top of page

Cisco Advanced Malware Protection (AMP)

Breach prevention. Continuous monitoring of malicious behavior. Rapid malware detection. Malware removal.


“Companies need to balance security vs business risk, and user experience. Once you have that balance, you need a program that applies defense with an active response for when things go wrong. Human error is a reality and there’s a multi-billion dollar cybercrime industry today that bets on it You need to plan for that error and be able to respond quickly when it happens. Every day we find successful attempts to defeat our security defenses due to human error, or dedicated bad actors targeting our assets, or to software vulnerabilities; and every day we validate that our active detection and responses are finding and containing these attacks. That’s how I know we have a fully functional security program"

Steve Martino, SVP and CISO, Cisco

Visibility and control to defeat advanced attacks

Get global threat intelligence, advanced sandboxing, and real-time malware blocking to prevent breaches with Cisco Advanced Malware Protection (AMP). But because you can’t rely on prevention alone, AMP also continuously analyses file activity across your extended network, so you can quickly detect, contain, and remove advanced malware

Cisco AMP.png

Deployment Options

Get global threat intelligence, advanced sandboxing, and real-time malware blocking to prevent breaches with Cisco Advanced Malware Protection (AMP). But because you can’t rely on prevention alone, AMP also continuously analyses file activity across your extended network, so you can quickly detect, contain, and remove advanced malware


Protect your Endpoints

Our endpoint security helps you block malware at the point of entry, gain visibility into file and executable-level activity, and remove malware from PCs, Macs, Linux, and mobile devices.


Protect your Network

Get deep visibility into network-level and network-edge threat activity and block advanced malware.


Protect your email or Web

Add AMP capabilities to email and web security appliances or to your cloud email and web security deployments.

Deployment Options

Cisco AMP for End Points

Cisco Advanced Malware Protection (AMP) blocks attacks and helps you respond to threats quickly and confidently.

Benefits of Cisco AMP for Endpoints:

Stop attacks and simplify security operations. Cisco AMP for Endpoints offers cloud-delivered next-generation antivirus, endpoint protection platform (EPP), and advanced endpoint detection and response (EDR). It's the endpoint security you need.

Key capabilities

Powerful protection engines
Block known threats automatically using machine learning, exploit prevention, file reputation, antivirus, and a wide array of other attack prevention techniques that will stop both fileless and file-based attacks in their tracks.

Protection engine.webp

Advanced investigation
Threat hunting simplified. Perform complex investigations using advanced search capabilities. Accelerate security investigation and incident response using forensic snapshots, predefined queries, live searches, and more. Get the answers you need about your endpoints so you can hunt, investigate, and respond to threats fast.


Endpoint isolation
Quickly stop threats from spreading with one-click isolation of an infected endpoint--all without losing control of the device. Reduce the footprint of the attack and fast-track remediation.


Retrospective security
Use our patented technology to continuously analyse and monitor file and process activity. Automatically generate retrospective alerts at the first sign of malicious behavior. Quickly stop threats in their tracks before they can cause any or further damage to your business.


Security that works together
We leverage Talos threat intelligence--as well as that from your endpoint, web, email, cloud, and network security solutions--to block, detect, investigate, and respond to threats across your entire environment, not just at your endpoints. Integration with multi-factor authentication supports zero trust and lets the good guys in while keeping the bad guys out



Cisco AMP for Networks

Network Protection Against Advanced Malware

Cisco Advanced Malware Protection (AMP) for Networks delivers the market's only network-based system today that goes beyond point-in-time detection to protect across the entire attack continuum. Designed for Cisco FirePOWER network security appliances, it provides visibility and control to protect against highly sophisticated, targeted, zero-day, and persistent advanced malware threats.



Features and Capabilities

Advanced malware protection must be as pervasive as the malware it is designed to combat. This requires an integrated set of controls and a continuous process to detect, confirm, track, analyze, and remediate these threats - before, during, and after an attack.

Before: Get the best global threat intelligence to strengthen network defenses.
During: Use that intelligence, known file signatures, and dynamic file analysis technology to block known malware, policy-violating file types, and communications trying to infiltrate the network.
After: Continuously analyze files and network traffic for threats that evade your first lines of defense, get deep visibility into the activity and behavior of the threat, and then rapidly respond to and contain an active attack with a few clicks.


Cisco AMP for Networks delivers protection along the entire attack continuum with the following key features and capabilities:

Identify Stealthy Attacks

  • Continuous analysis tracks files after they've entered the network

  • Retrospective security alerts you to take action during and after an attack

  • Multi-source indications of compromise correlates discrete events for better detection


Reduce the Amount of Actionable Malware Events

  • File and application control helps you limit policy-violating files and actions

  • Known malware blocking offers real-time file dispositions to help detect and stop attacks

Gain an Efficient Workflow for Investigations

  • File trajectory tracks file transmissions across the network

  • File capture allows you to store and retrieve files for further analysis

  • Integration of Threat Grid provides a safe, highly secure sandbox environment to analyze the behavior of suspect files

  • Automated prioritization of high-risk events assigns threat scores


Advanced Malware Protection for Email Security

Block email-based attacks

More than 100 billion corporate emails are exchanged every day. Predictably, email has become a prime vehicle for cyber attacks. Cisco AMP for Email Security defends your business against spear phishing, ransomware, cryptoworms, and other stealthy attacks. It goes far beyond traditional perimeter defenses to give you advanced capabilities.

Add AMP for Email Security and get…


Protection from advanced email attacks
AMP analyzes emails for threats such as zero-day exploits hidden in malicious attachments. It gives you advanced protection against spear phishing, ransomware, and other sophisticated attacks.

Continuous analysis and retrospective security
Once a file crosses the email gateway, AMP continues to watch, analyze, and record its activity, regardless of the file’s disposition. If malicious behavior is spotted later, AMP sends you a retrospective alert so that you can contain and remediate the malware. 


Deep file analysis
Advanced sandboxing capabilities perform static and dynamic malware analysis of unknown files. You get detailed analytics on the file’s behavior and threat level to help your security team understand, prioritize, and block attacks. 

Stronger network defense
Our Cisco Talos experts analyze millions of malware samples per day and push that intelligence to AMP. AMP then correlates files, telemetry data, and file behavior against this knowledge base to proactively help you defend against known and emerging threats.


Protection from blended attacks
AMP for Email Security can be integrated with other AMP deployments to stop blended attacks across multiple threat vectors.. 

bottom of page