Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3757
Views
0
Helpful
2
Replies

Differences between AMP and Malware protection in the ASA firepower

Go to solution
Anthonize Rajaratne
Level 1
Level 1

‎03-09-2016 07:20 PM - edited ‎02-20-2020 09:00 PM

Hello, 

Do you know what are the main differences between installing AMP on end devices and activating malware services in the Firesight management Center?  

Aren't they do the same or is there any big difference? 

Thanks in advance. 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
yogdhanu
Cisco Employee
Cisco Employee

‎03-17-2016 07:40 AM

Hi

There is difference. AMP on client is end point protection which is controlled by cloud connection and Firesight management center console can be (optional) connected to it to gather client reports as well.

Whereas activating malware services in FMC (firesight) is like a network based AMP which can detect/prevent malware from traffic which is passing through a managed sensor.

End-point AMP is more for client who move around and are not always behind a protected sensor/firewall.

This might shed more light.

http://www.cisco.com/c/dam/en/us/td/docs/security/sourcefire/fireamp/fireamp-cloud/FireAMPDeploymentStrategy.pdf

http://www.cisco.com/c/dam/en/us/td/docs/security/sourcefire/fireamp/fireamp-cloud/FireAMPUserGuide.pdf

Thanks

Yogesh

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎03-09-2016 07:49 PM

I don't know the answer.  I think it adds things like re-mediation, and greater control since it can see the actual executables running.

http://www.cisco.com/c/en/us/products/security/fireamp-endpoints/index.html

0 Helpful

Go to solution
yogdhanu
Cisco Employee
Cisco Employee

‎03-17-2016 07:40 AM

Hi

There is difference. AMP on client is end point protection which is controlled by cloud connection and Firesight management center console can be (optional) connected to it to gather client reports as well.

Whereas activating malware services in FMC (firesight) is like a network based AMP which can detect/prevent malware from traffic which is passing through a managed sensor.

End-point AMP is more for client who move around and are not always behind a protected sensor/firewall.

This might shed more light.

http://www.cisco.com/c/dam/en/us/td/docs/security/sourcefire/fireamp/fireamp-cloud/FireAMPDeploymentStrategy.pdf

http://www.cisco.com/c/dam/en/us/td/docs/security/sourcefire/fireamp/fireamp-cloud/FireAMPUserGuide.pdf

Thanks

Yogesh

0 Helpful
Customers Also Viewed These Support Documents