07-07-2015 04:49 PM
Hi
I want to know what its best, AV Sophos or AMP, if customer purchase AMP its necessary purchase Sophos AV????, exists any document with this info??
Regards
07-07-2015 05:14 PM
AMP is the SourceFire Fire AMP product added to the ESA. You should dig in to the docs on that.
At the last product briefing i was at, it waa specifically stated that it's not an Antivirus product. And it works completely differently.
I think you need both.
07-08-2015 12:25 PM
AMP is a closer match to Outbreak Filters than Signature-based AV like Sophos but it uses a lot more information to make decisions.
07-08-2015 05:32 PM
Hello Carlos
As Bob and Ken has explained as well
AMP uses sourcefire AMP engine which was added to the ESA on version 8.5
This utilizes a cloud based scanning for reputation and filetypes to assist with real time updates from sensors and security to malicious attachments.
See AMP Information on ESA:
http://www.cisco.com/c/dam/en/us/products/collateral/security/email-security-appliance/at-a-glance-c45-730848.pdf
As per Sophos which is a traditional anti-virus scanner which relies on the definition files of analyzed strings or fingerprinting structure of an attachment to be matched.
We would suggest trialling the AMP feature initially to see if it fits your criteria for additional file scanning security.
You can work with your account manager to assist with organising a trial license of AMP.
I hope this helps.
Regards,
Matthew
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide