cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

725
Views
0
Helpful
4
Replies
Highlighted
Cisco Employee

Anti-Malware without Internet access

Hi Team,

I have a customer who is requiring an Anti-Malware solution for their Servers and Workstations which are not connected to Internet.

The customer has an isolated environment and they are looking for an Anti-Malware solution without Internet access.

As I understand Cisco AMP requires connection to AMP Cloud or AMP Threat Grid Cloud to provide high level of protection.

I was thinking in a possible On-Premise solution using AMP Private Cloud and Private Threat Grid combination but this solutions still requires Internet connection for security updates of on-premise devices. 

The customer is checking Stormshield, Palo Alto and Carbon Black solutions.

Any suggestion of solution for this case ?

Thanks in advance.

Everyone's tags (1)
4 REPLIES 4
Contributor

Re: Anti-Malware without Internet access

Hi Guillermo,

I`d guess every solution needs some kind of updates from the cloud, something like AMP private cloud does.

Otherwise, how can these solutions promise up-to-date defense?

Cisco Employee

Re: Anti-Malware without Internet access

Hello Guillermo,

I think you are spot on, AMP Private Cloud and Threat Grid Appliance are an option for customers who want all their data to stay on-prem. While not recommended from the security standpoint, both of them can be deployed in Air Gap mode (completely isolated from the Internet). There is a process for offline updates for air-gapped PC and TG appliances (documented and officially supported for AMP PC; not official and requires a TAC ticket for TG).

Cisco Employee

Re: Anti-Malware without Internet access

Thanks Evgeny,

Please, excuse me the delay in answer.

We explained to the customer about this situation.  We explained the possibility in On-Premise solution.

Finally the customer explain the detailed situation and AMP Private Cloud is not the best solution. 

Their endpoints will not have any connectivity to Internet or internal network, only the endpoints will connect to the network during change windows for software updates (2 or 3 times a year).

We explained to the customer that AMP Solution is not the solution for this case.

Thanks for your comments.

Cisco Employee

Re: Anti-Malware without Internet access

Hello,

i had this discussion very often when working as a security consultant. Enclosed some information from my side or my point of view.

  • We know signature based approach is not enough for real security. It delivers a basic protection. Removing cloud information reduces the capabilities of signature based approach up to 80%. At the end there is an outdated technology installed on the endpoint. There is no vendor on the market which does not need cloud information.
  • We know sophisticated malware cannot be detected by signature based approach.

Is the customer aware of this??

Finally, are there any other security products installed on the endpoints? If no, the customer, again my point of view, is not aware how critical systems should be protected AND if it is really so critical, which other security solutions/approaches/techniques are in place?

Cheers