Cisco's Advanced Malware Protection (AMP) technology, known as FireAMP, is already supported in its firewalls and e-mail gateways, but now the company is making AMP available as a standalone product.
That's just one of a slew of security announcements the company is making at this week's Cisco Live Conference.
The dedicated AMP for Networks appliances include the FirePOWER AMP8150 (up to 2Gbps performance) and AMP7150 (up to 500Mbps performance), a line of products that start at $48,000. Both of the new dedicated AMP appliances are designed to monitor and block malware, including zero-days, via Cisco's cloud-based content-inspection technology. But for Cisco customers that don't want to send their data off premises in this sandboxing process, Cisco has also come up with an on-premises option called the AMP Private Cloud Appliance that starts at $100,000.
The AMP Private Cloud appliance was created to meet the needs of organizations working under security and data-privacy rules that restrict where data can be transmitted. It will work the same way as the other AMP choices, such as collecting information from AMP endpoint connector agents for Windows, Mac OS X or Android.
"There's a synchronization mechanism to keep up with all the dynamic analysis, machine-learning and blacklists," said Marty Roesch, vice president and chief architect for Cisco's Security Business Group. AMP for Endpoints starts at $30 per user for enterprise deployments over 5,000 seats.
Cisco says it's also expanding how AMP works by including a search engine for threat analysis that lets the security manager perform forensics related to file and host names relative to the scope and containment of malware across an enterprise. In addition, AMP 5.3 has a "file extraction" capability that lets the security manager request that a host computer that has an AMP agent send up a copy of a file if it hasn't gone through the sandboxing analytics process to be inspected for malware. Cisco has also added a way to correlate "indicators of compromise" using AMP. In forensics, indictors of compromise point to the strong likelihood of specific compromise or intrusion into an enterprise network.
One Cisco customer, Dan Polly, vice president enterprise information security manager at First Financial Bank, says unknown threats and social engineering attacks, especially phishing attacks on employees, remain a key concern. First Financial Bank has deployed several security technologies, but AMP is considered an "anchor" of defense for the bank because its sandboxing approach "finds things traditional A/V can't," Polly says. First Financial expects to also look into the newer option Private Cloud option.
Cisco today also announced its intent to acquire ThreatGRID, the New York City-based security firm that offers malware analysis and threat intelligence technology, for an undisclosed price. Cisco said it's acquiring ThreatGRID to enhance Cisco's Advanced Malware Protection (AMP) products.
Sign up for Computerworld eNewsletters.