From the course: Cisco CCNP SCOR Security (350-701) Cert Prep: 3 Endpoint Protection and Secure Access

Unlock this course with a free trial

Join today to access over 22,500 courses taught by industry experts.

Retrospective security

Retrospective security

- [Narrator] Many endpoint anti-malware systems will inspect files only at the point in time that they are accessed or executed. This is certainly true with traditional antivirus programs. When we talk about the Cisco amp features, one of the great things that this includes is both continuous analysis and retrospective security. Malware has continued to become more and more sophisticated using things like sleep features to hide malware and activate that at a point in time later than when we first downloaded it or executed it, having simple point in time detection isn't enough these days. And that's why Cisco amp has these next generation features. Amp has the ability to record the activity of all files within the system. And it can determine if a file that was formerly categorized as being benign turns into a malicious threat at a later time, amp can also give you an historical view into such a file, allowing you to see the origin of the threat and the behavior over a period of time…

Contents