01-29-2020 10:28 PM - edited 02-20-2020 09:12 PM
Any one have AMP & Cisco Umbrella POC or deployment guide, its very needed provide to me.
Solved! Go to Solution.
02-03-2020 03:56 PM
@na let me know if above response clarified your query.
Please rate the reply helpful or accepted as solution as it will help others when they go through this post.
01-30-2020 03:54 PM
Hi,
Most of the POV guides are available on the salesconnect. I copied some of the useful links for you:
AMP4E POV Best Practices:
https://salesconnect.cisco.com/open.html?c=db474b72-4df1-4e45-b802-5579a2c53004
AMP4E Deployment Best Practices - Part 1 of 3
https://salesconnect.cisco.com/open.html?c=6c10c0f6-7c0c-4a11-9bcb-2a8c64ede914
AMP4E Deployment Best Practices - Part 2 of 3
https://salesconnect.cisco.com/open.html?c=89019dce-43c0-4f96-a5b2-fc56d5a27b1a
AMP4E Deployment Best Practices - Part 3 of 3
https://salesconnect.cisco.com/open.html?c=25f24d87-b6a4-4096-a9d5-ff581f474916
For Umbrella Umbrella POV Best Practices:
https://salesconnect.cisco.com/open.html?c=7cde65fd-5ced-4d41-b540-c895d250306d
01-30-2020 10:12 PM
Hi Muhammad,
thanks for your positive acknowledged,
i have a query, if we want a fully E-mail and (DLP ) security in our network what will be the best solution for deployment. i want to deploy fully cisco architecture. so plz suggest me Which option is the best between WSA and cisco Umberella & AMP deployment. If I use Cisco Umberella & amp, for end point security that is enough or WSA is also is the best option.
01-30-2020 10:38 PM - edited 01-30-2020 11:16 PM
Hi,
If your company is fine with cloud based approach and if you are already using office 365.over cloud then go with Cisco Cloud Email Security with Premium license + AMP Add on. Premium will give you inbound and outbound. With outbound, you will be having DLP over email.
AMP for End Points is next generation end point security which you can go with Cloud base approach.
For web security, WSA is a on-premises based full web proxy while Umbrella is cloud based. WSA cannot do itself DLP but can be integrated with other DLPs. Further there are some unique features like ba bandwidth quota management which is unique to Cisco. It do also supports AMP.
For Umbrella, it is cloud based approach that works on DNS security. There are multiple packages available with Umbrella like DNS essentials , DNS advantage and Secure Internet Gateway Essentials. From features perspective, the Umbrella Secure Internet Gateway Essentials is somehow close to WSA in terms of features. Have a look on these packages. If you ask my opinion, then I would suggest go with Umbrella since it is easy to deploy and manage solution and can cover most of the Web security functionality. In addition, this package can offer CASB which will do DLP for some applications like Dropbox,box,webex. This is something unique in this package which you will not find in WSA. also, protection for roaming client. With WSA you cannot protect your laptops and mobile devices if you are off network unless you turn on VPN which rarely people will do. Having umbrella connector on the devices will make your devices always protected, whether you are inside or outside of your network. This is something which make people choose most of the times Umbrella over WSA and this roaming protection feature is available in all the new Umbrella packages.
For firewall, we have Next Generation Cisco Firepower appliances that are well known in market for NGFW functions + NGIPS + IPS + Content Filtering, all in one in box.
All the above mentioned Cisco security products can be integrated with each other using the feature called AMP. AMP can share contextual information with all the products which help us to correlate event which accelerates key security functions such as investigation, detection and remediation. For such integration, we can use Cisco threat response which comes at 0$ when we buy Cisco security products. It is actually a threat hunting tool that can talk to Cisco security products.
01-30-2020 11:30 PM
Thank Muhammads for your suggestions it is really help full for me, so if i am using cisco Umberella which cover most of the Web security functionality. and AMP for endpoints security. then not need to deploy WSA.
because in my network the pain area is threat prevention. Email security (DLP over email), web security.
01-30-2020 11:34 PM - edited 01-30-2020 11:44 PM
Hi,
Yes you are right! With Umbrella, There will be no need for WSA.
There is free trial available for all these products but you need to contact local Cisco rep or partner. For Umbrella, you can start instant trial by yourself. Login to https://dashboard.umbrella.com and sign up for 14 days free trial.
01-31-2020 12:39 AM
if am going for the NGFW (FTD), can i manage by using the virtual FMC means not need to purchase separate box to manage firepower.
after purchasing FTD i need to purchase license for IPS/IDS and web filtering or it will be inbuilt with the FTD box.
01-31-2020 01:09 AM
Hi,
Yes you can manage through virtual FMC but need to buy license also for virtual FMC. Firepower 1000 and 2000 series also supports on box device manager called FDM or firepower device manager which does not need any license.
There are three features that requires license with NGFW which are IPS, AMP and Content/url filtering
01-31-2020 04:14 PM
I hope above is clear and POV document links worked for you. Let me know for any further info:
best regards,
Awais
Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
01-31-2020 09:18 PM
Hi Muhammad,
thanks for your guidance, it is very help full for me i have prepared POC document. can you tell me about the licensing for cisco Umbrella & AMP. i have 14 day free trial for Umbrella, after this i have to purchase license to continue all the features of umbrella. Cisco Cloud Email Security with Premium license + AMP. (for AMP any additional license will be require )
01-31-2020 11:56 PM
Hi,
For Umbrella, we have 3 Packages, i am attaching the snapshot for the features comparsion. Out of three pakages, Umbrella DNS Advantage is the most common one but you can choose the best one that suits your needs.
For AMP4E, as of today there is one package only but they recently announce two new packages for AMP4E which will be orderable very soon. I am attachiing the features comparsion of it.
02-03-2020 03:56 PM
@na let me know if above response clarified your query.
Please rate the reply helpful or accepted as solution as it will help others when they go through this post.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide