Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Strengthen your security

Take advantage of Threat Grid’s integration across the Cisco security portfolio. And integrate it with third-party security technologies.

AMP for Networks provides visibility and control beyond point-in-time detection. It protects against highly sophisticated, targeted, zero-day, and persistent advanced malware threats. Unknown files are immediately analyzed by our malware analysis engines. Analysis results are shared across your AMP infrastructure. You get an integrated set of controls that protect your network across the attack continuum.

Threat Grid has been integrated with the industry's first adaptive, threat-focused next-generation firewall (NGFW), as well as the Cisco ASA with FirePOWER Services. Malware analysis engines are combined with firewall protection in a single device. You get automated sandboxing of unknown files as they try to enter the network.

Get advanced automated malware sandboxing of unknown files at the network edge by our NGIPS. Results are presented through the Firepower Management Center and shared with AMP.

Threat Grid automatically analyzes low-prevalence executables identified by AMP for Endpoints. It also provides on-demand malware analysis capabilities. All samples are given a threat score, so you can rapidly triage incidents.

If your organization has privacy requirements that restrict the use of a public cloud, the Cisco AMP Private Cloud virtual appliance is an on-premises, air-gapped option. Malware analysis is highly secure, and all analyzed files remain within your physical and logical boundary.

Web and Email Security

Web and email remain the top vectors for malware. Threat Grid has been integrated into Cisco Web and Email Security solutions. It enhances malware detection using advanced static and dynamic malware analysis technologies.

Threat Grid’s dynamic malware analysis is combined with the Meraki unified threat management (UTM) solution to provide deep visibility into threats across branch locations and remote offices. Managing security is easier, yet you gain advanced threat capabilities. Security teams can better understand, prioritize, and mitigate attacks.

Threat Grid is integrated with Cisco Umbrella to identify all malicious domains discovered during analysis. Customers can automatically block users from connecting to the known malicious domains, preventing data exfiltration.

Other products

AMP license holders may increase the daily submission limit with sample packs, or add the full Threat Grid Premium, which offers all Threat Grid functionality, including premium threat intelligence feeds, API access, investigative capabilities, and the unique Glovebox malware interaction tool.

Cisco Threat Grid is also available as a highly secure, on-premises appliance that does not transmit data outside the enterprise. Sensitive and compliance-protected data remains safely on site.

 

Integrations with third-party solutions

Our partner ecosystem makes it easier for you to automate sample submissions from your existing security technologies. For more information on the partners below, and the entire Cisco Security ecosystem, please visit the Security Technology Alliance Partners.

Cisco partner’s that have integrated Threat Grid malware analysis into their products include:

  • 5th Column
  • Acuity Solutions BluVector
  • CyberSponse SOAR
  • DFLabs INCMan
  • Demisto Orchestrator
  • Exabeam Security Intelligence Platform
  • LogRhythm Security Intelligence Platform
  • IBM QRadar
  • IBM Resilient
  • IBM X-Force
  • OpenText EnCase
  • Paterva Maltego
  • Phantom Orchestrator (owned by Splunk)
  • Siemplify SOAR
  • Splunk SIEM
  • Swimlane Security Operations Manager
  • Syncurity IR-Flow
  • RSA NetWitness Packets
  • TrapX DeceptionGrid
  • TripWire Enterprise
  • WireX Systems Network Forensics Platform

Threat intelligence platforms that use Threat Grid malware feeds include:

  • Anomali
  • Centripetal Networks
  • ThreatConnect
  • ThreatQuotient