Recently I deployed Cisco’s AMP for Endpoints for a 50-user organization. For the uninitiated, AMP for Endpoints is Cisco’s cloud based, enterprise grade, advanced malware protection software that is deployed to each end device in the network. Each endpoint reports back to the central cloud controller and is managed by the controller. Cisco integrated AMP for Endpoints with Cisco’s ThreatGRID to provide deep threat analytics; analyzing millions of files and correlating them against hundreds of millions of malware samples. The controller can then push these new signatures to each endpoint automatically, protecting the device.
Setting up the controller was easy. Being cloud based, there wasn’t a need to install an appliance, physical or virtual, on the network. Once an account is created, configuration of the controller was also easy. Many of the default settings work perfectly for most organizations, and the only thing I needed to configure was adding the companies’ critical applications to the exclusions list. The hardest part of the deployment (and I mean that sarcastically) was to install the connector software to each endpoint.
The AMP for Endpoints connector supports Windows, Mac OS, Linux, and even Android; for windows servers they have a special server image, as well as a domain controller image. With all of these images the task of deploying them to the endpoint devices became the challenge. For the servers, we chose a manual approach, downloading and installing each package individually (there weren’t that many servers, so it wasn’t too bad). For user endpoints Cisco has a few clever ways to deploy.
The first deployment option is a manual install; each image has a URL that you can email to your team and have them download and install their flavor of the connector. I don’t need to tell you that letting the users choose their own image will cause a help desk nightmare and I don’t recommend this method.
The second deployment option, and the way we decided to deploy, is to use the AMP Enabler AnyConnect module. Cisco’s AnyConnect has a whole suit of modules for deploying security features. When the user VPNs into the network using AnyConnect the AMP Enabler module checks to see if the machine has AMP for Endpoints installed, if not it forces installation. Obviously for any users who never VPN into the network this deployment option won’t work. What we did was to enable hairpinning on the ASA and ask internal users to VPN into the network.
The final deployment option is to use Cisco ISE to posture and install AMP for endpoints when a computer connections to the network via wireless, wired, or VPN. This is obviously the best option as this forces all users to install AMP for Endpoints without user intervention. The downside for customers who don’t already have ISE installed is the need to deploy ISE on their network. (Not that it’s a bad idea, but ISE is a whole other discussion).
AMP for Endpoints is a powerful tool, and with the deployment integrations with Cisco’s other security products, deploying AMP for Endpoints to your users is easy.
The InterNetwork 
I’m truly enjoying the design and layout of your website. It’s a very easy on the eyes which makes it much more enjoyable for me to come here and visit more often. Did you hire out a developer to create your theme? Superb work!|
LikeLike
Simply want to say your article is as surprising. The clarity in your post is just cool and i could assume you are an expert on this subject. Well with your permission let me to grab your RSS feed to keep updated with forthcoming post. Thanks a million and please keep up the gratifying work.|
LikeLike
I’m curious to find out what blog system you happen to be utilizing? I’m having some small security issues with my latest website and I would like to find something more safeguarded. Do you have any suggestions?|
LikeLike
Hi, this weekend is good for me, as this time i am reading this great informative paragraph here at my house.|
LikeLike
Aw, this was a really good post. Finding the time and actual effort to generate a superb article… but what can I say… I procrastinate a lot and don’t manage to get nearly anything done.|
LikeLike
Hey, you used to write magnificent, but the last several posts have been kinda boring… I miss your tremendous writings. Past few posts are just a bit out of track! come on!
LikeLike
I?m not sure where you are getting your information, but good topic. I needs to spend some time learning more or understanding more. Thanks for fantastic information I was looking for this information for my mission.
LikeLike
I?m impressed, I need to say. Actually hardly ever do I encounter a weblog that?s each educative and entertaining, and let me let you know, you could have hit the nail on the head. Your concept is outstanding; the difficulty is one thing that not sufficient individuals are talking intelligently about. I am very glad that I stumbled across this in my search for something relating to this.
LikeLike
You really make it appear really easy with your presentation however I in finding this matter to be actually one thing that I believe I would by no means understand. It seems too complex and very broad for me. I’m looking ahead in your next put up, I?ll attempt to get the hang of it!
LikeLike
After I initially commented I clicked the -Notify me when new comments are added- checkbox and now every time a comment is added I get 4 emails with the identical comment. Is there any way you’ll be able to take away me from that service? Thanks!
LikeLike
Its such as you read my mind! You seem to understand a lot approximately this, such as you wrote the book in it or something. I believe that you simply can do with a few p.c. to drive the message home a bit, however other than that, that is wonderful blog. An excellent read. I will certainly be back.
LikeLike