Organizations today are under the constant threat of cyber attack, and security breaches happen every day. Cisco Advanced Malware Protection (AMP) for Endpoints is a cloud-managed endpoint security solution that provides the visibility, context and control to not only prevent cyber attacks, but also rapidly detect, contain, and remediate advanced threats if they evade front-line defenses and get inside—all cost-effectively, without affecting operational efficiency, and before damage can be done.
AMP for Endpoints prevents attacks by providing the latest global threat intelligence to strengthen defenses, a built-in antivirus (AV) engine to detect and block attacks at point-of-entry, built-in sandboxing technology to analyze unknown files, and proactive protection capabilities that close attack pathways and minimize vulnerabilities. But if malware evades these prevention measures and gets inside, AMP for Endpoints continuously monitors and records all file activity to quickly detect malicious behavior, retrospectively alert security teams, and then provide deep visibility and a detailed recorded history of the malware’s behavior over time—where it came from, where it’s been, and what it’s doing. AMP can then automatically contain and remediate the threat. AMP protects endpoints—like laptops, workstations, servers, and mobile devices—running Windows, Mac OS, Linux, Android and iOS. Understand AMP for Endpoints in 5 minutes.
- Protection that goes beyond prevention: Cisco AMP for Endpoints goes beyond just preventing attacks. It analyzes files and traffic continuously. This capability helps enable retrospective security. You can look back in time and trace processes, file activities, and communications to understand the full extent of an infection, establish root causes, and perform remediation. The result: more effective, efficient, and pervasive protection for your organization.
- Monitoring that enables unmatched visibility: Cisco AMP for Endpoints offers more than retrospection. It introduces a new level of intelligence, linking and correlating various forms of retrospection into a lineage of activity available for analysis in real time. It can then look for patterns of malicious behavior from an individual endpoint or across the environment of endpoints.
- Advanced analysis that looks at behaviors over time: Cisco AMP for Endpoints provides automation through advanced behavioral detection capabilities that deliver a prioritized and collated view of top areas of compromise and risk.
- Investigation that turns the hunted into the hunter: Cisco AMP for Endpoints shifts activity from looking for facts and clues as part of an investigation to a focused hunt for breaches based on actual events like malware detections and behavioral indications of compromise (IoCs).
- Containment that is truly simple: Cisco AMP for Endpoints provides visibility into the chain of events and context that complements its dashboards and trajectory views. AMP provides the ability to target specific applications, files, malware, and other root causes. Breaking the attack chain is not only quick but also easy.
- Dashboards that are actionable and contextual: Reports are not limited to event enumeration and aggregation. Cisco AMP for Endpoints’ actionable dashboards allow for streamlined management and faster response. (see Figure 1)
- Integrated platforms that work better together: Cisco AMP for Endpoints can be fully integrated with the Cisco AMP for Networks solution, and other AMP deployments, to further increase visibility and control across your organization.