Cisco Advanced Malware Protection (AMP) Explained

Cisco Advanced Malware Protection (AMP) is a malware analysis and protection security solution that goes beyond point-in-time detection of advanced malware problems. Typical security solutions scan files and traffic at the network’s point of entry, block known threats, and allow “good” or “unknown” files and traffic to enter the network. Then, the analysis stops here.

Attacks have become so advanced that point-in-time detection techniques can be easily evaded using targeted, context-aware malware. When advanced malware enters a computer system, it can self-replicate and infect the system’s programs and files. It may even become dormant for a period of time. Advanced malware may also test for Sandbox conditions designed to restrict malicious files and deceive security software into thinking it is not malware.

AMP is intended to strengthen network defenses by preventing, detecting, and assisting in the removal of threats from computer systems using real-time threat intelligence, dynamic malware analytics, and retrospective security wherein files and traffic that entered the network are still being monitored and analyzed. It also provides insight, context, and control that security professionals would need to identify quickly, contain, and remediate threats that slip front-line defenses, all while being cost-effective and operationally efficient.


Cisco AMP Security

Cisco AMP is fully integrated and intelligence-powered. It delivers full security for organizations throughout the entire threat continuum: before, during, and after an attack.

  1. Before – AMP uses global threat intelligence data from Cisco Threat Grid and Cisco Talos to safeguard against known and emerging risks.
  2. During – AMP checks the file reputation to see whether a file is malicious or not. Policy-violating file types, exploit attempts, and malicious files infiltrating the network are blocked. Sandboxing is also utilized for detecting risks during an attack.
  3. After – Cisco AMP continuously monitor, analyze, and retrospect all file activities and traffic, looking for any indicators of compromise (IoCs). If a previously “good” file starts behaving badly, AMP will identify it and immediately alert the security team, indicating a potential breach. It then tracks and shows where the malware came from, which systems were impacted, and what it is doing. It also includes options for quickly responding to the intrusion and remediating it with a few clicks. This provides the security team with deep visibility and controls needed to identify the attacks immediately, scope a compromise, and contain malware before it does harm.


Cisco Advanced Malware Protection Components

Attacks can be launched in different entry points into the organization. Therefore, various AMP solutions are available to be deployed on the different control points, and these AMP solutions include:

  • Cisco AMP for Endpoints – for Windows, Macs, and Linux PCs. Also, for Android and Apple iOS mobile devices.
  • Cisco AMP for Networks – AMP is integrated into Cisco Firepower NGIPS security appliances.
  • Cisco AMP on Firewalls and ASA with FirePOWER Services – AMP is integrated into the Cisco NGFW or Adaptive Security Appliance (ASA) firewall.
  • Cisco AMP Private Cloud Virtual Appliance – AMP for on-premises, air-gap solutions.
  • Cisco AMP on ESA and WSA – for Cisco Email Security Appliance (ESA) or Web Security Appliance (WSA).
  • Cisco AMP for Meraki MX – provides cloud-based security solutions with advanced threat capabilities.
  • Cisco Threat Grid – integrated with AMP to enhance malware analysis.

All of these AMP solutions are connected to the AMP Cloud, which contains the database of files and their dispositions as received from Cisco Talos and Cisco Threat Grid. In this way, all connected AMP components are updated in real-time as well.

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: