Re: AMP for Endpoint or Anti-Virus software ?

Meddane · ‎04-25-2022

Since the tetra antivirus engine is a part of the AMP for endpoint, do we need an Anti-virus software from other vendor in addition the AMP-4-Endpoint?

UMontero · ‎04-25-2022

Nope,

As Tetra is Signature based it will work as your Offline AV solution eliminating the need of a solution from another vendor

Ken Stieers · ‎04-25-2022

Before you go dumping whatever you're currently using, look at all of the features that you might be using.
We'd LOVE to dump Symantec Endpoint Protection, but AMP STILL doesn't have everything we're using from that product:

1. USB control (yes its supposedly coming... )
2. Centralized firewall (they grabbed the firewall code out Anyconnect to do isolation, its not like they couldn't make it work)

Troja007 · ‎04-26-2022

Hello @Meddane ,
Tetra is one part of the whole File Scanning Sequence on Secure Endpoint. But, Secure Endpoint does much more than File Scanning. See Screenshot below:

In Addition to File Scanning on the Endpoint:

The connector sends the Telemetry data to the backend, where it gets processed back for 7days.
If there is a new file, it gets automatically (if enabled) analysed by Malware Analytics.

We also check the Behaviour of the file in nearly real-time on the endpoint as protection and in the backend as detection.

So finally, Secure Endpoint does a lot of more than traditional Anti-Virus on the endpoint, and therefore no other 3rd Party security software for Endpoint protection (EPP/EDR) is needed.

Greetings, Thorsten

johnosn · ‎05-16-2022

It should also be noted that TETRA is not ClamAV in the Windows connector application but is a licensed version of BitDefender.

Similarly, the Exploit Prevention engine is licensed from Morphisec.

Cisco licenses these products and combines them with their own endpoint protection engines in a single package to provide a more complete endpoint protection package which uses a single console.

So, if you want to compare Cisco's TETRA antivirus signatures to other vendors, look to compare the BitDefender signatures and not the ClamAV signatures.

Troja007 · ‎05-16-2022

Hello @johnosn ,

right, Tetra is used for File Scanning and Parts of ClamAV Engine are used for the file type detection.

Greetings,

Thorsten

mandrews · ‎02-15-2023

I know that this is probably closed, but is this still true? Does Tetra still use Bitdefender and Morphesec(and maybe others) for it's engines?

Ken Stieers · ‎02-15-2023

Tetra IS Bitdefender, and yes they're probably still OEM'ing Morphisec's engine as well...

mandrews · ‎02-15-2023

I appreciate that quick response! Someone in our environment found a bitdefender service and immediately reported to us in Security. Looked into it and found this thread. I appreciate the insight.

Troja007 · ‎02-16-2023

Hello @mandrews ,
all good!
So scanning on the endpoint is the base we do with Secure Endpoint. Finally the product and the architecture around the product provides much much more capabilities:

Exploit Prevention: v5 brings more features. It fits to a "Moving Target Defense Strategy" concept.
Behavioral Protection Engine: a sophisticated engines, bringing cloud detection and more to the endpoint. This enables the endpoint to detect an block complex attack scenarios directly on the endpoint.
Cloud Engines: where we constantly enhance the detection capabilities
New options with Secure Client like NVM (where we are able generate ipflow information)
Posture checks
finally, still not a complete feature list here....

Greetings, Thorsten