CISCO ADVANCED MALWARE
PROTECTION (AMP)
This section provides the information you need to
understand Cisco’s Advanced Malware Protection (AMP)
solution.
Malware is a broad term used to define any malicious
activity that aims to infect a network or a specific device.
Often, the goal of malware is to steal valuable
information, disrupt a user’s ability to access data, or
cause a device or network to crash. Ransomware is a
common form of malware that has become particularly
challenging for many companies. A threat actor uses
ransomware to encrypt files on an endpoint and extort
the owner of the information into paying a ransom to
receive the decryption key.
Another common form of malware is an advanced
persistent threat (APT). APTs allow threat actors to gain
access to and control endpoint resources over an
extended period in order to steal valuable data without
being detected. In the past, the malware was deployed
using malicious files to carry the payload. Today,
malware is being delivered “file-lessly,” by being
embedded in endpoint memory or operating system
functions. These new malware techniques can be difficult
to detect with traditional defense mechanisms. AMP for
Endpoints is useful with such techniques as it provides
deep visibility to identify malware in a system, context to
understand what is being affected, and control to protect
against attack. AMP for Endpoints, which is Cisco’s
endpoint protection solution, is a cloud-managed tool
delivered via the desktop client, mobile devices, and
server-based endpoints. Figure 11-7 shows how these
various endpoints connect to AMP Private Cloud, which