The increased scrutiny on security is being driven by the evolving trends of expanding networks, mobility, cloud computing and a threat landscape that is more dynamic than ever. A combination of these factors has led to an increase in attack access points and a re-definition of the traditional network perimeter.

Due to these concerns, we have been strong proponents of threat-centric security that lets defenders address the full attack continuum and all attack vectors to respond at any time — before, during, and after attacks.

Given the dynamic threat landscape, we must be just as dynamic in evolving our advanced threat protection offering to enhance our already robust capabilities to aggregate and correlate data from across the extended network, to identify advanced and evasive cyber threats, and provide intelligent cybersecurity solutions for the real world.

That’s why you have seen us add functionality like network file trajectory or device flow correlation for unequaled visibility and tracking of malware and have continued with our “AMP Everywhere” strategy, most recently incorporating Advanced Malware Protection into our Web and Email Security portfolio.

All of this work has been based upon a clear understanding of what a complete solution looks like in today’s threat landscape. We must offer solutions that bring together both point-in-time technologies possessing strong detection rates with continuous analysis and retrospective security to “go back in time” to remediate files that may have initially evaded defenses.

With this in mind, this week we continue our Advanced Malware Protection momentum, starting with the intent to acquire ThreatGRID, a company that provides dynamic malware analysis and threat intelligence technology. We are also adding new capabilities to our Advanced Malware Protection (AMP) platform, giving us the most comprehensive and integrated visibility and control, from the network to the endpoint and everywhere in between.

First, let’s begin with ThreatGRID, a company that provides dynamic malware analysis and threat intelligence technology to analyze file behavior, enabling organizations to accurately identify attacks and better defend against advanced cyber attacks. With both private and public cloud-based technology, ThreatGRID combines dynamic malware analysis with analytics and actionable indicators to enable security teams to proactively defend against and quickly respond to cyber attacks and malware outbreaks.

What is more, our “AMP Everywhere” momentum also continues as we add additional innovation to our AMP platforms for Networks and Endpoints to bring network and endpoint protection even closer together. We go beyond point-in-time detection by continuously analyzing file behavior for malicious indicators and correlating Indicators of Compromise to stop threats when and where they happen.

New capabilities in AMP for Networks include:

  • Multi-source Indicators of Compromise to correlate and prioritize events in one console across both AMP for Networks and Endpoints, NGIPS, and security intelligence feeds
  • To improve detection of unknown threats, we now offer dynamic analysis in the cloud-based sandbox
  • Custom detections to immediately block files, reducing the time to contain an outbreak
  • Enhanced threat reports and dashboards include real-time threat scores to help understand malware faster

We have not stopped there. With AMP for Endpoints, we built in new features like advanced analytics and correlation enhancements that improve retrospective security:

  • Elastic search to quickly hunt down the scope of attack with flexible search capabilities
  • Remote file analysis allows retrieval and storage of files for later scoring and analysis, supporting retrospective security
  • Support for Mac OSX for protection everywhere in heterogeneous environments

Additionally, high performance networks and requirements to accelerate time-to-detection are driving the need for optimized advanced malware protection appliances. This week we are also unveiling two dedicated AMP for Networks appliances—the FirePOWER AMP8150 and the FirePOWER AMP7150 with enhanced processing and storage.

Lastly, some organizations have strict privacy requirements, impeding the use of public clouds. To support these organizations, we are also launching the AMP Private Cloud Appliance, a single on-premise solution for organizations to deploy a private cloud appliance to service their endpoint connectors.

Today’s announcements underscore our imperative to remain threat-focused and help customers go beyond addressing threats at a point-in-time to deliver unrelenting detection and response capabilities across the full attack continuum—before, during and after an attack.

For more details, please see our newsroom: http://newsroom.cisco.com/release/1422499 and product page: http://www.cisco.com/go/amp. Also, if you find yourself at Cisco Live! this week, please stop by and visit us to see first-hand how we can help you deal with pervasive malware.


Martin Roesch

Vice President and Chief Architect

Cisco Security Business Group