I have a customer who is requiring an Anti-Malware solution for their Servers and Workstations which are not connected to Internet.
The customer has an isolated environment and they are looking for an Anti-Malware solution without Internet access.
As I understand Cisco AMP requires connection to AMP Cloud or AMP Threat Grid Cloud to provide high level of protection.
I was thinking in a possible On-Premise solution using AMP Private Cloud and Private Threat Grid combination but this solutions still requires Internet connection for security updates of on-premise devices.
The customer is checking Stormshield, Palo Alto and Carbon Black solutions.
Any suggestion of solution for this case ?
Thanks in advance.
I`d guess every solution needs some kind of updates from the cloud, something like AMP private cloud does.
Otherwise, how can these solutions promise up-to-date defense?
I think you are spot on, AMP Private Cloud and Threat Grid Appliance are an option for customers who want all their data to stay on-prem. While not recommended from the security standpoint, both of them can be deployed in Air Gap mode (completely isolated from the Internet). There is a process for offline updates for air-gapped PC and TG appliances (documented and officially supported for AMP PC; not official and requires a TAC ticket for TG).
Please, excuse me the delay in answer.
We explained to the customer about this situation. We explained the possibility in On-Premise solution.
Finally the customer explain the detailed situation and AMP Private Cloud is not the best solution.
Their endpoints will not have any connectivity to Internet or internal network, only the endpoints will connect to the network during change windows for software updates (2 or 3 times a year).
We explained to the customer that AMP Solution is not the solution for this case.
Thanks for your comments.
i had this discussion very often when working as a security consultant. Enclosed some information from my side or my point of view.
Is the customer aware of this??
Finally, are there any other security products installed on the endpoints? If no, the customer, again my point of view, is not aware how critical systems should be protected AND if it is really so critical, which other security solutions/approaches/techniques are in place?