Which of the following Cisco tools makes retrospective analysis possible?
- Cisco AMP
- Cisco Ironport
- Cisco Talos
- Cisco ASA
Cisco Advanced Malware Protection (AMP) comes in a Network version and an Endpoint version. It can use threat intelligence to perform retrospective (looking back in time) analysis. This would allow an administrator to do something like determine when malware entered your network, as in many cases it enters long before you discover it.
Cisco Advanced Security Appliance (ASA) is the standard Cisco firewall product and does not do retrospective analysis.
Cisco Ironport comes in a web version and email version, and is designed to protect those types of systems. It does not perform retrospective analysis.
Although Cisco Talos feeds are sometimes used in the process of performing retrospective analysis, it is not the component that does it. Cisco Talos is the threat intelligence sharing system that Cisco uses for all customers of the feature. The Talos team protects data, and infrastructure. Its researchers, data scientists, and engineers collect information about existing and developing threats. They then deliver protection against attacks and malware. Talos underpins the entire Cisco security ecosystem.