Cisco Advanced Malware Protection, previously known as FireAMP, is a malware analysis and protection solution.
By using targeted, context-aware malware. Attacks have the advance on resources, persistent, time and expertise to compromise a network that relies totally on point-in-time detection.
Cisco AMP provides a full protection barrier for organisations across the attack spectrum
Before the Attack
Global threat intelligence from Cisco Talos and Cisco Threat Grid feed into Cisco Advanced Malware Protection to protect against known and emerging threats
During the Attack
File reputation is used to determine if a file is clean or malicious, along with sandboxing to identity any threats during an attack
After the attack
Cisco AMP can provide retrospection, indicators of compromise, breach detection, tracking, analysis, and surgical remediation after an attack where advanced malware has slipped past defences.
Cisco AMP can be broken down into several components:
- AMP Cloud, private or public
- AMP Connectors
- AMP for Endpoints
- AMP for Networks
- AMP for Email
- AMP for Web
- AMP for Meraki MX
- Threat intelligence from Cisco Talos and Cisco Threat Grid
The central part is AMP Cloud. AMP Cloud contains the database of files and their reputations, referred to as file dispositions.
File dispositions in the AMP Cloud can change based on data from Talos or Threat Grid.
If an AMP connector uploads a sample file to the AMP Cloud and that file is deemed to be malicious, it can be stored in the cloud and reported to other AMP connectors that see the same file.
If the file is unknown, it can be sent to Threat Grid where it is analysed in as secure environment.
AMP Cloud provides decision making in real time based on the data that is received. AMP Cloud can identify malware in files that were previously detected as clean.
AMP connectors remain lightweight by sending a hash of the file to cloud and allowing the cloud to make the decisions and return a verdict regarding if a file is clean, malicious or unknown.