Cisco AMP for Endpoints: EDR Product Overview and Insight

Thursday Jun 22nd 2017 by Drew Robb
Share:

We review Cisco AMP for Endpoints, an EDR solution with a 100% score from NSS Labs for malware and exploit detection and the ability to block 20 billion threats a day.

See the complete list of top 10 Endpoint Detection and Response solutions.

Company description: Cisco began as a networking pioneer more than 30 years ago, then became a major player in storage before moving into other areas of IT including security. It trades on NASDAQ as CSCO.

Product description: Cisco AMP (Advanced Malware Protection) for Endpoints provides visibility, context and control to prevent attacks, and if malware gets in, detects it and responds before damage can be done. Cisco's team of threat researchers continuously feeds threat intelligence into AMP for Endpoints. It uses a framework of complementary detection engines, including one-to-one signatures, fuzzy fingerprinting, machine learning and an AV detection engine. A sandbox automatically analyzes unknown files against over 700 behavioral indicators to detect malicious files, block and quarantine.

Markets and use cases: It is especially strong in banking, finance, government, healthcare, education, retail, and manufacturing.

Agents: An agent (connector) is deployed on Mac, Windows, Android and Linux (CentOs and RedHat) for laptops/desktops, Windows Server, Linux Server, smartphones and tablets. AMP for Endpoints also delivers agentless detection if a host does not (or cannot) have an agent installed. Using Cisco's Cognitive Threat Analytics (CTA) technology, AMP inspects web proxy logs to uncover things like memory-only malware and infections that live in a web browser only.

Applicable metrics: 14 integrated detection techniques. 1.5 unique malware samples per day, and 20 billion threats blocked per day. Rapid detection capabilities and a 100% score from NSS Labs for malware, exploit and evasion detection.

Security qualifications: HIPAA, PCI

Intelligence: Adaptive intelligence engines, automation for detection and response, and machine learning are built into the inspection engine that looks at incoming files onto the endpoint.

Delivery: Cloud (software as a service), private cloud or an on-premises appliance

Pricing: Pricing is dependent on subscription term of 1, 3, or 5 years, and then based on a tiered model of # of endpoints protected. For instance, the price per user could be different if the organization chooses a 1-year subscription and protects 500 endpoints vs. a 3-year subscription and 50,000 users. The longer the subscription term and the more endpoints protected, the lower the cost per user.

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved