Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco Threat Response

Security that works together

Are you overwhelmed by too many security investigation tools? Combat the problem with Threat Response, a key component of Cisco SecureX--the broadest, most integrated security platform..

Threat Response accelerates investigations by automating and aggregating threat intelligence and data across your security infrastructure--Cisco and otherwise--into one unified view. Get more value from your security investment when products work together to simplify your experience.

Introducing Cisco SecureX

If your teams spend too much time stitching together point solutions, SecureX can simplify and strengthen your security with a truly integrated platform experience.

UNC Pembroke increases efficiency in its SOC

See how this fast-growing university met its security challenges using Cisco Threat Response, part of Cisco's integrated platform.

Protecting patient data

See how NHS Management, a healthcare organization with 50+ skilled nursing and physical rehabilitation facilities, reduced security investigations from days to mere hours with Cisco Threat Response and the integrated Cisco Security platform.

Benefits of Cisco Threat Response

Unleash the full power of our integrated security architecture with Cisco Threat Response.

Out-of-box integrations

Get more from your Cisco Security investments when they are already working together.

Designed for your SOC

Reduce the burden on your other security products and make them work better.

Save time and effort

Speed cyber investigations significantly and take corrective action immediately.

No additional cost

Get it today with integrated Cisco Security product licenses.

Featured videos

Watch an interview and demonstration of how Firepower events are now integrated into Cisco Threat response.

Cisco Endpoint Security can help you go from exposed to empowered in seconds.


Integration of email threat detection, investigation, and remediation in minutes.

Watch Cisco Threat Response defeat threats with just a few clicks, directly from your browser.

Key features

Aggregated threat intelligence

Cisco Threat Response integrates threat intelligence from Cisco Talos and third-party sources to automatically research indicators of compromise (IOCs) and confirm threats quickly.

Automated enrichment

Cisco Threat Response adds context from integrated Cisco Security products automatically so you know instantly which of your systems was targeted and how.

Intuitive, interactive visualizations

Cisco Threat Response shows your results on intuitive, configurable graphs for better situational awareness and quick conclusions.

Incident tracking

Cisco Threat Response provides the capability you need to collect and store key investigation information, and to manage and document your progress and findings.

Seamless drill-down

Cisco Threat Response makes it easy to continue deeper investigations into integrated Cisco Security products. Want to see exactly where that malicious file went? One click and you are inside Cisco AMP for Endpoints with everything you need to know about its trajectory.

Direct remediation

Cisco Threat Response lets you take corrective action directly from its interface. Block suspicious files, domains, and more--without having to log in to another product first.

Try now

Existing customer login

If you own AMP for Endpoints, Umbrella, Email Security, Threat Grid, Stealthwatch Enterprise, or Firepower, you can use Threat Response for free. Log in or create your account now.

Log in (US) | Log in (EU) | Log in (AP)

New customer trial

Don't own a Cisco Security product? Request a free trial of AMP for Endpoints, Umbrella, Email Security, Threat Grid, Stealthwatch Enterprise, or Firepower, and you will automatically get to try Threat Response.

Stealthwatch trial | Umbrella trial | AMP trial | Email Security trial | Threat Grid trial | Get a Network Health Check

Start investigating

Log in, configure modules for the products you own, and start investigating. Want to search for the latest threats? Just paste indicators of compromise (IOCs) from the Cisco Talos weekly threat roundup into Threat Response.

Start now (US) | Start now (EU) | Start now (AP)

Resources, demos, and webinars

Do you need more experts like Kareem in your security operations center too? You bet. But in case you can’t find them...

Let us surprise you with what Cisco Threat Response can do. Here are two must-see videos to explain what it's all about and why you need it.

How about an engaging interview and demonstration of Cisco Threat Response led by our very own Jason Wright?

Upcoming webinars

Learn how to quickly stop threats by integrating your Cisco security products using Cisco Threat Response. Join us for an in-depth look in one of our monthly webinars.

Visit our Threat Response community

Join your peers and experts in the Threat Response community. Get valuable resources, ask questions, and share your expertise.

Recommended content

The best things in threat hunting are free

Threat Response, one of the most valuable tools available in threat hunting, is free.

Why integration matters

In this analyst report, read ESG's take on the pitfalls of point cybersecurity products and why more industry integration is needed.

Stealthwatch integration

Learn how we bring machine-scale analysis to human-scale understanding with the power of analytics.

What customers are saying

"I am able to visualize threats [with Threat Response] and take action in half the time it used to take me."

-Security Engineer, Large Enterprise Banking Company

Key integrations

Cisco AMP for Endpoints

Want to know which systems were affected by that malicious file? Integrate AMP for Endpoints with Threat Response and you'll spot them right away... and then be able to secure them.

Cisco Umbrella

Need to know which devices connected to that malicious domain? Integrate Umbrella with Threat Response and you'll see that too... and be able to block those domains.

Cisco Firepower

Wonder which alerts are the most critical to investigate? Integrate Firepower NGFW/NGIPS with Threat Response and you’ll get those high-fidelity events.

Cisco Email Security

Want to find out who sent that malicious email attachment? Integrate Email Security with Threat Response and you’ll find out everyone who sent it and so much more.

Cisco Threat Grid

Curious if anyone else has seen that file and knows why it is suspicious? Integrate Threat Grid with Threat Response and get detailed intelligence about malware, associated paths, and more.

Stealthwatch Enterprise

Want deep network analysis, to quickly understand the behavior of the threats you face? Integrate Stealthwatch Enterprise with Threat Response to bring advanced security analytics into your incident investigations.

Web Security

Web Security Appliances leverage multiple technologies to protect your network against the most common threat vector and give Threat Response users visibility into connections with unsafe or suspicious websites.

Third-party integrations

It's not always about Cisco

Does Threat Response work with anything else? Through its robust APIs, you can integrate Threat Response with threat intelligence feeds and other security products, such as Signal Sciences, Splunk SIEM, and Swimlane.

Why Cisco Threat Response?

Time is one of the scarcest resources for most organizations. Manual processes and disjointed threat response solutions result in slow and inefficient incident response times that allow threats to proliferate and grow more sophisticated. Cisco Threat Response leverages an integrated security architecture that automates integrations across select Cisco Security products to simplify threat investigations and responses.

With Threat Response, you can simply paste these observables into Cisco Threat Response's "Investigate" user interface and it does the work for you. It brings all that knowledge from intel sources and security products and displays the results in seconds. It empowers your SOC teams, with a single console for direct remediation, access to threat intelligence, and tools like casebook and incident manager. It overcomes many challenges by making threat investigations faster, simpler, and highly effective.


Incident Response Services

An effective security operations center is not just about great technology. It’s about how your people, processes, and technology work together to identify threats and swiftly take corrective action. Let Cisco Incident Response Services help you prepare for, manage, and recover from network attacks and data breaches.