Cisco Cisco Firepower Management Center 4000

When a file is positively identified as malware, the cloud sends the threat identification to the Defense 
Center. The cloud can also send other kinds of information to the Defense Center, including data on 
scans, quarantines, blocked executions, and cloud recalls. The Defense Center logs this information as 
malware events.

configure custom malware detection policies and profiles for your entire organization, as well as 
perform flash and full scans on all your users’ files

perform malware analysis, including view heat maps, detailed file information, network file 
trajectory, and threat root causes

configure multiple aspects of outbreak control, including automatic quarantines, application 
blocking to stop non-quarantined executables from running, and exclusion lists

create custom protections, block execution of certain applications based on group policy, and create 
custom whitelists

For more information, see the following sections:

 compares the malware protection 

strategies available in the Cisco family of products.

 explains how to establish 

communications between the Defense Center and the Cisco cloud. 

For detailed information on FireAMP, refer to the online help on the FireAMP portal.

Malware or Any

feature dependent

feature dependent

The following diagram shows how you can use the Defense Center to work with data from both a 
network-based advanced malware protection strategy and an endpoint-based FireAMP strategy.