Have an account?
  •   Personalized content
  •   Your products and support

Need an account?

Create an account

NOTE: This product is no longer being sold and might not be supported.

View the End-of-Life Notice to learn: 

  • End-of-sale and end-of-life dates
  • What replacement products are available
  • Information about product support

As part of the Cisco Intrusion Prevention System (IPS), Cisco® Threat Response technology helps provide an efficient intrusion protection solution. This intelligent technology virtually eliminates false alarms, escalates real attacks, and aids in the remediation of costly intrusions.

Unlike other intrusion-management solutions, only Cisco Threat Response technology provides an automated, just-in-time, around-the clock, real-time analysis of each targeted host to determine whether a compromise has occurred and to determine how to address it quickly. The result? False alarms are eliminated and real intrusions are quickly identified and addressed, saving you time, resources, and the high costs associated with recovering from a successful attack.

Increases Efficiency, Reduces Costs

  • Eliminates false alarms and escalates real attacks - By investigating the effects of a threat on the targeted host, Cisco Threat Response technology determines whether an alert is a false alarm or a real attack. Similar to a response from an experienced security officer, Cisco Threat Response technology carefully examines the targeted host to determine the effects. It uses a three-phase approach:
    1. Basic investigation of target vulnerability - A noninvasive, real-time check of the operating system, patch levels, and Web services of the targeted system determines whether the attack could have succeeded. For example, a Linux attack against a Windows system would be downgraded and indicated as a failed attack, whereas a Windows attack against a Windows system would be indicated as a potentially successful attack.
    2. Advanced investigation of target - Based on a detailed system-level investigation, including the capture and analysis of Web logs, system logs, and other relevant data, Cisco Threat Response technology determines whether an attack succeeded or failed. Failed attacks are downgraded so staff can focus on the critical events.
    3. Forensic data capture - Cisco Threat Response technology actively collects relevant forensic evidence and provides real-world advice and recovery procedures to help you effectively manage the incident. It immediately copies and safely stores audit trails, log files, and intrusion traces from the targeted system, preventing intruders from tampering with these files and avoiding detection.
  • Provides fast, consistent, and automated processes - Responding in seconds to a detected network attack 24 hours a day, 7 days a week, Cisco Threat Response technology robustly, consistently, and automatically investigates attacks that threaten your network.
  • Offers easy deployment - Cisco Threat Response technology allows for host investigation without deploying software agents on each system within the network. This means rapid deployment and ease of maintenance.

Cisco Threat Response is currently only available in a free trial version. Click here to download the trial now.

Data Sheets and Literature

Contact Cisco

Support & Downloads