Cisco announced that it has added its Advanced Malware Protection (AMP), originally developed by Sourcefire, into its Content Security Portfolio of products, including Web and Email Security Appliances and Cloud Web Security Service. The integration provides customers worldwide with comprehensive malware-defeating capabilities, including detection and blocking, continuous analysis and retrospective remediation of advanced threats. This enhanced offering represents one of the initial technology integration efforts between Cisco and Sourcefire, and extends the option of advanced malware protection for more than 60 million enterprise and commercial users currently protected with Cisco Content Security solutions.
Advanced Malware Protection utilizes the vast cloud security intelligence networks of both Cisco and Sourcefire (now part of Cisco). Like the attacks it is designed to protect against, AMP evolves to provide continuous monitoring and analysis across the extended network and throughout the full attack continuum – before, during and after an attack. By combining Sourcefire’s deep knowledge of advanced threats and analytics expertise with Cisco’s industry leading Email and Web Security solutions, customers benefit from unmatched visibility and control combined with the most cost-effective, seamless approach to addressing advanced malware problems.
Cisco has also added Cognitive Threat Analytics, acquired last year via Cognitive Security, as an option for Cisco Cloud Web Security customers. Cognitive Threat Analytics is a highly intuitive, self-taught system that uses behavioral modeling and anomaly detection to identify malicious activity and reduce time to discovery of threats operating inside the network. Both Cognitive Threat Analytics and AMP are available on Cisco Cloud Web Security as an optional license.
The addition of advanced malware technologies to Cisco Web and Email Security solutions, and Cognitive Threat Analytics to Cisco’s Cloud Web Security, have expanded Cisco’s ability to provide more threat-centric security solutions for its customers by expanding attack vector coverage by providing advanced malware protection “everywhere” a threat can manifest itself. With this integration, Cisco addresses the broadest range of attack vectors across the extended network.
“Epsilon System Solutions takes a proactive stance against sophisticated attacks and turned to FireAMP to help ensure we are doing everything we can to identify, stop and remove threats on the endpoint as quickly as possible,” said Damon Rouse, IT Director at Epsilon System Solutions. “Bringing the AMP technology to the Cisco Web and Email Security Appliances and Cloud Web Security Services is a smart move that will greatly benefit customers in their efforts to protect against today’s rapidly evolving threats. AMP is the only solution we’ve seen that can combine the power of sandboxing with the innovation of file retrospection; it has helped to put us in a better position to further mitigate the impact of potential attacks.”
Instead of relying on malware signatures, which can take weeks or months to create for each new malware sample, AMP uses a combination of file reputation, file sandboxing, and retrospective file analysis to identify and stop threats across the attack continuum.
- File Reputation analyzes file payloads inline as they traverse the network, providing users with the insights required to automatically block malicious files and apply administrator-defined policies using the existing Cisco Web or Email Security user interface and similar policy reporting frameworks.
- File Sandboxing utilizes a highly secure sandbox environment to analyze and understand the true behavior of unknown files traversing the network. This allows AMP to glean more granular behavior-based details about the file and combine that data with detailed human and machine analysis to identify a file’s threat level.
- File Retrospection solves the problem of malicious files that have passed through perimeter defenses but are subsequently deemed a threat. Rather than operating at a point in time, File Retrospection provides continuous analysis, using real time updates from AMP’s cloud-based intelligence network to stay abreast of changing threat levels. As a result, AMP helps identify and address an attack quickly, before it has a chance to spread.
Christopher Young, senior vice president, Cisco Security Business Group, said: “Today’s advanced threats that can attack hosts through a combination of different vectors require a continuous security response versus point in time solutions. Web and Email gateways do a large amount of heavy lifting in the threat defense ecosystem, blocking the delivery of malicious content. By bringing together AMP and threat analytics with our Web, Cloud Web and Email Security gateways, we provide our customers with the best advanced malware protection from the cloud to the network to the endpoint.”
On the network, AMP continues to be an integrated capability in FirePOWER appliances for Next-Generation IPS or Next-Generation Firewall, or available as a standalone appliance. Also, FireAMP solutions provide endpoint protection for PCs, mobile devices and virtual environments, working with the FirePOWER and standalone appliance offerings through a connector.
As network speeds continue to increase, the need for higher-performing appliances capable of advanced malware protection increases. To fulfill this need, Cisco is also announcing the four latest and fastest FirePOWER appliances, all designed for compatibility with AMP. The 8350 (15 Gbps), 8360 (30 Gbps), 8370 (45 Gbps) and 8390 (60 Gbps) are stackable additions to the FirePOWER family and will work with all of the existing NetMods for modularity and mixed-media support. The FirePOWER 8300 series delivers a 50 percent increase in inspected throughput and is stackable up to 120+ Gbps of throughput.