Cisco Cisco ScanSafe Wi-Fi Hotspot Security 白皮書
© 2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 7 of 7
After: Scope, Contain, Remediate
Both CTA and AMP enable continuous analysis and remediation in the critical “after” phase of the attack
continuum. CTA provides real-time network behavior analysis to identify anomalous behavior in the network.
AMP’s file retrospection, meanwhile, addresses the problem of malicious files passing through perimeter defenses.
AMP’s active reporting capabilities provide visibility into the reputation and behavior of files that have entered the
network. Security teams can more easily identify and assess the scope of attack and remediate quickly.
continuum. CTA provides real-time network behavior analysis to identify anomalous behavior in the network.
AMP’s file retrospection, meanwhile, addresses the problem of malicious files passing through perimeter defenses.
AMP’s active reporting capabilities provide visibility into the reputation and behavior of files that have entered the
network. Security teams can more easily identify and assess the scope of attack and remediate quickly.
The machine learning that occurs with CTA and AMP in the “after” phase is then used to enhance the near-real-
time detection capabilities that Cisco CWS Premium applies during an attack.
time detection capabilities that Cisco CWS Premium applies during an attack.
For More Information
To find out more about Cisco CWS Essentials and Cisco CWS Premium, go to
http://www.cisco.com/go/cws
.
For more information on CTA, see
http://www.cisco.com/go/cognitive
.
For more on AMP, visit
http://www.cisco.com/go/amp
.
Printed in USA
C11-732714-00 09/14