05-27-2016 02:47 AM - edited 02-20-2020 09:01 PM
Hi Team.
We have two categories of AMP services , one which is used as firepower services and other one is AMP for endpoints/networks.
Can anyone please throw some light on the differences between them and how exactly they work?
05-27-2016 03:11 AM
Hi
Network amp run on network. It scans the traffic for malicious files when the traffic is passing through a firepower device. So it can detect /prevent file based threats on the network.
AMP for endpoint as the name suggests is an endpoint client which can be installed on windows,mac etc. Its like a security software which scans the end PC and is independent of AMP service on Firepower network device.
AMP for endpoint is managed by separate console cloud account.
Check this out
http://www.cisco.com/c/dam/en/us/td/docs/security/sourcefire/fireamp/fireamp-cloud/FireAMPDeploymentStrategy.pdf
and
http://www.cisco.com/c/en/us/products/security/amp-appliances/index.html
network AMP can be used on any firepower appliance along with its IPS capability (subject to licensing )
Rate if helps.
Yogesh
05-27-2016 03:33 AM
Thanks for such an prompt reply!
It means AMP for endpoints is a software+License installed on endpoints and Other one is a license on firewall , right ?
05-27-2016 03:36 AM
You are right.
09-30-2018 11:23 PM
02-11-2020 09:25 PM
Yes, Any Malware detected on AMP for networks & AMP for Endpoints will be updated to AMP cloud, same will be passed to all registered appliances and Endpoints.
02-13-2020 10:13 AM
Hey, we have a couple of experts discussing this exact topic on our #CiscoChat happening now, check it out:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: