Cisco Advanced Malware Protection (AMP)

[kombi]

How does Malwarebytes Anti-Malware for Business compare to Cisoc Advanced Malware Protection for endpoints.  They seem to be closely priced. 

 

 

http://www.cisco.com/c/en/us/products/security/fireamp-endpoints/index.html

 

[kombi]

I was hoping MalwareBytes would comment. I have emailed more than once asking for a comparison.  

 

I asked Cisco the same thing, and they said AMP and MalwareBytes are like comparing apples to bananas.  That MalwareBytes is not in the same arena when it comes to Malware protection they consider MalwareBytes more as an AV product of known threats and not Zero-day threats.  AMP is supposed to track known and unknown risks and will tell you where it been in your network so you can find and fix any node that may have been affected if a threat is not detected in the first few hours and then becomes a known risk.  AMP will tell you where it was executed in your network. Lots of other features too.  The pricing seems to be close per node and if you have Cisco Source fire that data ties into the correlation data as well.  I want MalwareBytes to weigh in.  

 

 

Good article about AMP

http://www.cisco.com/c/en/us/products/collateral/security/fireamp-endpoints/datasheet-c78-733181.html

 

 

 

[celee]

Hi kombi,

 

From our Direct Sales Manager, Brent:

 

"Great question! I can’t speak to the effectiveness of their product, however I can elaborate more into what and how we protect with our products. First, we aren’t an antivirus and don’t try to be. Antivirus companies have been struggling to find a solution to the threats facing companies like yours for many years and although great intentions, they’ve been falling short for some time now. Malwarebytes uses a blended method of technologies to protect its customers. We don’t rely on any single layer but a multi-layered approach to prevent, detect, and remediate threats on your endpoints. 

 

Zero day threats are our complete focus and it’s concerning to see others telling people it is not. We know that this is what is causing headaches and it’s why our company was founded. In your message you mentioned that AMP is supposed to track down unknown threats and tell you forensically what happened so that you may go fix the problem. My recommendation for you is to ask how they then recommend remediating the issue. Malwarebytes build its name on remediation and our ability to fully remediate threats, not just the harmful pieces but all of it. In most cases, companies who run into a difficult issue actually turn to us to fix and remediate it. That being said, anything we can remediate we can prevent. 

 

From here, my recommendation would be to test both products. We stand behind our Endpoint Security product and its ability to win out in a proof of concept (POC), and not just with words from a sales rep. I know I can speak for the rest of our staff when I say we’d love to add you and your company to the list of over 10,000 business and enterprise level customers who already trust and use us. 

 

I hope this helps, feel free to reach our directly to our sales team at https://www.malwarebytes.org/business/licensing/. We’d love to help!"

[pbust]

AMP basically waits for the file to be known at VirusTotal and scanned by 50+ scanners before AMP can detect it.

 

Malwarebytes is the company proactively discovering the zero-days with an actual Research lab manned by reverse engineers and sending zero-minute malware to VirusTotal so that "VirusTotal query scanners" like AMP can catch up to us and don't lag too far behind.

 

Also AMP does not include any proactive technologies like Anti-Exploit or Anti-Ransomware.

 

If I had to rank AMP with all the endpoint products on the market, it would be towards the end next to ClamAV and other similar ones like that.