Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5155
Views
0
Helpful
3
Replies

Questions on AMP Endpoint

dvitko
Level 1
Level 1

‎01-16-2017 08:01 AM - edited ‎02-20-2020 09:03 PM

We are currently looking to replace our current anti-virus solution (AVG) with a new product.  I have been looking into the new Advance AV products, actually have CrowdStrike Falcon running on some test devices, but wanted to look into AMP since we are running Firepower already.  I have a couple questions for users that are running AMP for the End Point. 

Do you also need to run another AV product or does AMP take care of everything?

If AMP finds something will it send an alert?

Are you able to contain or take off the network with a click on the console if a device is affected.

Thanks,

Dave

Labels:
0 Helpful
3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

‎01-16-2017 07:38 PM

AMP for Endpoints can run either standalone, or as a complimentary solution with antivirus.

0 Helpful

nspasov
Cisco Employee
Cisco Employee

‎01-17-2017 12:12 PM

Hi Dave, my answers below:

Do you also need to run another AV product or does AMP take care of everything?

NS: You have to be more specific when you say "everything" :) The reason I say that is because most A/V vendors today offer a lot more than just A/V. For instance HIP (Host Intrusion Prevention), Disk Encryption, DLP, etc. If we are strictly talking about A/V then the answer is YES. AMP for endpoint has A/V engine running under the hood (Tetra - Windows, Clam A/V - MAC and Linux). There is still a free A/V version of AMP and it is called Immunet. You can check it out here:

http://www.immunet.com/

If AMP finds something will it send an alert?

NS: Yes, you will be alerted via e-mail if a malware event occurs. In addition, if you have the AMP Cloud Console integrated with FirePOWER Management Center then you will get events there as well. 

Are you able to contain or take off the network with a click on the console if a device is affected.

NS: No, AMP by itself does not have such capability. However, if you have ISE and FirePOWER Management Center deployed on your network, then you can integrate these products via pxGrid. With such integration, a malware event can signal ISE to quarantine the compromised host and not allow it on your network (Wired, Wireless, VPN). 

I hope this helps!

Thank you for rating helpful posts!

Thank you for rating helpful posts!
0 Helpful

Farhan Mohamed
Cisco Employee
Cisco Employee

‎01-31-2017 02:06 AM

If we are strictly talking about A/V then the answer is YES. AMP for endpoint has A/V engine running under the hood (Tetra - Windows, Clam A/V - MAC and Linux). There is still a free A/V version of AMP and it is called Immunet. You can check it out here:

http://www.immunet.com/

Yes, you will be alerted via e-mail if a malware event occurs. In addition, if you have the AMP Cloud Console integrated with FirePOWER Management Center then you will get events there as well. 

Are you able to contain or take off the network with a click on the console if a device is affected.

NS: No, AMP by itself does not have such capability. However, if you have ISE and FirePOWER Management Center deployed on your network, then you can integrate these products via pxGrid. With such integration, a malware event can signal ISE to quarantine the compromised host and not allow it on your network (Wired, Wireless, VPN). 

AMP for Endpoints can run either standalone, or as a complimentary solution with antivirus in nutshell.

0 Helpful
Customers Also Viewed These Support Documents