The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Cisco Talos delivers industry-leading threat research and intelligence, proactive security services, and incident response to defend organizations against evolving cyber threats. Talos delivers unmatched and coordinated security across our comprehensive platform of security products.
Threat Intelligence Services Overview
Cisco Talos is one of the world’s most trusted cybersecurity threat intelligence teams, made up of expert researchers, analysts, incident responders, and engineers. We defend Cisco customers and raise awareness of evolving threats within the cybersecurity community, partnering with industry and government organizations worldwide.
Through cloud-based security services, customers see our intelligence in action within Cisco products. This includes the observables we track, context we create, and detections built directly into Cisco security products. This provides clear, consistent, and automated protection against evolving threats and strengthens defences for every customer we serve.
With every service, Talos transforms observables (data points that provide critical context) into automated, actionable detections. This process helps organizations identify and block attacks fast. With the Cisco Talos cloud-based services, Cisco customers receive trusted, up-to-date protections against today’s most sophisticated and evolving cybersecurity threats.
Our mission is simple: our job is your defense.
Threat Intelligence Service Catalog
Network Security
| Service |
Description |
| Cisco Talos Network Intrusion Prevention |
Cisco Talos’ Network Intrusion Prevention (IPS) works at the network layer to monitor data coming into the network. The service (also known as Snort) performs real-time traffic analysis, packet logging, protocol analysis, and content searching/matching to identify and block malicious traffic designed to exploit vulnerabilities in systems, applications, or devices. Comprehensive rules, or signatures, detect malicious activities originating from both external and internal sources, such as vulnerability exploitation attempts, malware traffic, reconnaissance, and exfiltration of traffic. IPS often combines behavior-based analysis to identify and block suspicious activities from new or emerging threats, combating zero-day vulnerabilities. SnortML adds a machine learning engine capable of detecting zero-day attacks by identifying payloads that match vulnerability classes, even if there are variations, allowing customers to get in front of the fight against zero-day attacks. |
Web Security
| Service |
Description |
| Cisco Talos DNS Security |
Cisco Talos DNS Security protects organizations from Domain Name System (DNS)-based threats such as malware delivery, data exfiltration, DNS tunneling, phishing, and command and control (C2) communications. DNS layer security blocks malicious domains, IPs and URLS at the DNS level before they reach the network and protects users regardless of their location. Domain Generated Algorithm (DGA) protection reverse engineers malware with AI to understand the algorithms used to generate new domains and predict problem domains before they deliver malicious content. |
| Cisco Talos Web Filtering |
Cisco Talos Web Filtering provides robust protection against online threats while ensuring compliance and visibility into web activity. This service protects users from accessing malicious or inappropriate web content through reputation and categorization across domain, IP, and URL indicators. Cisco products query the extensive Web Filtering database of context information on Domains, IPs, and URLs to block harmful sites and enforce acceptable use or IP geolocation policies. |
Malware Defense
| Service |
Description |
| Cisco Talos Anti-Virus |
Cisco Talos’ Anti-Virus (also known as ClamAV) delivers deep file analysis and pattern matching for file classification. This also includes regex or bytes for signature matching, as well as reviewing file hashes and image fuzzy hashes. Talos Anti-Virus is the bedrock anti-virus protection Cisco embeds across the security, networking, and collaboration portfolio. |
| Cisco Talos Malware Prevention |
Cisco Talos Malware Prevention protects customer endpoints and systems from malicious software delivered by threat actors looking to gain a foothold in the environment. This service goes beyond reputation, analyzing the behavior of the machine, rather than convicting based on a simple domain or URL presence. For instance, engines must take into account what actions a user performed on purpose, and whether it was with malicious intent. Our behavioral protections defend against memory corruption and process injection attacks often used by obfuscated malware, as well as system exploits that target software vulnerabilities of protected processes. |
