sourcefire AMP for email

saimunpial · ‎10-15-2014

Hello,

we have presently cisco Ironport web and email appliances and we are planning to implement Cisco next generation firewall with Cisco FirePOWER IPS, AMP and URL license for the IPS. So my question is regarding cisco's ironport email. May be my question could be a foolish query. But I would like to know whether it is possible to use sourcefire AMP for email too. Because we want to replace the web. But we want to keep the Ironport email only for antispam. So may be to buy again antivirus/antimalware license from ironport mail won't make any sense if sourcefire IPS can do that job already.

Best regards

Saimun

Paul Cardelli · ‎11-22-2014

Remember we have to succeed in blocking every threat, and the bad guys only need to succeed once. I would say it is a mistake to only rely on one AV or AMP product to protect your network. With email being the most target entry into your network you will want to have all the protection you can get even if using the same engine.

A good illustration of why you should not rely on just a single AV to protect your network is the graph on http://www.senderbase.org/static/malware/#tab=0. Every malware vendor detects and protects against new threats at different speeds. Cisco does a pretty good job catching most of the threats, but every once in a while another engine detects a threat house and sometimes days before Cisco does.

Also AMP in E-mail will probably react different then AMP on network or endpoint. URL filtering is now included on ESA where it previously required the web security appliance. If you want bullet proof, or as close as it get you will keep you ESA/Ironport with AMP and two AVs. That way most threats will be detected one of the security layers.

You always have a decision.