What Is Advanced Malware Protection (AMP)?

What Is Advanced Malware Protection (AMP)?

Advanced malware protection software is designed to prevent, detect, and help remove threats in an efficient manner from computer systems. Threats can take the form of software viruses and other malware such as ransomware, worms, Trojans, spyware, adware, and fileless malware.

What is advanced malware?

Advanced malware's goal, in general, is to penetrate a system and avoid detection. It usually has a specific target—most often an organization or enterprise—with the objective of financial gain. It might also target similar organizations within the same industry, such as several companies in field of insurance or finance. Advanced malware can take the form of common malware that has been modified to increase its capability to infect.

How does advanced malware work?

Once loaded onto a computer system, advanced malware can self-replicate and insert itself into other programs or files, infecting them in the process. It can even lay dormant for a time. Advanced malware can also test for conditions of a sandbox meant to block malicious files and attempt to fool security software into signaling that it is not malware.

Why is advanced malware protection important?

Advanced malware protection is primarily designed to help organizations prevent breaches caused by advanced malware. The damage from such breaches can range from losing a single endpoint to incapacitating an entire IT infrastructure, causing loss of productivity to employees and potentially interrupting customer services and product sales and support.

Types of advanced malware protection

Types of advanced malware protection

Prevention

Traditional antivirus (AV) software relies heavily upon detecting the signature, or binary pattern, of a virus to identify and prevent damage from malware. But most malware authors stay a step ahead of such software by writing oligomorphic, polymorphic, and more recently metamorphic viruses, which use obfuscation techniques such as encrypting parts of themselves or otherwise modify themselves so as to not match virus signatures in the antivirus database.

Endpoint security that employs advanced malware protection blocks known malware exploits accurately and efficiently without being solely dependent on signatures. Conversely, legacy AV solutions can be blind to malware in zip and other formats, as well as fileless malware, and fail to catch advanced threats.

Detection

Around 2013, the security industry's focus began to shift toward signature-less approaches to antivirus protection. Traditional antivirus solutions may struggle to accurately detect low-prevalence threats. But endpoint security that employs continuous monitoring of all file activity results in faster detection of new threats.

New antivirus capabilities were developed to detect and mitigate zero-day attacks and other, more sophisticated malware. Some of these next-generation capabilities include:

  • Behavior-based malware detection, which builds a full context around every process execution path in real time
  • Machine learning models, which identify patterns that match known malware characteristics and other various forms of artificial intelligence

Response

More effective response methods are now found in advanced malware protection solutions, such as endpoint detection and response (EDR) and—more recently—extended detection and response (XDR) tools. Unlike traditional endpoint security, advanced malware protection solutions also provide retrospective security that rapidly contains the threat at the first sign of malicious behavior.

Efficiency

Legacy antivirus deployments often require complex configuration and management. Advanced malware protection solutions provide prevention, detection, and response all in one solution and are generally highly automated. Their built-in, open platforms enable much simpler and more efficient workflows.

Get started

Learn more about Cisco products and solutions related to malware protection.

Start your 30-day free trial

Stop threats before compromise, reduce incident response times, and boost operations effectiveness.

Start a free trial