--> AMP Stands for Advanced Malware Protection.
--> AMP can help you to detect, block, analysis, and retrospective alerting of malware in realtime.
--> The architecture of AMP is divided into three main components:
1) AMP Cloud ( Public Cloud, Private Cloud)
2) AMP Client Connector ( AMP for Networks, AMP for Endpoints, AMP for Content Security Appliances and AMP for Meraki)
3) Intelligence Sources
What is the difference between the Private Cloud and Public Cloud?
1) The private cloud only supports Windows, whereas the Public cloud supports Linux, Mac, and other popular operating systems.
2) ETHOS is one of the many detection engines AMP uses to continuously protect you from malware. It is only available in the public cloud.
AMP Private Cloud:
--> The AMP cloud is available in a private version that allows administrators to run their own cloud with many of the features from the public cloud.
--> AMP Private Cloud is useful for organizations such as Government Agencies and Banks who have the requirements for the data stored within the data center.
--> It’s important to note that as new features are developed for AMP, they are added to the public cloud-first.
--> Private Cloud receives these features later once they are successfully implemented on the public cloud.
--> Since AMP is not directly connected to the internet, there is a tool to download and synchronize updates between the private cloud and public cloud, ensuring you have the most current file dispositions and related threat intelligence.
--> AMP Private Cloud runs in two modes:
1) Cloud Proxy Mode
2) Air Gap Mode
1) Cloud Proxy Mode:
--> All the AMP Client connectors are going to connect private IP addresses of AMP Cloud which is running within the data center.
--> File dispositions are sent to AMP Private cloud which is going to check its own database for lookup.
--> If the File hashes are not available within the private cloud then AMP Private Cloud is going to contact the AMP Public Cloud over 443 port for lookup.
--> Cloud proxy mode is always preferred and recommended mode for the private cloud where it is possible.
2) Air GAP Mode
--> In air gap installation mode, the private cloud instance is completely isolated and has no external access to the public cloud.
--> Updates must be completed manually; remote support is very challenging. Yet this mode provides the highest levels of confidentiality.
--> The AMP administrator needs to have a separate Linux server to run a tool called amp-sync, which is a script that downloads a copy of the database with the file hashes and dispositions, known as the “protect database” (protect DB), from the public AMP cloud.
--> The amp-sync utility saves the downloaded data into a .iso-formatted file to be imported into the air-gapped private cloud.
--> Takes more than one day to fill the Database for the signatures.
Reference: Cisco.com
MD.Kareemoddin
CCIE # 54759
--> AMP can help you to detect, block, analysis, and retrospective alerting of malware in realtime.
--> The architecture of AMP is divided into three main components:
1) AMP Cloud ( Public Cloud, Private Cloud)
2) AMP Client Connector ( AMP for Networks, AMP for Endpoints, AMP for Content Security Appliances and AMP for Meraki)
3) Intelligence Sources
What is the difference between the Private Cloud and Public Cloud?
1) The private cloud only supports Windows, whereas the Public cloud supports Linux, Mac, and other popular operating systems.
2) ETHOS is one of the many detection engines AMP uses to continuously protect you from malware. It is only available in the public cloud.
AMP Private Cloud:
--> The AMP cloud is available in a private version that allows administrators to run their own cloud with many of the features from the public cloud.
--> AMP Private Cloud is useful for organizations such as Government Agencies and Banks who have the requirements for the data stored within the data center.
--> It’s important to note that as new features are developed for AMP, they are added to the public cloud-first.
--> Private Cloud receives these features later once they are successfully implemented on the public cloud.
--> Since AMP is not directly connected to the internet, there is a tool to download and synchronize updates between the private cloud and public cloud, ensuring you have the most current file dispositions and related threat intelligence.
--> AMP Private Cloud runs in two modes:
1) Cloud Proxy Mode
2) Air Gap Mode
1) Cloud Proxy Mode:
--> All the AMP Client connectors are going to connect private IP addresses of AMP Cloud which is running within the data center.
--> File dispositions are sent to AMP Private cloud which is going to check its own database for lookup.
--> If the File hashes are not available within the private cloud then AMP Private Cloud is going to contact the AMP Public Cloud over 443 port for lookup.
--> Cloud proxy mode is always preferred and recommended mode for the private cloud where it is possible.
2) Air GAP Mode
--> In air gap installation mode, the private cloud instance is completely isolated and has no external access to the public cloud.
--> Updates must be completed manually; remote support is very challenging. Yet this mode provides the highest levels of confidentiality.
--> The AMP administrator needs to have a separate Linux server to run a tool called amp-sync, which is a script that downloads a copy of the database with the file hashes and dispositions, known as the “protect database” (protect DB), from the public AMP cloud.
--> The amp-sync utility saves the downloaded data into a .iso-formatted file to be imported into the air-gapped private cloud.
--> Takes more than one day to fill the Database for the signatures.
Reference: Cisco.com
MD.Kareemoddin
CCIE # 54759
Great Work. Informative Knowledge
ReplyDeleteOne correction Private cloud also supports Linux and MAC.
Super Duper Explanation
ReplyDelete