05-27-2016 02:47 AM - edited 02-20-2020 09:01 PM
Hi Team.
We have two categories of AMP services , one which is used as firepower services and other one is AMP for endpoints/networks.
Can anyone please throw some light on the differences between them and how exactly they work?
05-27-2016 03:11 AM
Hi
Network amp run on network. It scans the traffic for malicious files when the traffic is passing through a firepower device. So it can detect /prevent file based threats on the network.
AMP for endpoint as the name suggests is an endpoint client which can be installed on windows,mac etc. Its like a security software which scans the end PC and is independent of AMP service on Firepower network device.
AMP for endpoint is managed by separate console cloud account.
Check this out
http://www.cisco.com/c/dam/en/us/td/docs/security/sourcefire/fireamp/fireamp-cloud/FireAMPDeploymentStrategy.pdf
and
http://www.cisco.com/c/en/us/products/security/amp-appliances/index.html
network AMP can be used on any firepower appliance along with its IPS capability (subject to licensing )
Rate if helps.
Yogesh
05-27-2016 03:33 AM
Thanks for such an prompt reply!
It means AMP for endpoints is a software+License installed on endpoints and Other one is a license on firewall , right ?
05-27-2016 03:36 AM
You are right.
09-30-2018 11:23 PM
02-11-2020 09:25 PM
Yes, Any Malware detected on AMP for networks & AMP for Endpoints will be updated to AMP cloud, same will be passed to all registered appliances and Endpoints.
02-13-2020 10:13 AM
Hey, we have a couple of experts discussing this exact topic on our #CiscoChat happening now, check it out:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide