What are Cisco AMP Cabapilities for Meraki MX?
Advanced Malware Protection (AMP) is part of Cisco Meraki MX Threat protection which comprised of the Sourcefire® SNORT® intrusion detection engine and AMP anti-malware technology with the following features
Huge Database
A database of over 500 million known files and over 1.5 million new incoming file samples every day and these are some of its cababilities.
Threat Grid
Sending unknown files to Threat Grid to be executed in a virtual environment. Threat Grid matches actions taken by those files against over 825 behavioral indicators.
Talos Threat Research
AMP checks all files entering the network against the global Talos database to determine whether they are malicious.
Real-time Malware Blocking
Automatically check downloaded files against the global AMP database in real time and block malicious files before they can pass through the network perimeter.
Retrospective Malware Detection
Send automatic email alerts informing you that a file downloaded previously on your network has been newly discovered to be malicious so that you can investigate and take action.
Disposition
A file’s disposition is a categorization from the AMP cloud that determines what actions are taken on the file download as below:
– Clean – The file is known to be good.
– Malicious – The file is known to be harmful.
– Unknown – There is insufficient data to classify the file as clean or malicious.
AMP Engine
Powered by the AMP engine in MX 12.20 and higher. Previous releases leverage Kaspersky Lab as the malware protection engine.
File Inspection
AMP inspects HTTP file downloads through an MX security appliance and blocks or allows file downloads based on threat intelligence retrieved from the AMP cloud and these are the supported file types:
– MS OLE2 (.doc, .xls, .ppt)
– MS Cabinet (Microsoft compression type)
– MS EXE (Microsoft executable)
– ELF (Linux executable)
– Mach-O/Unibin (OSX executable)
– DMG (Apple Disk Image)
– Java (class/bytecode, jar, serialization)
– PDF
– ZIP (regular and spanned)*
– EICAR (standardized test file)
– SWF (shockwave flash 6, 13, and uncompressed)
AMP is available only with Advanced Security Edition licensing and SD-WAN Licensing.