There are many ways to demonstrate how well Cisco Advanced Malware Protection (AMP) has worked for Rutgers since it arrived on most university computers in late 2018, but the best demonstration may well be this: Unless you work in IT at Rutgers, you’ve probably never heard of it.
Not only does AMP detect malware effectively, it does so invisibly, without hogging system resources or constantly asking you whether you really want to visit that site or download that file.
One key to its performance is connectivity. Traditional antivirus software only got updated threat descriptions every few days, so it sat idle most of the time but worked all-out scanning your system for a few computer-paralyzing hours per week. AMP is constantly connected to Cisco servers. It gets many small updates per day, so it performs smaller-but-more-frequent analyses and catches malware faster.
It also takes advantage of the fact that malware tends to behave in ways that normal software rarely does. All system activity undergoes its scrutiny, and any code that acts suspiciously gets flagged, even if that code isn’t known malware.
“Most of the malware these days is ransomware that encrypts your files and only restores your access if you pay up. It’s often shoehorned in with other software, the stuff you intend to download, but there’s a wide variety of malware that enters your computer in a wide variety of ways,” said Michael DePasquale, a systems administrator in the university’s Office of Information Technology. “AMP has done a very good job protecting us against all of it.”
Indeed, the university’s installation of AMP scanned 4.7 billion files and 1.4 billion IP addresses in 2019. That’s “billion,” with a “b.”
During that time, the software detected nearly 175,000 vulnerabilities, quarantined nearly 78,000 files and blocked more than 14,000 malicious applications. It also flagged 11,643 infected files that had already reached university machines.
“It’s actually a good sign that number is relatively high. It means the software is effective at detecting malware activity,” DePasquale said. “Very low numbers don’t tend to mean you’ve suddenly convinced your users to stop engaging in all the dangerous behaviors you warn them about. They are most likely an indication that your malware protection isn’t working.”
Malware protection comes installed on all university-owned machines, but users with personal devices should download personal antivirus software, which the university provides free of charge: Immunet (for Windows) and Avira (for Macintosh).
Tags: antivirus, security