Categories
CCNP Enterprise Core (350-401) Cisco Security

Cisco Advanced Malware Protection (AMP)

Cisco Advanced Malware Protection, previously known as FireAMP, is a malware analysis and protection solution.

By using targeted, context-aware malware. Attacks have the advance on resources, persistent, time and expertise to compromise a network that relies totally on point-in-time detection.

Cisco AMP provides a full protection barrier for organisations across the attack spectrum

Before the Attack

Global threat intelligence from Cisco Talos and Cisco Threat Grid feed into Cisco Advanced Malware Protection to protect against known and emerging threats

During the Attack

File reputation is used to determine if a file is clean or malicious, along with sandboxing to identity any threats during an attack

After the attack

Cisco AMP can provide retrospection, indicators of compromise, breach detection, tracking, analysis, and surgical remediation after an attack where advanced malware has slipped past defences.

AMP Architecture

Cisco AMP can be broken down into several components:

  • AMP Cloud, private or public
  • AMP Connectors
    • AMP for Endpoints
    • AMP for Networks
    • AMP for Email
    • AMP for Web
    • AMP for Meraki MX
  • Threat intelligence from Cisco Talos and Cisco Threat Grid

The central part is AMP Cloud. AMP Cloud contains the database of files and their reputations, referred to as file dispositions.

File dispositions in the AMP Cloud can change based on data from Talos or Threat Grid.

If an AMP connector uploads a sample file to the AMP Cloud and that file is deemed to be malicious, it can be stored in the cloud and reported to other AMP connectors that see the same file.

If the file is unknown, it can be sent to Threat Grid where it is analysed in as secure environment.

AMP Cloud provides decision making in real time based on the data that is received. AMP Cloud can identify malware in files that were previously detected as clean.

AMP connectors remain lightweight by sending a hash of the file to cloud and allowing the cloud to make the decisions and return a verdict regarding if a file is clean, malicious or unknown.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.