Comparison of Malware Protection: Firepower vs. AMP for Endpoints
|
Feature |
Firepower Malware Protection (malware defense) |
AMP for Endpoints |
|---|---|---|
|
File type detection and blocking method (file control) |
In network traffic, using access control and file policies |
Not supported |
|
Malware detection and blocking method |
In network traffic, using access control and file policies |
On individual endpoints (end-user computers and mobile devices), using a connector that communicates with the AMP cloud |
|
Network traffic inspected |
Traffic passing through a managed device |
None; connectors installed on endpoints directly inspect files |
|
Malware intelligence data source |
AMP cloud (public or private) |
AMP cloud (public or private) |
|
Malware detection robustness |
Limited file types |
All file types |
|
Malware analysis choices |
management center-based, plus analysis in the AMP cloud |
management center-based, plus additional options on the AMP for Endpoints management console |
| Malware mitigation |
Malware blocking in network traffic, management center-initiated remediations |
AMP for Endpoints-based quarantine and outbreak control options, management center-initiated remediations |
|
Events generated |
File events, captured files, malware events, and retrospective malware events |
Malware events |
|
Information in malware events |
Basic malware event information, plus connection data (IP address, port, and application protocol) |
In-depth malware event information; no connection data |
|
Network file trajectory |
management center-based |
management center and the AMP for Endpoints management console each have a network file trajectory. Both are useful. |
|
Required licenses or subscriptions |
Licenses required to perform file control and malware defense |
AMP for Endpoints subscription. No license is required to bring AMP for Endpoints data into management center. |