Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Protect Users Everywhere with AMP for Endpoints and Cisco Umbrella Solution Overview

Available Languages

Download Options

  • PDF
    (251.3 KB)
    View with Adobe Reader on a variety of devices
Updated:August 25, 2020

Available Languages

Download Options

  • PDF
    (251.3 KB)
    View with Adobe Reader on a variety of devices
Updated:August 25, 2020

Table of Contents



Needs of an organization

The recent abrupt shift toward massively supporting workers in remote locations creates a series of security challenges — keeping your business running smoothly while securing workers at a greater scale than ever before. Organizations need deep visibility into where their users are when connecting to the Internet and cloud, as well as requiring the ability to stop malicious behavior across their devices before harm is done. The powerful combination of Cisco Umbrella® and Cisco® Advanced Malware Protection (AMP) for Endpoints acts as a first line and last line of defense. These solutions are powered by SecureX, our cloud-native, built-in platform technology, which can smooth your transition to the cloud and protect your remote workforce while maximizing your defense more simply and efficiently.

Challenges of protecting endpoints

Endpoints are the #1 root cause of breaches - laptops, workstations, servers, and mobile devices.1 Why do endpoints continue to be the primary point of entry for attacks?

Gaps in protection

Gaps in visibility

User error

When users and endpoints are off-network, preventative tools like antivirus are often the only protection available. This is not enough when it comes to today’s advanced threats.

Organizations are often blind to malware attacks and the scope of a compromise. They have limited visibility into user and endpoint activity and lack the context to see where malware came from, where it has been, and what it’s doing. They can’t detect what they can’t see.

An attacker sends out a phishing email with a malicious attachment or link. Despite training or countless warnings, it is inevitable that users are going to open or click things that they shouldn’t.

Related image, diagram or screenshot

57% of organizations say that mobile devices are one of the most challenging areas to defend2

Related image, diagram or screenshot

197 days: industry average detection time for a breach

69 days: industry average time to contain a breach3

Related image, diagram or screenshot

56% of organizations say that user behavior is one of the most challenging areas to defend2

1. 2019 CISO Benchmark | 2019 Ponemon Cost of a Breach Study
2. Cisco 2018 Security Capabilities Benchmark Study
3. Ponemon 2018 Cost of a Data Breach Study

Effective protection for endpoints

Cisco Umbrella and AMP for Endpoints provide the first and last line of defense to help you prevent, detect, and respond to attacks.




AMP for Endpoints

  Blocks attacks at initial inspection, monitoring files, memory, and behavior
  Uses sandbox (powered by Cisco Threat Grid) to analyze unknown files


  Blocks malicious Internet requests (domain, URL, and IP) before connections are ever made

AMP for Endpoints

  Continuously analyzes all file activity to detect malicious behavior and retrospectively alert on new threats


  Learns where attacks are staged and detects attackers’ infrastructure in order to proactively block threats

AMP for Endpoints

  Shows the full history and context of a compromise
  Provides blocking of malware with a single click


  Provides rich threat intelligence on domains, IPs, and file hashes so you can triage faster

Supported by Cisco SecureX

a cloud-native security platform

AMP for Endpoints

AMP for Endpoints is a cloud-managed endpoint security solution that prevents cyber attacks and rapidly detects, contains, and remediates malicious files on the endpoints..

New packages

AMP for Endpoints Essentials

      Next-gen antivirus protection and continuous behavioral monitoring

      Dynamic file analysis and vulnerability identification

      Endpoint isolation

AMP for Endpoints Advantage

      Advanced Endpoint Detection and Response (EDR)

      Orbital Advanced Search

      Full subscription to Threat Grid Cloud (malware analysis/threat intelligence)

AMP for Endpoints Premier

      Combines our Orbital Advanced Search feature with expertise from elite threat hunters to proactively find more sophisticated threats.

Feature spotlight

      Proactive blocking - AMP for Endpoints uses a combination of file reputation, behavioral indicators, sandboxing technology, and global threat intelligence provided by the Cisco Talos® Security Intelligence Group to analyze unknown files and automatically block malware from trying to run on endpoints.

      Continuous analysis and retrospective security - Advanced malware can evade front-line defenses and infiltrate an endpoint. AMP for Endpoints continuously monitors and records all file activity on endpoints to quickly spot malicious behavior.

      Cisco SecureX Threat Response - Included with AMP for Endpoints at no charge and helps to accelerate critical security operation functions. It seamlessly integrates with Cisco security products and third-party solutions to provide the necessary breach defense, protection, and efficiencies in security.


Umbrella is a cloud security platform that provides the first line of defense against threats on the Internet for users on or off the corporate network. Umbrella delivers complete visibility into Internet activity across all locations and endpoints and can proactively block malicious requests before a connection is established.

Umbrella helps organizations

      Stop attacks earlier

      Identify already-infected devices faster

      Prevent data exfiltration

Feature spotlight

      Intelligence - Umbrella is built on a global network that resolves over 200 billion DNS (Domain Name System) requests every day and derives intelligence directly from that data. Using a combination of machine learning and human intelligence, the data is analyzed to identify patterns, detect anomalies, and create statistical models to automatically uncover current attacks and attacker infrastructure being staged for the next threat.

      Intelligent proxy - The Umbrella intelligent proxy provides customers with more granular protection. If Umbrella receives a request for a domain that is known neither as good nor bad, it is routed to the proxy for deeper inspection. Umbrella uses a combination of Cisco Talos, Cisco web reputation systems, and partner feeds to block millions of malicious URLs. Umbrella provides file inspection using an AV engine and Cisco AMP.

Cisco SecureX

SecureX is a built-in experience in all Cisco Security products that connects with your entire security infrastructure, including AMP for Endpoints and Cisco Umbrella. SecureX can unlock the value of your security as it:

      Is integrated and open for simplicity

      Unifies your security in one location for visibility

      Maximizes your operational efficiency

And SecureX allows you to:

      Fully integrate all your security solutions

      Share insights and context between tools and teams

      Automate and complete our workflows

      Harmonize policies across your ecosystem

Related image, diagram or screenshot


Related image, diagram or screenshot

Learn more

      Cisco AMP for Endpoints

      Cisco Umbrella

Our experts recommend

      Cisco Advanced Malware Protection for Endpoints

      Cisco SecureX Threat Hunting At-a-Glance

      AMP for Endpoints Linux connector - Anti-Virus incompatibilities

Learn more