05-13-2020 07:29 AM
Is Cisco Stealthwatch separate from Cisco AMP? Or, is it just another part of Cisco AMP, like WSA and ESA?
Any input is appreciated.
Solved! Go to Solution.
05-13-2020 07:38 AM
05-13-2020 07:38 AM
03-21-2021 10:41 PM
I think where this might be confusing is AMP for Networks instead of AMP for Endpoints.
The brochure information for AMP for Networks seems identical to Stealthwatch, so it's really confusing.
(Cisco renamed Stealthwatch, so I'm probably calling it the wrong thing)
03-22-2021 09:04 AM
AMP for Networks and AMP for Endpoints ("Cisco Secure Endpoint") both use components of Threatgrid in the backend to perform analysis or previously unseen files. They can only act on what they see passing through the firewall (mostly in plain text) or being acted upon by the endpoint.
Stealthwatch ("Cisco Secure Analytics") is a network detection and response solution that uses sensor information (primarily Netflow) to monitor and analyze the network comprehensively. It uses a much more advanced set of machine learning and artificial intelligence capabilities to draw inferences about behavior and threats based on analysis of that information. (And of course it's "reassuringly expensive" to account for that.)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide