Cisco Blogs


Cisco Blog > Security

NSS Labs Breach Detection Systems Testing Demonstrates Why Threat Protection Must be Continuous

Long before becoming a part of Cisco, the Sourcefire team was aggressively addressing the advanced malware challenges our customers face daily. We believe that the most effective way to address these challenges is a continuous Advanced Malware Protection (AMP) approach that does more than just track malware at a point in time, but is also unrelenting in both monitoring and applying protection. Cisco shares this vision, which is why the combination of our technologies is so powerful. It’s not just about the network, or just about the endpoint— it’s about connecting these and everything in between for complete protection.

While our customers knew it and we knew it, the industry at large can now be certain that this continuous approach is the most effective for addressing advanced threats. NSS Labs tested AMP along with other security solutions for its 2014 Breach Detection System Security Value Map (SVM) and Product Analysis Report (PAR). NSS Labs defines Breach Detection Systems as solutions that provide enhanced detection of advanced malware, zero-day and targeted attacks that could bypass traditional defenses. The SVM results speak for themselves:

NSS Labs Breach Detection SVM Graphic

The SVM is a unique graphical representation of the security effectiveness and value of tested products. It’s no surprise to us that AMP scored as high as it did, but the results are great validation of our commitment to delivering this leading protection with the best total cost of ownership (TCO).

The SVM is also further proof that solutions marketed at addressing targeted advanced persistent threats (APT) and zero-day attacks can’t stop at only offering point-in-time detection. Advanced Malware Protection is the only solution to offer continuous analysis, retrospective security, and multi-source Indicators of Compromise (IoC) for protection before, during and after attacks across the extended network. These capabilities address an important gap that exists in all point-in-time products. Our AMP solution provides the continuous capability to “go back in time” and retrospectively identify and then remediate files that initially evade defenses.

Some highlights from testing:

  • AMP has the lowest TCO of any product tested
  • AMP is a leader in security effectiveness achieving detection of 99 percent of all tested attacks
  • AMP excelled in time-to-detection, catching threats faster than competing Breach Detection Systems

When we talk about AMP with our customers, we call it “AMP Everywhere” because it can protect from the cloud to the network to the endpoint. It has been available as a connector for endpoints and mobile devices, a standalone appliance, and as part of Next-Generation Firewall and Next-Generation IPS for the last two years. It has also recently been integrated into Cisco’s portfolio of Web and Email Security Appliances and Cloud Web Security. With web and email interactions remaining one of the primary vectors for malware infection in organizations, AMP integration on our leading email appliance and web security gateways provides our customers with even stronger protection wherever a threat can manifest itself.

“AMP Everywhere” is a reality. An extremely effective one, at that. I encourage you to see the results for yourself. Download a free copy of the 2014 NSS Labs Breach Detection Systems SVM and PAR for Advanced Malware Protection.

Tags: , , , , , , , , ,