Cloud Connections for Malware Protection
Connections to public or private clouds are required in order to protect your network from malware.
AMP Clouds
The Advanced Malware Protection (AMP) cloud is a Cisco-hosted server that uses big data analytics and continuous analysis to provide intelligence that the system uses to detect and block malware on your network.
The AMP cloud provides dispositions for possible malware detected in network traffic by managed devices, as well as data updates for local malware analysis and file pre-classification.
If your organization has deployed AMP for Endpoints and configured Firepower to import its data, the system imports this data from the AMP cloud, including scan records, malware detections, quarantines, and indications of compromise (IOC).
Cisco offers the following options for obtaining data from the Cisco cloud about known malware threats:
-
AMP public cloud
Your Secure Firewall Management Center communicates directly with the public Cisco cloud. There are three public AMP clouds, in the United States, Europe, and Asia.
Dynamic Analysis Cloud
-
Secure Malware Analytics Cloud
Public cloud that processes eligible files that you send for dynamic analysis, and provides threat scores and dynamic analysis reports. Firepower supports 200 samples/day for Secure Malware Analytics analysis.