We have procured Cisco AMP.Right now we are in deployment phase,where we stuck up with challenge.
We have procured cisco AMP Endpoint Cloud service.
Deployment in Dektop/Laptop works ok.
The challenge we face is deployment is in the server zone where the requirement is to configure the server to connect with AMP Server which is hosting in the Cloud. Here is the challenge as we do not want the AMP client on the server to communicate to the cloud over Internet,as we do not want this server to connect to internet at all for any update in policies or signature as this are mission critical servers
Is there any alternative way to update this amp client without connecting to the Cloud ,like configuring a super agent or GUP type system.
Basically, the AMP for endpoints connector is used to query the AMP service in the cloud for:
the disposition of file hashes (good / bad / unknown)
update the TETRA (the built-in AV) definitions
send files to ThreatGrid for dynamic analysis
You can move the TETRA updates to an on-prem appliance (free download).
The problem is the file disposition lookups. Currently, you can have AMP in the public cloud, or you can have a private cloud (virtual appliance that you host in your datacenter). What you cannot do today is mix those in the same "business" and have them share data.
My suggestions (in order):
Approve your servers ability to speak to the AMP public cloud, locking down the communication to only the required hosts & ports.
Speak to your account team about splitting your purchased licenses between public cloud and private cloud & install a private cloud in your local datacenter just for the servers.
Keep in mind, you will be managing two different AMP installs. One for the endpoints, and one for the servers.
Move to AMP private cloud for all of your endpoints.
My least favorite option, because new functions / features are added to private cloud on a lag/delay as compared to public cloud.
Meet the Authors Event - CCIE Security in a Remote and Cloud Driven Network: SASE and Beyond
(Live event – Thursday, 29th, 2021 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris)
This event will have place on Thursday 29th, April 2021 at 10...
Application Protection, Availability & Security
Join our webinar May 6th to gain valuable industry insights into the most recent application cyber attacks and to understand the potential impact bot traffic is having on your business.
The purpose of this document is to demonstrate how ISE authenticate / authorize a user that uses a smart card (PIN + Certificate) and password mechanism to login their system. This document describes the components used for this setup, configuration of IS...
For all versions of the Email Security Appliance (ESA) and Security Management Appliance (SMA), some Secure Sockets Link (SSL) certificates issued from the QuoVadis root certificate authority (CA) trust chain before 2021-03-31 cannot b...