Cisco AMP Threat Grid

Hierarchical Navigation

Edge to Endpoint Malware Analysis

Threat Grid provides a common analysis platform across your security infrastructure. (2:08 min)

Major news organisations, analyst reports, and companies have all confirmed a new era of intrusions, theft, and malicious attacks. The most advanced threats are disguised, evading defences, waiting for days or even months before striking. Security teams are challenged with detecting these advanced threats, then analyzing and blocking them. In the meantime, how much damage is being done?

AMP Threat Grid combines static and dynamic malware analysis with threat intelligence into one unified solution. You get timely, in-depth information you need to protect your business from malware of all types. It integrates real-time behavioral analysis and up-to-the-minute threat intelligence feeds with existing security technologies, protecting you from both known and unknown attacks.

AMP Threat Grid analyses suspicious behavior in your network against more than 450 behavioral indicators and a malware knowledge base sourced from around the world. As a result, AMP Threat Grid provides more accurate, context-rich analytics into malware than ever before.

AMP Threat Grid is delivered as a cloud-based or on-premises solution. It helps organisations understand what malware is doing or attempting to do, how large a threat it poses, and how to defend against it.


Analyzing Global Malware Trends

MS-ISAC automates malware analysis for 19,000 state & local governments. (3:30 min)

Watch Video

Get Continuous Protection

Learn how Cisco addresses advanced attacks with continuous threat protection. (40:33 min.)

Watch Video

Cisco AMP Threat Grid gives you deeper insight for stronger defense with malware analysis, so you can:

  • Accurately identify attacks in near real time with context-focused security analytics
  • Defend against threats from anywhere with the scale and power of a cloud service that analyses millions of threats daily
  • Accelerate threat detection and incident response capabilities with an easy-to-use REST API
  • Improve existing security investments with pre-packaged and custom threat intelligence feeds
  • Integrate with existing third-party security technologies, and take advantage of AMP Threat Grid's integration across the Cisco security portfolio

Cisco AMP Threat Grid is available as a highly secure, on-premises appliance that does not transmit data outside the enterprise, helping to ensure you safeguard sensitive or compliance-protected data.

Cisco Advanced Malware Protection (AMP) for Networks

AMP for Networks goes beyond point-in-time detection to provide visibility and control and protect against highly sophisticated, targeted, zero-day, and persistent advanced malware threats. The integration of AMP Threat Grid can ensure unknown files are immediately analysed by our malware analysis engines. Analysis results are shared across your AMP infrastructure, providing an integrated set of controls that protect across the attack continuum.

ASA with FirePOWER Services

AMP Threat Grid has been integrated with the industry's first adaptive, threat-focused next-generation firewall (NGFW), Cisco ASA with FirePOWER Services. AMP Threat Grid's malware analysis engines are combined with ASA proven firewall protection in a single device. This gives you automated sandboxing of unknown files as they attempt to enter the network, including inspecting encrypted traffic.

Cisco AMP for Endpoints

AMP Threat Grid provides on-demand dynamic malware analysis capabilities for users. It also provides a threat score for the submission. Users can download the packet capture (PCAP) and sample report for further analysis.

AMP Private Cloud

If your organisation has high privacy requirements that restrict using a public cloud, the Cisco Advanced Malware Protection (AMP) Private Cloud Virtual Appliance is an on-premises, air-gapped option. As of version 2.2, AMP Threat Grid is integrated into Private Cloud providing highly secure, on premises malware analysis. Any file analysed remains within your logical boundary.

Email and Web Security

Web and email remain the top threat vectors for malware to penetrate defences. AMP Threat Grid has been integrated into Cisco's Email and Web Security solutions, enhancing detection malware using AMP Threat Grid's static and dynamic malware analysis technologies.

AMP Threat Grid is available as either an on-premise or cloud-based solution. Customers can upgrade to a full AMP Threat Grid subscription to access the API for further integrations and receive premium threat intelligence feeds.

Meraki MX

AMP Threat Grid is integrated with Meraki’s MX cloud-managed security appliance. Threat Grid’s dynamic malware analysis is combined with the Meraki UTM to provide deep visibility into threats across all branch locations and remote offices. Providing a simplified security management experience with advanced threat capabilities, Threat Grid for Meraki MX allows security teams to better understand, prioritise, and mitigate attacks.

OpenDNS Umbrella

AMP Threat Grid has been integrated with OpenDNS to provide all malicious domains discovered during analysis. Using Umbrella, customers can proactively block these known malicious domains from communicating with their infrastructure.

Cisco Cognitive Threat Analytics

This cloud-based solution addresses gaps in perimeter-based defences. It identifies the symptoms of a malware infection or data breach using behavioral analysis and anomaly detection. It also uses advanced statistical modeling and machine learning to independently identify new threats, learn from what it sees, and adapt over time.

The solution examines logs and correlates suspicious incidents into threats. For confirmed findings that are correlated across more than a single user, it will query AMP Threat Grid for domains, IP address, behavioral indicators, and related threat artifacts to augment its reports, while making an inferences of damage that possibly occurred on the infected device.

Other Products

AMP subscribers may add the full AMP Threat Grid-Cloud functionality, including threat intelligence feeds as part of their enterprise license agreement.

Our partner ecosystem makes it easier for you to automate sample submissions from your existing security technologies and improve your infrastructure with our API. The powerful malware analysis and threat intelligence capabilities of AMP Threat Grid have been integrated into the following best-of-class security technologies.

  • Acuity Solutions BluVector
  • Fidelis
  • Guidance Software EnCase Cybersecurity
  • HP ArcSight
  • IBM QRadar
  • Log Rhythm Security Intelligence Platform
  • Malformity Labs Maltego
  • McAfee Nitro
  • Phantom
  • RSA Security Analytics
  • Splunk Enterprise
  • TrapX DeceptionGrid
  • TripWire Enterprise 360

Additional Resources

Let Us Help

Follow Us

Get Threat Grid for Meraki MX

See how AMP and Threat Grid bring advanced threat capabilities to the Meraki MX.

Learn More

Webinar: Move Beyond the Sandbox

Learn how to integrate and automate your malware analysis

Reserve Your Spot

Solve the Attack Puzzle

Learn how to use automated malware analysis to drive incident response

Register for Webinar

Strengthen Your Malware Security

Beyond the sandbox- learn how to optimize your edge-to-endpoint security.

Read Whitepaper