Cisco AMP Software to Stamp out Malware
Cisco Systems (CSCO) is giving its Content Security Portfolio users a boost with the addition of its Advanced Malware Protection (AMP) software, designed to utilize file reputation, file sandboxing and retrospective file analysis to stamp out potential threats.
Cisco Systems (CSCO) is giving its Content Security Portfolio users a boost with the addition of its Advanced Malware Protection (AMP) software, designed to utilize file reputation, file sandboxing and retrospective file analysis to stamp out potential threats.
AMP’s added functionality will allow users to beef up their security with comprehensive malware-defeating capabilities, including detection and blocking, continuous analysis and retrospective remediation of advanced threats, according to the press release. The AMP integration is one of Cisco's first collaborative efforts with recently acquired cybersecurity solutions company Sourcefire.
“Today’s advanced threats that can attack hosts through a combination of different vectors require a continuous security response vs. point-in-time solutions,” said Christopher Young, senior vice president, Cisco Security Business Group, in a prepared statement. “Web and email gateways do a large amount of heavy lifting in the threat defense ecosystem, blocking the delivery of malicious content. By bringing together AMP and threat analytics with our web, cloud web and email security gateways, we provide our customers with the best advanced malware protection from the cloud to the network to the endpoint.”
AMP utilizes the combined cloud security intelligence of both Cisco and Sourcefire to protect users against incoming threats, the company noted. The software will evolve throughout the attack—before, during and after—to provide continuous monitoring and analysis, giving customers a full view of the security process.
The most important feature in the new AMP software is its ability to use techniques such as file sandboxing and file reputation to identify malware signatures and give users the information they need to automatically block dangerous files and apply specific policies to avoid contamination, according to Cisco. File reputation analyzes payloads as they travel the network, while file sandboxing analyzes and determines the true behavior of those unknown files. Finally, AMP uses file retrospection to provide continuous analysis and give users real time updates of changing threat levels.
Cisco also announced that it would release four new FirePOWER appliances to work with AMP. The new FirePOWER 8300 series is expected to increase inspected throughput by 50 percent and is compatible with all existing NetMods, the company said.