A networking giant going toe-to-toe with malware threats? Yes, Cisco just announced it has added Advanced Malware Protection (AMP) to its Content Security Portfolio of products. Originally developed by Sourcefire, AMP is making its way into Cisco technologies like Web and e-mail security
appliances and its Cloud Web Security Service.
Call it the first fruits of Cisco’s Sourcefire acquisition. The new integration aims to offer customers comprehensive malware-defeating capabilities, including detection and blocking, continuous analysis and retrospective remediation of advanced threats.
“Today’s advanced threats that can attack hosts through a combination of different vectors require a continuous security response versus point in time solutions,” said Christopher Young, senior vice president, Cisco Security Business Group. “Web and e-mail gateways do a large amount of heavy lifting in the threat defense ecosystem, blocking the delivery of malicious content. By bringing together AMP and threat analytics with our Web, Cloud Web and e-mail security gateways, we provide our customers with the best advanced malware protection from the cloud to the network to the endpoint.”
Before, During and After Attacks
AMP taps the cloud security intelligence networks of both Cisco and Sourcefire. Like the attacks it is designed to protect against, AMP evolves to provide continuous monitoring and analysis across the extended network and throughout the full attack continuum. That means before, during and after an attack.
By combining Sourcefire’s knowledge of advanced threats and analytics expertise with Cisco’s e-mail and Web security solutions, the company said its customers will benefit from more visibility and control combined with a seamless approach to addressing advanced malware problems.
But Cisco didn’t stop there. The company also added Cognitive Threat Analytics, acquired last year via Cognitive Security, as an option for Cisco Cloud Web Security customers. Cognitive Threat Analytics is an intuitive, self-taught system that uses behavioral modeling and anomaly detection to identify malicious activity and reduce time to discovery of threats operating inside the network. With this integration, Cisco addresses the broadest range of attack vectors across the extended network.
“Bringing the AMP technology to the Cisco Web and e-mail security appliances and Cloud Web Security Services is a smart move that will greatly benefit customers in their efforts to protect against today’s rapidly evolving threats,” said Damon Rouse, IT Director at Epsilon System Solutions. “AMP is the only solution we’ve seen that can combine the power of sandboxing with the innovation of file retrospection; it has helped to put us in a better position to further mitigate the impact of potential attacks.”
Network Professionals Focus on Security
Here’s how it works: Instead of relying on malware signatures, which can take weeks or months to create for each new malware sample, AMP uses a combination of file reputation, file sandboxing, and retrospective file analysis to identify and stop threats across the attack continuum.
File reputation analyzes file payloads inline as they traverse the network. File sandboxing utilizes a highly secure sandbox environment to analyze and understand the true behaviors of unknown files traversing the network. And File retrospection solves the problem of malicious files that have passed through perimeter defenses but are subsequently deemed threats.
We asked Zeus Kerravala, principal analyst at ZK Research, for his thoughts on the new integrations. He told us security is becoming a top initiative for network professionals.
“Cisco is targeting what has been traditional IT network security. Clearly, a vast segment of IT is cloud. So I think targeting cloud-based applications is the right thing for them to do,” Kerravala said. “In fact, Cisco’s vision is more of an IT-as-a-service model. So with their goal of becoming the number one IT vendor, protecting the enterprise from these threats makes a lot of sense.”