Major news organizations, analyst reports, and companies have all confirmed a new era of intrusions, theft, and malicious attacks. The most advanced threats are disguised, evading defenses, waiting for days or even months before striking. Security teams are challenged with detecting these advanced threats, then analyzing and blocking them. In the meantime, how much damage is being done?
AMP Threat Grid combines static and dynamic malware analysis with threat intelligence into one unified solution. You get timely, in-depth information you need to protect your business from malware of all types. It integrates real-time behavioral analysis and up-to-the-minute threat intelligence feeds with existing security technologies, protecting you from both known and unknown attacks.
AMP Threat Grid analyzes suspicious behavior in your network against more than 450 behavioral indicators and a malware knowledge base sourced from around the world. As a result, AMP Threat Grid provides more accurate, context-rich analytics into malware than ever before.
AMP Threat Grid is delivered as a cloud-based or on-premises solution. It helps organizations understand what malware is doing or attempting to do, how large a threat it poses, and how to defend against it.
Analyzing Global Malware Trends
MS-ISAC automates malware analysis for 19,000 state & local governments. (3:30 min)Watch Video
Get Continuous Protection
Learn how Cisco addresses advanced attacks with continuous threat protection. (40:33 min.)Watch Video
Cisco AMP Threat Grid gives you deeper insight for stronger defense with malware analysis, so you can:
- Accurately identify attacks in near real time with context-focused security analytics
- Defend against threats from anywhere with the scale and power of a cloud service that analyzes millions of threats daily
- Accelerate threat detection and incident response capabilities with an easy-to-use REST API
- Improve existing security investments with pre-packaged and custom threat intelligence feeds
- Integrate with existing third-party security technologies, and take advantage of AMP Threat Grid's integration across the Cisco security portfolio
Cisco AMP Threat Grid is available as a highly secure, on-premises appliance that does not transmit data outside the enterprise, helping to ensure you safeguard sensitive or compliance-protected data.
AMP for Networks goes beyond point-in-time detection to provide visibility and control and protect against highly sophisticated, targeted, zero-day, and persistent advanced malware threats. The integration of AMP Threat Grid can ensure unknown files are immediately analyzed by our malware analysis engines. Analysis results are shared across your AMP infrastructure, providing an integrated set of controls that protect across the attack continuum.
AMP Threat Grid has been integrated with the industry's first adaptive, threat-focused next-generation firewall (NGFW), Cisco ASA with FirePOWER Services. AMP Threat Grid's malware analysis engines are combined with ASA proven firewall protection in a single device. This gives you automated sandboxing of unknown files as they attempt to enter the network, including inspecting encrypted traffic.
AMP Threat Grid provides on-demand dynamic malware analysis capabilities for users. It also provides a threat score for the submission. Users can download the packet capture (PCAP) and sample report for further analysis.
If your organization has high privacy requirements that restrict using a public cloud, the Cisco Advanced Malware Protection (AMP) Private Cloud Virtual Appliance is an on-premises, air-gapped option. As of version 2.2, AMP Threat Grid is integrated into Private Cloud providing highly secure, on premises malware analysis. Any file analyzed remains within your logical boundary.
Web and email remain the top threat vectors for malware to penetrate defenses. AMP Threat Grid has been integrated into Cisco's Email and Web Security solutions, enhancing detection malware using AMP Threat Grid's static and dynamic malware analysis technologies.
AMP Threat Grid is available as either an on-premise or cloud-based solution. Customers can upgrade to a full AMP Threat Grid subscription to access the API for further integrations and receive premium threat intelligence feeds.
AMP Threat Grid has been integrated with OpenDNS to provide all malicious domains discovered during analysis. Using Umbrella, customers can proactively block these known malicious domains from communicating with their infrastructure.
This cloud-based solution addresses gaps in perimeter-based defenses. It identifies the symptoms of a malware infection or data breach using behavioral analysis and anomaly detection. It also uses advanced statistical modeling and machine learning to independently identify new threats, learn from what it sees, and adapt over time.
The solution examines logs and correlates suspicious incidents into threats. For confirmed findings that are correlated across more than a single user, it will query AMP Threat Grid for domains, IP address, behavioral indicators, and related threat artifacts to augment its reports, while making an inferences of damage that possibly occurred on the infected device.
AMP subscribers may add the full AMP Threat Grid-Cloud functionality, including threat intelligence feeds as part of their enterprise license agreement.
Our partner ecosystem makes it easier for you to automate sample submissions from your existing security technologies and improve your infrastructure with our API. The powerful malware analysis and threat intelligence capabilities of AMP Threat Grid have been integrated into the following best-of-class security technologies.
- Guidance Software EnCase Cybersecurity
- RSA Security Analytics
- TripWire Enterprise 360
- Splunk Enterprise
- Malformity Labs Maltego
- IBM QRadar
- HP ArcSight
- McAfee Nitro
- Log Rhythm Security Intelligence Platform
Webinar: Move Beyond the Sandbox
Learn how to integrate and automate your malware analysisReserve Your Spot
Solve the Attack Puzzle
Learn how to use automated malware analysis to drive incident responseRegister for Webinar
Strengthen Your Malware Security
Beyond the sandbox- learn how to optimize your edge-to-endpoint security.Read Whitepaper