Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Networking

    Cisco Adds Advanced Malware Protection to Its Portfolio

    By
    Sean Michael Kerner
    -
    February 25, 2014
    Share
    Facebook
    Twitter
    Linkedin
      security capabilities

      Cisco revealed Feb. 24 that it is adding critical new security capabilities to its portfolio, thanks to technology gained via the $2.7 billion acquisition of SourceFire in 2013.

      The advanced malware protection (AMP) feature has been available on SourceFire’s FirePower appliances and will now be available as a service for Cisco’s customer base. Cisco has long had a myriad of different security capabilities, though company executives says that AMP brings features Cisco never had before.

      AMP is a file reputation, behavior and sandbox technology, Raja Patel, senior director, for cloud security product management at Cisco, explained to eWEEK. With the normal intrusion prevention system (IPS) and firewall technologies that Cisco has long had, they all typically have signature- and rules-based approaches to threat detection.

      “We haven’t had in our portfolio the ability to go deep into each file,” Patel said.

      For example, if a user running on a PC gets an executable (exe) file, the first layer of AMP, which is a file reputation piece, will determine whether Cisco has actually seen the file before or not. If the file is known to be bad, based on reputation, then it is blocked.

      But AMP doesn’t stop there; the file could then be sent to Cisco’s file behavior service capability, which will then take a look at the file inside the sandbox. The basic idea behind a sandbox is to isolate a given file or application and see how it behaves without putting the rest of the system at risk.

      Inside the sandbox, Cisco’s file behavior service will try and make a further determination to see if the file is good or bad. The Cisco service will let the file sit for a period of time in the sandbox, since many forms of advanced malware are known to stay dormant for a period of time before becoming active, Patel said.

      If the exe file is, in fact, determined to be malicious, for Cisco customers with AMP, there is an auto-remediation feature to remove the file, Patel said. Going a step further, AMP isn’t just about protecting one user on one PC. All other Cisco AMP users that may have also come in contact with the malicious exe can also be alerted and benefit from AMP’s remediation.

      The AMP capability will now benefit Cisco’s existing Integrated Service Router (ISR) and Adaptive Security Appliance (ASA) security hardware customers. Cisco’s wireless customers, however, will not immediately be able to directly integrate with AMP. Patel said that he had no additional comment on direct integration points for AMP beyond the wired portfolio.

      That doesn’t necessarily mean that wireless clients can’t benefit, Patel said. “In most deployments, the wireless LAN will eventually hit a wired gateway before it goes out to the WAN,” he said.

      Hardware

      While Cisco is now pulling in software features from the SourceFire FirePOWER product line to benefit existing customers, Cisco is also expanding the hardware options for FirePOWER appliances.

      The new FirePOWER 8390 boasts a capacity of 60G bps of inspected traffic throughput in a single chassis. Two 8390 chassis can be clustered together providing a top-end of 120G bps, making it one of the highest-bandwidth next-generation firewall appliances in the market.

      Palo Alto Networks recently announced a 120G-bps firewall platform.

      Open Source

      SourceFire’s heritage comes from its open-source roots and it’s a heritage that is being respected and expanded upon in the Cisco era. At the core of SourceFire’s technology is the open-source Snort IPS, which is now set to benefit from OpenAppID, an open-source application identification engine, Patel explained.

      Being able to properly identify applications is the key to being able to control and manage them. There are multiple commercial technologies that do application identification; the OpenAppID effort is an attempt to open up intelligence and make it more broadly available.

      “We have a Snort engine with an OpenAppID processor that allows for the detection of applications on the network and it allows for reporting and application policy settings,” Patel said.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Avatar
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×