Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5686
Views
0
Helpful
4
Replies

Anti-Malware without Internet access

gugonza2
Cisco Employee
Cisco Employee

‎04-25-2018 03:33 AM - edited ‎02-20-2020 09:05 PM

Hi Team,

I have a customer who is requiring an Anti-Malware solution for their Servers and Workstations which are not connected to Internet.

The customer has an isolated environment and they are looking for an Anti-Malware solution without Internet access.

As I understand Cisco AMP requires connection to AMP Cloud or AMP Threat Grid Cloud to provide high level of protection.

I was thinking in a possible On-Premise solution using AMP Private Cloud and Private Threat Grid combination but this solutions still requires Internet connection for security updates of on-premise devices. 

The customer is checking Stormshield, Palo Alto and Carbon Black solutions.

Any suggestion of solution for this case ?

Thanks in advance.

0 Helpful
4 Replies 4

Andre Camillo
Level 5
Level 5

‎04-25-2018 04:36 PM

Hi Guillermo,

I`d guess every solution needs some kind of updates from the cloud, something like AMP private cloud does.

Otherwise, how can these solutions promise up-to-date defense?

0 Helpful

emirolyu
Cisco Employee
Cisco Employee

‎05-25-2018 06:09 AM

Hello Guillermo,

I think you are spot on, AMP Private Cloud and Threat Grid Appliance are an option for customers who want all their data to stay on-prem. While not recommended from the security standpoint, both of them can be deployed in Air Gap mode (completely isolated from the Internet). There is a process for offline updates for air-gapped PC and TG appliances (documented and officially supported for AMP PC; not official and requires a TAC ticket for TG).

0 Helpful

gugonza2
Cisco Employee
Cisco Employee
In response to emirolyu

‎05-28-2018 03:16 AM

Thanks Evgeny,

Please, excuse me the delay in answer.

We explained to the customer about this situation.  We explained the possibility in On-Premise solution.

Finally the customer explain the detailed situation and AMP Private Cloud is not the best solution. 

Their endpoints will not have any connectivity to Internet or internal network, only the endpoints will connect to the network during change windows for software updates (2 or 3 times a year).

We explained to the customer that AMP Solution is not the solution for this case.

Thanks for your comments.

0 Helpful

Troja007
Cisco Employee
Cisco Employee

‎05-28-2018 09:37 AM

Hello,

i had this discussion very often when working as a security consultant. Enclosed some information from my side or my point of view.

  • We know signature based approach is not enough for real security. It delivers a basic protection. Removing cloud information reduces the capabilities of signature based approach up to 80%. At the end there is an outdated technology installed on the endpoint. There is no vendor on the market which does not need cloud information.
  • We know sophisticated malware cannot be detected by signature based approach.

Is the customer aware of this??

Finally, are there any other security products installed on the endpoints? If no, the customer, again my point of view, is not aware how critical systems should be protected AND if it is really so critical, which other security solutions/approaches/techniques are in place?

Cheers

0 Helpful
Customers Also Viewed These Support Documents