cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2857
Views
0
Helpful
2
Replies

Need HELP in solution on AMP endpoint

poi867
Level 1
Level 1

We have procured Cisco AMP.Right now we are in deployment phase,where we stuck up with challenge.

We have procured cisco AMP Endpoint Cloud service.

Deployment in Dektop/Laptop works ok.

The challenge we face is deployment is in the server zone where the requirement is to configure the server to connect with AMP Server which is hosting in the Cloud. Here is the challenge as we do not want the AMP client on the server to communicate to the cloud over Internet,as we do not want this server to connect to internet at all for any update in policies or signature as this are mission critical servers

Is there any alternative way to update this amp client without connecting to the Cloud ,like configuring a super agent or GUP type system.

Require urgent help on this.

2 Replies 2

Aaron Woland
Cisco Employee
Cisco Employee

Basically, the AMP for endpoints connector is used to query the AMP service in the cloud for:

  • the disposition of file hashes (good / bad / unknown)
  • update the TETRA (the built-in AV) definitions
  • send files to ThreatGrid for dynamic analysis

You can move the TETRA updates to an on-prem appliance (free download).

The problem is the file disposition lookups. Currently, you can have AMP in the public cloud, or you can have a private cloud (virtual appliance that you host in your datacenter). What you cannot do today is mix those in the same "business" and have them share data.

My suggestions (in order):

  1. Approve your servers ability to speak to the AMP public cloud, locking down the communication to only the required hosts & ports.
  2. Speak to your account team about splitting your purchased licenses between public cloud and private cloud & install a private cloud in your local datacenter just for the servers.
    • Keep in mind, you will be managing two different AMP installs.  One for the endpoints, and one for the servers.
  3. Move to AMP private cloud for all of your endpoints.
    • My least favorite option, because new functions / features are added to private cloud on a lag/delay as compared to public cloud.

poi867
Level 1
Level 1

Thankyou Aaron.

1.Pain is to open this servers to internet which will be to own up added risk.

Option 2 looks good to me,if vendor agree to splitup license

option 3 will be worst case if negotiation fails.