You asked about CSA - an

latenaite2011 · ‎07-07-2016

Good day!

I need to get a product replacement for Cisco Security Agent as it is no longer available to be installed on a server. What would be a good recommendation for this?

thanks,

LN

Marvin Rhoads · ‎07-08-2016

AMP for Endpoints would be the closest match among the currently offered Cisco products. It is much better suited for the current set of Malware threats.

http://www.cisco.com/c/en/us/products/collateral/security/fireamp-endpoints/datasheet-c78-733181.html

latenaite2011 · ‎07-09-2016

Thanks Marvin for this.

I know the AMP module is a module with the ASA appliance. I need high availability. Will AMP support HA such that if we have a primary ASA with AMP and a secondary ASA with another AMP module, HA will work?

Upon failover, the existing sessions will be terminated and new connections will need to be passed through to the second ASA and AMP module? Or the existing connections/sessions will be carried over to the secondary ASA/AMP?

thanks,

LN

Marvin Rhoads · ‎07-09-2016

You asked about CSA - an endpoint security product. AMP for Endpoints is a good current product for that sort of functionality.

AMP at the network edge is indeed available as a licensed feature in the ASA FirePOWER modules as well as on dedicated FirePOWER appliances like the Series 3, FirePOWER 4100 and 9300 series, etc. It is also available as an add-on to ESA, on ISR router platform etc.

In the case of an HA pair (or clustered set) of ASAs with FirePOWER modules running AMP, TCP connection state (and UDP flow awareness) is retained among the base firewalls but not among the FirePOWER modules. So you would potentially not get an accurate disposition of a file if its transfer was in process during the moment of failover.

Replacement product for Cisco Security Agent