We have procured Cisco AMP.Right now we are in deployment phase,where we stuck up with challenge.
We have procured cisco AMP Endpoint Cloud service.
Deployment in Dektop/Laptop works ok.
The challenge we face is deployment is in the server zone where the requirement is to configure the server to connect with AMP Server which is hosting in the Cloud. Here is the challenge as we do not want the AMP client on the server to communicate to the cloud over Internet,as we do not want this server to connect to internet at all for any update in policies or signature as this are mission critical servers
Is there any alternative way to update this amp client without connecting to the Cloud ,like configuring a super agent or GUP type system.
Basically, the AMP for endpoints connector is used to query the AMP service in the cloud for:
the disposition of file hashes (good / bad / unknown)
update the TETRA (the built-in AV) definitions
send files to ThreatGrid for dynamic analysis
You can move the TETRA updates to an on-prem appliance (free download).
The problem is the file disposition lookups. Currently, you can have AMP in the public cloud, or you can have a private cloud (virtual appliance that you host in your datacenter). What you cannot do today is mix those in the same "business" and have them share data.
My suggestions (in order):
Approve your servers ability to speak to the AMP public cloud, locking down the communication to only the required hosts & ports.
Speak to your account team about splitting your purchased licenses between public cloud and private cloud & install a private cloud in your local datacenter just for the servers.
Keep in mind, you will be managing two different AMP installs. One for the endpoints, and one for the servers.
Move to AMP private cloud for all of your endpoints.
My least favorite option, because new functions / features are added to private cloud on a lag/delay as compared to public cloud.
GeneralWhich Cisco Secure products include access to SecureX?What are the SecureX data retention/privacy policies?What is SSE?How can I unlink my smart account from SSE and link it to a new account?Do I have to use the same SSE region as the SecureX regio...
More people are working remotely, and this increases the risk of security breaches and the difficulty in defending remote workers where they work and securing the devices they use.
Learn about Cisco Remote Secure Worker solutions that verify workers, secu...
GeneralWhich Cisco Secure products include access to SecureX?What are the SecureX data retention/privacy policies?What is SSE?How can I unlink my smart account from SSE and link it to a new account?Do I have to use the same SSE region as the Secur...
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr...