cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4077
Views
3
Helpful
9
Replies

AMP for Endpoint or Anti-Virus software ?

Meddane
VIP
VIP

Since the tetra antivirus engine is a part of the AMP for endpoint, do we need an Anti-virus software from other vendor in addition the AMP-4-Endpoint?

9 Replies 9

UMontero
Cisco Employee
Cisco Employee

Nope,

 

As Tetra is Signature based it will work as your Offline AV solution eliminating the need of a solution from another vendor

Before you go dumping whatever you're currently using, look at all of the features that you might be using.
We'd LOVE to dump Symantec Endpoint Protection, but AMP STILL doesn't have everything we're using from that product:

1. USB control (yes its supposedly coming... )
2. Centralized firewall (they grabbed the firewall code out Anyconnect to do isolation, its not like they couldn't make it work)

Troja007
Cisco Employee
Cisco Employee

Hello @Meddane ,
Tetra is one part of the whole File Scanning Sequence on Secure Endpoint. But, Secure Endpoint does much more than File Scanning. See Screenshot below:

SecureEndpoint-Engines v1.5.png

In Addition to File Scanning on the Endpoint:

  • The connector sends the Telemetry data to the backend, where it gets processed back for 7days.
  • If there is a new file, it gets automatically (if enabled) analysed by Malware Analytics.

 

We also check the Behaviour of the file in nearly real-time on the endpoint as protection and in the backend as detection.

SecureEndpoint-Engines v1.5_Behavioral.png

 

So finally, Secure Endpoint does a lot of more than traditional Anti-Virus on the endpoint, and therefore no other 3rd Party security software for Endpoint protection (EPP/EDR) is needed.

Greetings, Thorsten

johnosn
Level 1
Level 1

It should also be noted that TETRA is not ClamAV in the Windows connector application but is a licensed version of BitDefender.
Tetra.png

Similarly, the Exploit Prevention engine is licensed from Morphisec.

ExPrev.png

Cisco licenses these products and combines them with their own endpoint protection engines in a single package to provide a more complete endpoint protection package which uses a single console.

So, if you want to compare Cisco's TETRA antivirus signatures to other vendors, look to compare the BitDefender signatures and not the ClamAV signatures.

Hello @johnosn ,

right, Tetra is used for File Scanning and Parts of ClamAV Engine are used for the file type detection.

Greetings,

Thorsten

mandrews
Level 1
Level 1

I know that this is probably closed, but is this still true? Does Tetra still use Bitdefender and Morphesec(and maybe others) for it's engines?

Tetra IS Bitdefender, and yes they're probably still OEM'ing Morphisec's engine as well...

I appreciate that quick response! Someone in our environment found a bitdefender service and immediately reported to us in Security. Looked into it and found this thread. I appreciate the insight.

Hello @mandrews ,
all good!
So scanning on the endpoint is the base we do with Secure Endpoint. Finally the product and the architecture around the product provides much much more capabilities:

  • Exploit Prevention: v5 brings more features. It fits to a "Moving Target Defense Strategy" concept.
  • Behavioral Protection Engine: a sophisticated engines, bringing cloud detection and more to the endpoint. This enables the endpoint to detect an block complex attack scenarios directly on the endpoint.
  • Cloud Engines: where we constantly enhance the detection capabilities
  • New options with Secure Client like NVM (where we are able generate ipflow information)
  • Posture checks
  • finally, still not a complete feature list here.... 

 

Troja007_0-1676571896663.png

Greetings, Thorsten