SAN FRANCISCO – RSA CONFERENCE 2014 – Cisco Systems made multiple announcements Monday touting the integration of recently-acquired security technologies into the company’s efforts to address malware protection.
This starts with the addition of Advanced Malware Protection (AMP) to its portfolio Content Security products. Originally developed by Sourcefire and integrated with its own FirePOWER security appliances in November 2012, AMP is one of the initial integration efforts since Cisco acquired Sourcefire last year for $2.7 billion. According to Cisco, AMP uses the company’s cloud-based security intelligence network to improve the ability to detect and block malware.
Rather than relying on malware signatures, AMP uses a mix of file reputation, file sandboxing and retrospective file analysis to identify and block threats. The file reputation analyzes file payloads inline as they travel across the network, while the file retrospection capability can be used to deal with malicious files that have passed through perimeter defenses but are subsequently determined to be a threat through AMP’s cloud-based intelligence network.
“Today’s advanced threats that can attack hosts through a combination of different vectors require a continuous security response versus point in time solutions,” said Christopher Young, senior vice president of the Cisco Security Business Group, in a statement. “Web and Email gateways do a large amount of heavy lifting in the threat defense ecosystem, blocking the delivery of malicious content. By bringing together AMP and threat analytics with our Web, Cloud Web and Email Security gateways, we provide our customers with the best advanced malware protection from the cloud to the network to the endpoint.”
The addition of the AMP to Cisco Web and Email Security Solutions was accompanied with the inclusion of technology from the acquisition of Cognitive Security. Purchased last year, the addition of Cognitive Threat Analytics brings behavioral modeling and anomaly detection to Cisco’s Cloud Web Security customers. Both Cognitive Threat Analytics and AMP are available on Cisco Cloud Web Security as an optional license.
AMP is also included in the arsenal for the FirePOWER series of appliances.
Also joining Cisco’s integration party is OpenAppID, a new set of open source application identification capabilities now delivered to the Snort engine. The capabilities are enabled by the OpenAppID application-focused detection language. As new applications are developed, the language offers users increased flexibility to control those apps on the network and apply application-level understanding to security events, according to the company.
“Open source is very important because it creates real collaboration and trust between vendors and the experts that are tasked with addressing advanced and aggressive threats,” said Martin Roesch, creator of Snort and vice president and chief architect of the Cisco Security Business Group, in a statement. “By open sourcing application visibility and control, Cisco is empowering the community to create technically superior solutions to address their most complex and unique security challenges.”