We have two categories of AMP services , one which is used as firepower services and other one is AMP for endpoints/networks.
Can anyone please throw some light on the differences between them and how exactly they work?
Network amp run on network. It scans the traffic for malicious files when the traffic is passing through a firepower device. So it can detect /prevent file based threats on the network.
AMP for endpoint as the name suggests is an endpoint client which can be installed on windows,mac etc. Its like a security software which scans the end PC and is independent of AMP service on Firepower network device.
AMP for endpoint is managed by separate console cloud account.
Check this out
network AMP can be used on any firepower appliance along with its IPS capability (subject to licensing )
Rate if helps.
Thanks for such an prompt reply!
It means AMP for endpoints is a software+License installed on endpoints and Other one is a license on firewall , right ?
Yes, Any Malware detected on AMP for networks & AMP for Endpoints will be updated to AMP cloud, same will be passed to all registered appliances and Endpoints.
Hey, we have a couple of experts discussing this exact topic on our #CiscoChat happening now, check it out: