Global IT giant Cisco has added an advanced malware protection (AMP), originally developed by Sourcefire, into its content security portfolio of products, including web and email security appliances and cloud web security service.

The integration will provide customers worldwide with comprehensive malware-defeating capabilities, including detection and blocking, continuous analysis and retrospective remediation of advanced threats.

The enhanced offering is one of the initial technology integration efforts between Cisco and Sourcefire, and extends the option of advanced malware protection for more than 60 million enterprise and commercial users currently protected with Cisco Content Security solutions.

The advanced malware protection utilises the vast cloud security intelligence networks of both Cisco and Sourcefire.

Cisco has also added ‘Cognitive Threat Analytics,’ acquired last year from Cognitive Security, as an option for Cisco Cloud Web Security customers.

Both Cognitive Threat Analytics and AMP are available on Cisco Cloud Web Security as an optional license.

AMP uses a combination of file reputation, file sandboxing, and retrospective file analysis to identify and stop threats across the attack continuum, instead of relying on malware signatures, which can take weeks or months to create for each new malware sample.

‘File reputation’ analyses file payloads inline as they traverse the network, providing users with the insights required to automatically block malicious files and apply administrator-defined policies using the existing Cisco Web or Email Security user interface and similar policy reporting frameworks.

‘File sandboxing’ utilises a highly secure sandbox environment to analyse and understand the true behaviour of unknown files traversing the network. This allows AMP to glean more granular behaviour-based details about the file and combine that data with detailed human and machine analysis to identify a file’s threat level.  

‘File retrospection’ solves the problem of malicious files that have passed through perimeter defences but are subsequently deemed a threat. It provides continuous analysis, using real time updates from AMP’s cloud-based intelligence network to stay abreast of changing threat levels, thereby helping to identify and address an attack quickly, before it has a chance to spread.

Christopher Young, senior vice president, Cisco, said: “Today’s advanced threats that can attack hosts through a combination of different vectors require a continuous security response versus point in time solutions. Web and email gateways do a large amount of heavy lifting in the threat defense ecosystem, blocking the delivery of malicious content.

“By bringing together AMP and threat analytics with our web, cloud web and email security gateways, we provide our customers with the best advanced malware protection from the cloud to the network to the endpoint.”

On the network, AMP will continue to be an integrated capability in FirePower appliances for next-generation IPS or next-generation firewall, or available as a standalone appliance.

FireAMP solutions will provide endpoint protection for PCs, mobile devices and virtual environments, working with the FirePower and standalone appliance offerings through a connector.

Cisco has also launched the four latest and fastest FirePower appliances, all designed for compatibility with AMP, to fulfil the need for higher-performing appliances capable of advance malware protection increases. - TradeArabia News Service