Unified Malware Analysis and Threat Intelligence
Empower your security team with context-rich intelligence to quickly recover from and proactively defend against attacks. AMP Threat Grid combines advanced malware analysis with deep threat analytics and content for a global view of threat activity in your environment. AMP Threat Grid is available as either a cloud-based software as-a-service or an on-premises appliance.
Edge to Endpoint Malware Analysis
Threat Grid provides a common analysis platform across your security infrastructure. (2:07 min)Watch Video
Beyond the Sandbox
Listen to Forrester, ADP, and Cisco discuss sandboxing as a means to fight against malware.Watch Video
Features and Capabilities
Advanced Threat Intelligence and Analysis
AMP Threat Grid delivers context-driven security analytics to accurately identify attacks in near real time. The product analyzes millions of files and correlates them against hundreds of millions of other analyzed malware artifacts. Customers gain a global view of malware attacks, campaigns, and their distribution.
Detailed reports identify key behavioral indicators and determine threat scores for faster prioritization and recovery from advanced attacks.
Behavioral Indicator Creation and Threat Score
Arm your team to prioritize and respond rapidly and efficiently with confidence. Over 450 indicators produced through static and dynamic analysis covering malware families, malicious behavior, and more can ensure analysis is accurate and specific.
Threat score, a reflection of maliciousness, delivers detailed descriptions and actionable information to gain deep knowledge and insight into malware behavior and various attack techniques. Proprietary analysis and algorithms determine the confidence and severity of a threat by a score for better prioritization.
Premium Content Feeds
Automate for faster detection and response. Easily integrate premium feeds into existing security infrastructures such as security information and event management (SIEM), intrusion detection systems (IDS), gateways, and proxies for faster detection and blocking of malware.
AMP Threat Grid analyzes millions of samples monthly and distills terabytes of rich, actionable content into clearly categorized and easily consumable content feeds. The feeds, delivered in standard formats, are easy to operationalize and automate.
Advanced Search, Correlation, and Reporting
AMP Threat Grid can enable accurate detection and defense against advanced attacks. Robust search, correlation, and reporting capabilities provide detailed information on current and historical malware artifacts, indicators, and samples. Detailed analysis reports include all malware sample activities, including network traffic and artifacts.
Flexible and Scalable
AMP Threat Grid is designed to meet the advanced threat protection needs of any organization. With a powerful and easy-to-use REST API, AMP Threat Grid seamlessly integrates with your existing security infrastructure. It is available as either an on-premises appliance or a cloud-based solution.
Edge to Endpoint Integration
AMP Threat Grid's sandboxing technology has been integrated across Cisco's security portfolio to provide more visibility into more places than ever before. It shares, correlates, and synthesizes information across multiple security control points. The integration from network edge to endpoint increases visibility and control while reducing time to detection and time to remediation of advanced malware.
Specifications at a Glance
Supported file types for analysis:
- PE32 files – executable (.EXE), libraries (.DLL)
- Java archives (.JAR)
- Portable document format (.PDF)
- Office documents: .RTF, .DOC(X), .XLS(X), .PPT(X)
- ZIP (.ZIP) as a container
- URLs: Internet shortcut files or URLs
- HTML documents
- Windows XP
- Windows 7 32 bit and 64 bit
- Application version support