AMP for Endpoints – provides protection for Windows PCs, Macs, Linux systems, Android devices, and virtual environments using AMP’s lightweight connector.
- Cisco AMP for Networks – AMP can be deployed as a network-based solution integrated into Cisco FirePOWER network security appliances.
- Cisco AMP on ASA with FirePOWER Services – deploy AMP capabilities integrated into the Cisco ASA firewall.
- Cisco AMP Private Cloud Virtual Appliance – AMP can be deployed as an on-premise, air-gapped solution that has been specifically built to meet the high-privacy requirements for organizations restricted from using a public cloud solution.
- Cisco AMP on CWS, ESA, or WSA – AMP capabilities can be turned on any of these to provide malware analysis and retrospective capabilities.
- Cisco AMP Threat Grid – this provides enhanced malware analysis, and can also be deployed as a standalone threat intelligence solutions and advanced malware analysis, either in an appliance or on the cloud.
To learn more about Advanced Malware Protection with Cisco reach out to our team of experts at PNJ Technology Partners. Call us at (518) 459-6712 or send an email to info@pnjtechpartners.com.
