10-22-2019 09:49 AM - edited 02-20-2020 09:11 PM
Hello,
does it make sense to use AMP for Endpoints and also an AMP license on the Email Security Appliance (ESA)?
AMP for endpoints is installed on every client and server so we are just wondering if licensing also the ESA appliance with AMP would provide additional security?
Thanks a lot and best regards
David
Solved! Go to Solution.
10-22-2019 11:32 AM
10-23-2019 01:44 AM
Hello @DOMJAHN DAVID,
from detection perspective and from a Threat Investigation perspective, both makes sense. Because, both products are not only doing Just-in-Time detection. They are also generating "Sensor Data" to enable Threat Response.
E-mail and Endpoint Integration into Threat Response: For forensics, the example shows how CTR shows the Relation Graph, if both products are integrated into CTR.
Answered question by E-mail integrated into CTR?
In addition, all information from the endpoint, if this hash was seen, who generated the hash, which e.g. command line was executed by the hash. You als can use "Unity" to see a whole timeline, when a hash was seen and how the product handled the hash.
Hope this helps,
Greetings, Thorsten
10-22-2019 11:32 AM
10-23-2019 01:44 AM
Hello @DOMJAHN DAVID,
from detection perspective and from a Threat Investigation perspective, both makes sense. Because, both products are not only doing Just-in-Time detection. They are also generating "Sensor Data" to enable Threat Response.
E-mail and Endpoint Integration into Threat Response: For forensics, the example shows how CTR shows the Relation Graph, if both products are integrated into CTR.
Answered question by E-mail integrated into CTR?
In addition, all information from the endpoint, if this hash was seen, who generated the hash, which e.g. command line was executed by the hash. You als can use "Unity" to see a whole timeline, when a hash was seen and how the product handled the hash.
Hope this helps,
Greetings, Thorsten
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: