I have a customer who is requiring an Anti-Malware solution for their Servers and Workstations which are not connected to Internet.
The customer has an isolated environment and they are looking for an Anti-Malware solution without Internet access.
As I understand Cisco AMP requires connection to AMP Cloud or AMP Threat Grid Cloud to provide high level of protection.
I was thinking in a possible On-Premise solution using AMP Private Cloud and Private Threat Grid combination but this solutions still requires Internet connection for security updates of on-premise devices.
The customer is checking Stormshield, Palo Alto and Carbon Black solutions.
I think you are spot on, AMP Private Cloud and Threat Grid Appliance are an option for customers who want all their data to stay on-prem. While not recommended from the security standpoint, both of them can be deployed in Air Gap mode (completely isolated from the Internet). There is a process for offline updates for air-gapped PC and TG appliances (documented and officially supported for AMP PC; not official and requires a TAC ticket for TG).
i had this discussion very often when working as a security consultant. Enclosed some information from my side or my point of view.
We know signature based approach is not enough for real security. It delivers a basic protection. Removing cloud information reduces the capabilities of signature based approach up to 80%. At the end there is an outdated technology installed on the endpoint. There is no vendor on the market which does not need cloud information.
We know sophisticated malware cannot be detected by signature based approach.
Is the customer aware of this??
Finally, are there any other security products installed on the endpoints? If no, the customer, again my point of view, is not aware how critical systems should be protected AND if it is really so critical, which other security solutions/approaches/techniques are in place?