Hello,
We’re trying to target JATP against other solutions and especially Cisco AMP, I hope you can help me with some clarifications.
Design wise:
- JATP comes as on-premise solution either hardware or VM. Is there any option for cloud management?
- JATP data is fed through collectors for analysis as per my understanding. My questions are:
- Is there a hardware collector or only vCollector?
- How can we force the traffic to go through the collector? (should we copy the traffic from switch uplinks to the collector via port spanning or is there a different approach?)
- Is there is any kind of sensors or connectors we can install on servers or endpoints to gather traffic from and send to the JATP core
Control wise:
After you integrate JATP with SRX, you can mitigate the vulnerability from JATP via the SRX since they’re integrated by a security policy.
However, concerning endpoints like servers or PCs, how can the JATP mitigate the threat or isolate the host. Should there be some sort of integration between the JATP and switches? It’s not clear how JATP control the endpoints or gather information from it.
It’s mentioned that JATP is using Carbon Black and CrowdStrike to identify where in the network the malware has spread, how is this happening? Is there a certain agent installed from these two installed on the endpoints?