Sale!

Cisco AMP PRIVATE CLOUD APPL 3000MODEL AMPPC3000-K9

Original price was: $276,149.88.Current price is: $167,714.06.

SKU: AMPPC3000-K9 UPC: Brand: Cisco Condition: New Category: Tag:

Description

Cisco Advanced Malware Protection Private Cloud Appliance

An on-premises, air-gapped solution for organizations with stringent privacy requirements that restrict the use of a public cloud.

Product Overview

The Cisco® Advanced Malware Protection (AMP) Private Cloud Appliance is an on-premises, private cloud deployment capable of supporting Cisco AMP for Networks, AMP for Email, AMP for Web Security, and AMP for Endpoints. It delivers threat protection using file reputation, malware analysis, continuous monitoring of all file activity, and security intelligence stored locally. The appliance satisfies stringent privacy mandates without compromising the ability to leverage the power of collective security intelligence and provides network and endpoint protection across small and large enterprises.

Stop Advanced Threats

Stopping threats before they cause damage is ideal. But what do you do when that doesn’t happen? How long does it take you to respond? Someone will ask “Are we safe from this attack?” and want an answer as soon as possible. The question then becomes, how fast can you get an accurate response?

On average, it takes about 200 days to detect a breach in an organization. Responding to a large-scale event means sifting through stacks of disparate data from multiple sources and tools, scoping the impact, and finally eliminating the threat, all of which costs valuable time. AMP for Endpoints eliminates the guess work, drastically reducing the time it takes to hunt for threats from days or months down to just a matter of hours.

Cisco’s private cloud appliance does the heavy lifting for you, so you can take back control of your time. With automated protection, continuous monitoring, and analysis that provides retrospective security, AMP prevents attacks to your network before they start — and accelerates incident investigation and response to the stealthiest 1% of threats.

How We Do It

The Cisco AMP Private Cloud Appliance delivers comprehensive threat protection, with all information stored locally on-premises. When the solution discovers an unknown suspicious file, it interacts with our intelligence database for file disposition lookup. If configured in Proxy Mode, the appliance sends only anonymized Secure Hash Algorithm 256 (SHA-256) information to the public AMP cloud. If using the physical appliance and configured in air-gap mode, the appliance will perform the file disposition lookup locally on the appliance and does not send the SHA-256 to the public AMP cloud.

This solution:

●     Helps ensure privacy through a self-contained physical or virtual appliance: The appliance and its management system are a single on-premises solution.

●     Delivers network and endpoint protection: It connects to endpoints through AMP for Endpoints connectors and directly to AMP for Networks on Cisco Firepower® Next-Generation Firewall and Next-Generation Intrusion Prevention System (NGFW/NGIPS) for protection against network malware. The solution also supports Cisco Email Security Appliances (ESA) and Cisco Web Security Appliances (WSA).

●     Provides a single console for management: Much like our public cloud, the Cisco AMP Private Cloud Appliance facilitates centralized management for supported integrated products. For example, custom policies and detections, file and device trajectory, root cause analysis, reporting, disposition cache, file analysis, and device-identifiable information are maintained through the AMP for Endpoints console.

●     Scales to meet expanding needs: Each private cloud instance supports up to 10,000 connectors on the virtual appliance and 100,000 connectors on the physical appliance. In addition, multiple appliances (Firepower Management Center [FMC], ESA, WSA) can be added to the environment.

Deployment Modes

The Cisco AMP Private Cloud Appliance supports two deployment modes: “cloud proxy mode” and “air-gap mode.”

In the cloud proxy mode:

●     It is supported on both the virtual and physical appliance.

●     An Internet connection is needed to complete disposition lookups.

●     All traffic from endpoint connectors is to the private cloud, but disposition lookup is subsequently performed between the private cloud and the AMP public cloud.

●     The SHA-256 hash of the file being inspected is the only data sent to the public AMP cloud from the AMP Private Cloud Appliance.

●     Content and software updates can be retrieved automatically from the AMP cloud directly to the AMP Private Cloud Appliance.

In the air-gap mode:

●     It is supported only on the physical appliance.

●     No Internet connection is needed to complete disposition lookups.

●     All traffic is between the connectors and the appliance only.

●     Disposition queries are handled by the private device.

◦     A local instance called “Protect DB” contains all the dispositions and threat intelligence required for full functionality and protection.

In the air-gap mode, threat intelligence updates work as follows:

●     Content and software updates are retrieved separately from the AMP Private Cloud Appliance.

●     A provided tool called “amp-sync” is used to download and sync software and content updates for the AMP Private Cloud Appliance from the AMP public cloud.

●     A dedicated host server (“update host”) is required to run amp-sync and build update packages.

◦     The update host requires Internet access to retrieve updates.

◦     The minimum requirement for the update host is CentOS 6.6.

◦     The update package, an ISO disk image, built by amp-sync is transferred from the update host and mounted on the appliance. The update process can then be initiated and completed from the administrative console.

●     Updates are created daily. These include the collective security intelligence database, anti-virus definitions, and other threat intelligence updates.

●     In special air-gap deployments where the appliance can access the AMP public cloud, it is possible to pull updates directly from the AMP public cloud to the appliance without the need of an intermediary step to download content on one server and transfer it to the appliance as you would in a true air-gap environment.