Cisco AMP for Endpoints

6 people launched
Solution Overview
WWT's Cisco AMP for Endpoints Lab exists to provide a sandbox environment that can be used to evaluate the Cisco solution suite across a wide variety of endpoints, including both Windows and Unix-based operating systems. There is also an attack machine, running Kali Linux, with which to test the efficacy of these tools using benign, non-weaponized malware. 
Next-generation endpoint security is the integration of prevention, detection and response capabilities in a single solution, leveraging the power of global threat intelligence and cloud-based analytics. Cisco Advanced malware Protection (AMP) for Endpoints is a lightweight connector that works on your Windows, Mac, Linux, Android and IOS devices. It can use the public cloud or be deployed as a private cloud. 
AMP continuously monitors and analyzes all file and process activity within your network to find and automatically eliminate the riskiest 1% of threats that other solutions miss. AMP never loses sight of where a file goes or what it does. If a file that appeared clean upon initial inspection ever becomes a problem, AMP is there with a full history of the threat’s activity to catch, contain and remediate at the first sign of malicious behavior. 
You will access the environment using a Windows-based jumphost from which you can browse web consoles, open RDP/SSH sessions, etc. (see topology below). 

Goals & Objectives

Key Differentiators

  • Cisco AMP and AMP for Endpoints are integral parts of the Cisco security architecture. Threat intelligence is shared amongst the entire security portfolio from the Talos threat research team. This gives customers the ability to detect and respond to threats more quickly than with a smattering of point products.
  • Cisco AMP for Endpoints can take the place of agents like antivirus, host-based firewalls, and more in one agent, actually allowing you to reduce the agent footprint on your endpoints.
  • With AMP’s continuous, cloud-based threat analysis and retrospective security, when a threat is detected once, it is blocked everywhere. It doesn’t even need to be detected on the network for your organization to be protected.
  • Cisco AMP’s always-on, cloud-based threat analysis means you are protected from the latest threats no matter where they may appear. And as part of the Cisco security architecture, AMP’s integration with firewall, email, web, cloud, and endpoint security means your visibility and control over threats extends from your data centers to the furthest edges of your network.
  • Fileless malware targets vulnerabilities in applications and operating system process, attacking them at the memory level. Cisco’s AMP for Endpoints exploit-prevention engine can change memory structures before the attacks even begin. The type of prevention is lightweight, effective, and less costly.

Hardware & Software

This lab consists of the following hardware and software: 

  • Cisco AMP for Endpoint (Current version)
Server Devices 
  • 1x Windows Jumphost (Windows Server 2016)
  • 1x Generic Server (Windows Server 2012)
  • 1x Generic Server (Windows Server 2016)
  • 1x Generic Server (Red Hat Enterprise Linux 7)
  • 1x Generic Server (CentOS 7)
  • 1x Generic Server (Solaris 11)
Client Devices 
  • 1x Attack Client (Windows 10 Enterprise)
  • 1x Generic Client (Windows 7 Enterprise)
  • 1x Attack Host (Kali Linux 2018)