Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco Threat Grid Partners and Integrations

Strengthen your security

Take advantage of Threat Grid’s integration across the Cisco security portfolio. And integrate it with third-party security technologies.

Cisco Advanced Malware Protection (AMP) for Networks

AMP for Networks provides visibility and control beyond point-in-time detection. It protects against highly sophisticated, targeted, zero-day, and persistent advanced malware threats. Unknown files are immediately analyzed by our malware analysis engines. Analysis results are shared across your AMP infrastructure. You get an integrated set of controls that protect your network across the attack continuum.

Firewalls: NGFW and ASA with FirePOWER Services

Threat Grid has been integrated with the industry's first adaptive, threat-focused next-generation firewall (NGFW), as well as the Cisco ASA with FirePOWER Services. Malware analysis engines are combined with firewall protection in a single device. You get automated sandboxing of unknown files as they try to enter the network.

Next-Generation Intrusion Prevention System

Get advanced automated malware sandboxing of unknown files at the network edge by our NGIPS. Results are presented through the Firepower Management Center and shared with AMP.

Cisco AMP for Endpoints

Threat Grid automatically analyzes low-prevalence executables identified by AMP for Endpoints. It also provides on-demand malware analysis capabilities. All samples are given a threat score, so you can rapidly triage incidents.

AMP Private Cloud

If your organization has privacy requirements that restrict the use of a public cloud, the Cisco AMP Private Cloud virtual appliance is an on-premises, air-gapped option. Malware analysis is highly secure, and all analyzed files remain within your physical and logical boundary.

Web and Email Security

Web and email remain the top vectors for malware. Threat Grid has been integrated into Cisco Web and Email Security solutions. It enhances malware detection using advanced static and dynamic malware analysis technologies.

Meraki MX

Threat Grid’s dynamic malware analysis is combined with the Meraki unified threat management (UTM) solution to provide deep visibility into threats across branch locations and remote offices. Managing security is easier, yet you gain advanced threat capabilities. Security teams can better understand, prioritize, and mitigate attacks.

Cisco Umbrella

Threat Grid is integrated with Cisco Umbrella to identify all malicious domains discovered during analysis. Customers can automatically block users from connecting to the known malicious domains, preventing data exfiltration.

Other products

AMP license holders may increase the daily submission limit with sample packs, or add the full Threat Grid Premium, which offers all Threat Grid functionality, including premium threat intelligence feeds, API access, investigative capabilities, and the unique Glovebox malware interaction tool.

Cisco Threat Grid is also available as a highly secure, on-premises appliance that does not transmit data outside the enterprise. Sensitive and compliance-protected data remains safely on site.


Integrations with third-party solutions

Our partner ecosystem makes it easier for you to automate sample submissions from your existing security technologies. For more information about the Threat Grid APIs, please visit DevNet. For more information on the partners below, and the entire Cisco Security ecosystem, please visit the Security Technology Alliance Partners.

Cisco partner’s that have integrated Threat Grid malware analysis into their products include:

  • 5th Column
  • BluVector A Comcast Company
  • CyberSponse SOAR
  • DFLabs INCMan
  • Exabeam Security Intelligence Platform
  • LogRhythm Security Intelligence Platform
  • IBM QRadar
  • IBM Resilient
  • IBM X-Force
  • Minerva’s Anti-Evasion Platform
  • OpenText EnCase
  • Palo Alto Networks Cortex XSOAR
  • Paterva Maltego
  • Phantom Orchestrator (owned by Splunk)
  • Siemplify SOAR
  • Splunk SIEM
  • Swimlane Security Operations Manager
  • Syncurity IR-Flow
  • RSA NetWitness Packets
  • TheHive SOAR
  • TrapX DeceptionGrid
  • TripWire Enterprise
  • WireX Systems Network Forensics Platform


Threat intelligence platforms that use Threat Grid malware feeds include:

  • Anomali
  • Centripetal Networks
  • Eclectic IQ
  • ThreatConnect
  • ThreatQuotient