?

Cisco AMP for Endpoints Sandbox

Bookmark
11 people launched
Solution Overview
WWT's Cisco AMP for Endpoints Lab exists to provide a sandbox environment that can be used to evaluate the Cisco solution suite across a wide variety of endpoints, including both Windows and Unix-based operating systems. There is also an attack machine, running Kali Linux, with which to test the efficacy of these tools using benign, non-weaponized malware. 
 
Next-generation endpoint security is the integration of prevention, detection and response capabilities in a single solution, leveraging the power of global threat intelligence and cloud-based analytics. Cisco Advanced malware Protection (AMP) for Endpoints is a lightweight connector that works on your Windows, Mac, Linux, Android and IOS devices. It can use the public cloud or be deployed as a private cloud. 
 
AMP continuously monitors and analyzes all file and process activity within your network to find and automatically eliminate the riskiest 1% of threats that other solutions miss. AMP never loses sight of where a file goes or what it does. If a file that appeared clean upon initial inspection ever becomes a problem, AMP is there with a full history of the threat’s activity to catch, contain and remediate at the first sign of malicious behavior. 
 
You will access the environment using a Windows-based jumphost from which you can browse web consoles, open RDP/SSH sessions, etc. See the topology diagram above and to the right.

Goals & Objectives

The purpose of the sandbox lab is to help you develop proficiency in deploying, managing and monitoring the Cisco AMP for Endpoints solution. The lab guide provides a flexible framework for evaluating the solution, its installation and behavior in a sample customer environment.

The lab environment will allow you to:
  • Access the ESA baseline sandbox environment.
  • Login to the cloud-based portal.
  • Navigate the portal's interface and workflow.
  • Deploy agents on Windows systems.
  • Deploy agents on Linux systems.

Hardware & Software

This lab consists of the following hardware and software: 

Software 
  • Cisco AMP for Endpoint (Current version).
 
Server Devices 
  • 1x Windows Jumphost (Windows Server 2016).
  • 1x Generic Server (Windows Server 2012).
  • 1x Generic Server (Windows Server 2016).
  • 1x Generic Server (Red Hat Enterprise Linux 7).
  • 1x Generic Server (CentOS 7).
  • 1x Generic Server (Solaris 11).
 
Client Devices 
  • 1x Attack Client (Windows 10 Enterprise).
  • 1x Generic Client (Windows 7 Enterprise).
  • 1x Attack Host (Kali Linux 2018).

Technologies