Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco Cognitive Threat Analytics

Security that evolves along with networks

Today’s attacks are more effective than ever. And organizations struggle to secure their rapidly changing networks against them. But you can detect even the most sophisticated attacks with Cognitive Threat Analytics. Deployed by more than 5 million users, it requires no additional hardware or software. And it integrates with several Cisco security solutions.

Features and benefits

Detect threats faster

Cognitive Threat Analytics pinpoints attacks before they can exfiltrate sensitive data. It analyzes web traffic, endpoint data from Cisco AMP for Endpoints, and network data from Cisco Stealthwatch Enterprise. It then uses machine learning to identify malicious activity.

Reduce investigation times

After an attack, Cognitive Threat Analytics gives you a summary of the threat in plain English with recommended remediation actions. This analysis helps eliminate false-positive alerts and drastically reduces investigation times.

Find threats in encrypted traffic

Together with Cisco Stealthwatch Enterprise, Cognitive Threat Analytics is part of Cisco Encrypted Traffic Analytics. This solution can detect malware hiding in encrypted traffic without decrypting the data.

How to enable Cognitive Threat Analytics

Cognitive Threat Analytics is available with the following Cisco solutions.

Stealthwatch Enterprise

Dramatically improve visibility, security, and incident response for your network. Correlate local traffic models with global threat behaviors. Gain rich threat context around network traffic. (3:54 min)

AMP for Endpoints

Reduce the time to detection for new threats. Gain visibility into devices where a connector cannot be installed, such as personal devices and critical servers. Then see results in one place. (3:29 min)

AMP for Web Security

Detect and respond to sophisticated web-based attacks, even those that bypass security controls. It doesn’t matter if the attacks are carried out in standard, encrypted, or anonymous channels. (3:02 min)

Try it out today

Try Cognitive Threat Analytics with AMP for Endpoints with an instant demo.


Get the strongest possible security. Cisco Services help you integrate technologies, migrate from other solutions, and optimize your existing solutions.

A safer, faster supply chain

"A couple of the main differentiators with Cloud Web Security Premium are the threat intelligence of AMP and CTA as well as the ability to drill into the command-and-control communications."

Scott Engel, Director of IT Infrastructure, Transplace

Featured blog posts

Brute force still used

WordPress and other content management systems are widely targeted for distributed brute force attacks. Anna Shirokova explains why.

Improve incident response

Evgeny Mirolyubov explains how Cisco AMP for Endpoints and Cognitive Threat Analytics can help you prevent security incidents from becoming large-scale breaches.

Find advanced threats

Attackers constantly innovate, employing ever more sophisticated techniques. Joe Malenfant explains how to fill the gaps in your defense and detect advanced threats.


Data Sheets and Literature


Support & Downloads

For partners

Are you a Cisco partner?  Log in to see additional resources.

Looking for a solution from a Cisco partner? Connect with our  security technical alliance partners.