we have presently cisco Ironport web and email appliances and we are planning to implement Cisco next generation firewall with Cisco FirePOWER IPS, AMP and URL license for the IPS. So my question is regarding cisco's ironport email. May be my question could be a foolish query. But I would like to know whether it is possible to use sourcefire AMP for email too. Because we want to replace the web. But we want to keep the Ironport email only for antispam. So may be to buy again antivirus/antimalware license from ironport mail won't make any sense if sourcefire IPS can do that job already.
Remember we have to succeed in blocking every threat, and the bad guys only need to succeed once. I would say it is a mistake to only rely on one AV or AMP product to protect your network. With email being the most target entry into your network you will want to have all the protection you can get even if using the same engine.
A good illustration of why you should not rely on just a single AV to protect your network is the graph on http://www.senderbase.org/static/malware/#tab=0. Every malware vendor detects and protects against new threats at different speeds. Cisco does a pretty good job catching most of the threats, but every once in a while another engine detects a threat house and sometimes days before Cisco does.
Also AMP in E-mail will probably react different then AMP on network or endpoint. URL filtering is now included on ESA where it previously required the web security appliance. If you want bullet proof, or as close as it get you will keep you ESA/Ironport with AMP and two AVs. That way most threats will be detected one of the security layers.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :