By Frank Keogh
As technologies evolve, fancy new names have to be created by technology vendors in order to differentiate today’s super-cool technology from yesterday’s super-cool-but-now-outdated technology.
This is the case with the label “Advanced Malware Protection”, or “AMP”. AMP is the name given to the most current iteration of antivirus software, and while there isn’t a standard definition, the malware offerings from the different vendors have some basic components in common:
- Malware threat prevention (of course);
- Implementations for multiple attack vectors/entry points (firewall, network, endpoint, email);
- Retrospective alerting and remediation;
Malware Threat Prevention
Malware threat prevention is a fundamental functionality of a cybersecurity solution.
What makes this generation of antivirus software different from previous generations is
- The power of the cloud (I know, but it really does mean something this time)
- Rapid and seamless virus intelligence updating;
- Automated sandboxing
Cloud-powered Cybersecurity
Because cyber-crime is a global business, cyber security solutions have to “think globally” in order to act locally.
Large install-base cybersecurity solution vendors like Check Point and Cisco are able to gather large amounts of data from the endpoints worldwide that run their solutions. The more data on cyber attacks against these endpoints that the vendors have, the more cyber attacks they can fight against.
This type of data-gathering could only be facilitated in a cloud-empowered environment.
Rapid and Seamless Deployment
While the all that intelligence is collected from endpoints is good, the ability to quickly deploy remedies back to those endpoints to prevent attacks and remediate breaches is equally as important.
Today’s cloud-connected AMP solutions are able to quickly and seamlessly deploy remedies to recently discovered malware threats so that (1) there are fewer successful cyber-security breaches and (2) the time-to-discovery and remediation of successful breaches can be reduced.
Automated Sandboxing
A third differentiator of modern malware detection and blocking tools is the ability to do rules-based sandboxing.
Modern malware is designed to mutate to avoid detection, so even with the rapid discovery of new strains and the rapid deployment of new remedies, malignant files can still get through.
By creating a set of rules to automatically put a suspicious file into a sandbox environment where it can be executed and observed without the danger of infecting your network, sandboxing can help prevent as yet unknown malware strains from getting through.
Implementations for Multiple Entry Points
As the well-worn adage goes, a chain is only as strong as its weakest link. The same is true for cyber-security. You can put up a firewall to guard your network against traffic to and from dangerous sources and interrogate downloads as they come on to your network and you can still find yourself exposed to malware.
Advanced Malware Protection solutions like Cisco’s AMP for Endpoints provide implementations of the same malware analysis engine and functionality at all endpoints on your network. This means that the same detection and remediation functionality provided at the firewall level can be implemented on laptops, mobile devices, and network appliances like email servers.
Retrospective Alerting and Remediation
This last common functionality we’ll discuss regarding today’s Advanced Malware Protection solutions is Retrospective Alerting and Remediation.
We all want a cyber-security solution that both becomes aware of the latest cyber threats quickly and deploys intrusion prevention code quickly.
When intrusion prevention is not possible, we need quick detection and remediation.
Many of today’s AMP solutions provide what is called “retrospective alerting and remediation” to address malware that has evaded our intrusion prevention solution and made it on to our network.
Retrospective alerting and remediation means that an AMP endpoint, once made aware of new malware strains, can change the disposition of files formerly indicated as “safe” to “malicious” and can then block that file from doing any more damage.
While each vendor has their own spin on Advanced Malware Protection, hopefully we’ve given you a clearer understanding of what a basic AMP offering is.