Email Security
| Service |
Description |
| Cisco Talos Email Filtering |
Cisco Talos Email Filtering provides reputation-verdict and categorization services in support of Cisco email products. Multi-layered defenses protect customers from email threats, spam, and graymail. Email Security examines URLs and file attachments contained in emails, as well as IP and Domain reputations of senders, to block malicious, unwanted, and inappropriate emails. Our research team has the experience of experts in over 40 languages to review and classify messages to identify spam, ham (desired emails), phish, and more. |
| Cisco Talos Email Threat Prevention |
Cisco Talos Email Threat Prevention provides industry-leading brand impersonation, business email compromise, and phishing attack detection. AI analyzes anomalies and traffic trends in Cisco’s vast telemetry database to detect and prevent attackers pretending to be trusted brands (Brand Impersonation) or targeting high value employees with carefully crafted phishing attempts (Business Email Compromise). Talos blocks these customized attacks and provides detailed logs on all attempts and actions taken. |
Security Operation Center Augmentation Services (SOC Augmentation Services)
| Service |
Description |
| Cisco Talos Incident Response |
Cisco Talos Incident Response (Talos IR) delivers both proactive and emergency support. We help organizations strengthen their defenses before an incident occurs and provide rapid expert response when one does. The Talos IR service is fueled by the global threat intelligence of Cisco Talos, ensuring every engagement benefits from the latest insights into attacker tools, tactics and procedures. With a flexible retainer model, you can use your hours for anything from compromise assessments and tabletop exercises to hands-on training, or urgent remediation. Whether you’re preparing for the next threat or managing a crisis, Talos IR helps organizations to minimize risk, reduce downtime, and build lasting cybersecurity resilience. |
| Cisco Talos Threat Hunting |
Cisco Talos Threat Hunting is an analyst‑led service that identifies malicious activity that may have been missed by traditional security tools. Using raw endpoint telemetry, behavior analysis, and ML/AI‑assisted detection, Talos threat hunters track adversary tactics, techniques, and procedures to uncover stealthy threats before they cause harm. Unlike many systems that only surface events, Talos Threat Hunting examines the complete ecosystem of behaviors to confirm malicious intent and close gaps. Available through selected suites and premiere licensing, customers receive detailed, actionable reports and threat coverage improvements that benefit both their organization and the wider Cisco customer base - enabling rapid remediation. |
Threat Intelligence Service and Security Product Mapping
Please note that licenses and configurations may need to be enabled to benefit from these services.
| Cisco Talos |
Network Security |
Web Security |
Malware Defense |
Email Security |
||||
| Threat Intelligence Services and Security Product Matrix |
Cisco Talos Network Intrusion Prevention Service |
Cisco Talos DNS Security |
Cisco Talos Web Filtering |
Cisco Talos Malware Protection |
Orbital Queries and Scripts |
Cisco Talos Anti-Virus |
Cisco Talos Email Filtering |
Cisco Talos Email Threat Prevention |
| Cisco Firewall |
Y |
Y |
Y |
Y |
- |
Y |
- |
- |
| Cisco Secure Access, Cisco Umbrella |
Y |
Y |
Y |
Y |
- |
Y |
- |
- |
| Cisco Multicloud Defense |
Y |
- |
Y |
- |
- |
Y |
- |
- |
| Cisco Secure Malware Analytics |
- |
- |
- |
Y |
Y |
Y |
- |
- |
| Cisco Secure Network Analytics |
- |
- |
Y |
- |
- |
- |
- |
- |
| Cisco Secure Web Appliance |
- |
- |
Y |
Y |
- |
Y |
- |
- |
| Cisco XDR |
- |
- |
Y |
- |
- |
- |
- |
- |
| Cisco Secure Endpoint |
- |
- |
- |
Y |
Y |
Y |
- |
- |
| Splunk Attack Analyzer |
- |
- |
Y |
- |
- |
- |
- |
- |
| Splunk Enterprise Security |
- |
- |
Y |
- |
- |
- |
- |
- |
| Splunk SOAR |
- |
- |
Y |
- |
- |
- |
- |
- |
| Cisco Meraki MX, vMX |
Y |
Y |
Y |
Y |
- |
Y |
- |
- |
| Cisco Meraki Z-Series |
- |
- |
Y |
- |
- |
Y |
- |
- |
| Cisco Catalyst Center |
- |
- |
Y |
- |
- |
- |
- |
- |
| Cisco Catalyst SDWAN |
Y |
- |
- |
Y |
- |
- |
- |
- |
| Integrated Services Routers (ISR) |
Y |
- |
- |
Y |
- |
- |
- |
- |
| Secure Routers |
Y |
- |
Y |
Y |
- |
- |
- |
- |
| Cisco Cyber Vision |
Y |
- |
- |
- |
- |
- |
- |
- |
| Cisco WebEx |
- |
- |
- |
- |
- |
Y |
- |
- |
| Cisco Secure Email |
- |
- |
Y |
Y |
- |
- |
Y |
Y |