Comparison of malware protection: Firepower vs. Secure Endpoint

File type detection and blocking method (file control)

In network traffic, using access control and file policies

Not supported

Malware detection and blocking method

In network traffic, using access control and file policies

On individual endpoints (end-user computers and mobile devices), using a connector that communicates with the AMP cloud

Network traffic inspected

Traffic passing through a managed device

None; connectors installed on endpoints directly inspect files

Malware intelligence data source

AMP cloud (public or private)

AMP cloud (public or private)

Malware detection robustness

Limited file types

All file types

Malware analysis choices

Cloud-Delivered Firewall Management Center-based, plus analysis in the AMP cloud

Cloud-Delivered Firewall Management Center-based, plus additional options on the Secure Endpoint management console

Malware blocking in network traffic, Cloud-Delivered Firewall Management Center-initiated remediations

Secure Endpoint-based quarantine and outbreak control options, Cloud-Delivered Firewall Management Center-initiated remediations

Events generated

File events, captured files, malware events, and retrospective malware events

Malware events

Information in malware events

Basic malware event information, plus connection data (IP address, port, and application protocol)

In-depth malware event information; no connection data

Network file trajectory

Cloud-Delivered Firewall Management Center-based

Cloud-Delivered Firewall Management Center and the Secure Endpoint management console each have a network file trajectory. Both are useful.

Required licenses or subscriptions

Licenses required to perform file control and malware defense

Secure Endpoint subscription. No license is required to bring Secure Endpoint data into Cloud-Delivered Firewall Management Center.