We have been clear that we have a distinct approach to Advanced Malware Protection (AMP), specifically the unique way in which we leverage the compute and storage capabilities of the public cloud. Doing so enables us to do a great number of things to help customers more effectively fight malware, particularly when compared to traditional, point-in-time anti-malware systems of the past 20 years.

For example, by harnessing the public cloud to share data we are able to assign a score to potentially malicious files based on prevalence across our entire Collective Security Intelligence cloud – if a file has not been seen broadly, we know it deserves greater scrutiny as it could be a targeted attack. We also centralize our intelligence, powered by data sharing, in one cloud in order to enable remediation in real time. As soon as one control point, be it an endpoint or mobile connector, content or network security appliance or even a virtual instance detects something malicious, it shares this data to the cloud so the rest of our AMP infrastructure is immediately updated for consistent enforcement across the entire extended network.

But some government agencies and organizations are in industries, markets or regions that have stringent data privacy requirements and cannot share data into a public cloud. Yet, regulation or not, these organizations have the same security needs in terms of stopping advanced malware and advanced persistent threats (APTs). So the question becomes how to thread the needle to deliver Advanced Malware Protection to fight threats while at the same time meeting strict data privacy requirements.

For this reason, we are introducing the AMP Private Cloud Appliance at Cisco Live! to let those with high privacy requirements have the “best of both worlds.” They will benefit from broader security intelligence while allowing them to fulfill stricter requirements in terms of data sharing and privacy.

The AMP Private Cloud Appliance is a single solution that delivers comprehensive advanced malware protection including big data analytics, continuous analysis, and security intelligence – stored locally on-premises and installed on proprietary hardware.

In the event that it discovers an unknown, suspicious file, it will interact with the Collective Security Intelligence public cloud for file disposition lookup, sending only anonymized SHA256 information, and then update the AMP Private Cloud thus enabling retrospective security. It includes many of the same capabilities as the public version – like custom policies and detections, file trajectory and root cause analysis, reporting, retrospective alerting, disposition cache, and PII.

In addition to AMP Private Cloud, this week we have announced the acquisition of ThreatGRID, whose private cloud appliance, distinct from our AMP Private Cloud offering, is also available for companies with stringent in-house data retention requirements.

We are excited to announce this as it continues our vision of AMP Everywhere – now including the Private Cloud. For more information, talk to us at Cisco Live! or see our newsroom or product page this week.


CP Morey

Senior Director, Product Marketing

Security Product and Solutions Marketing