Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco Threat Response

Security that works together

Don't clone your security team--get Cisco Threat Response instead. Threat Response automates integrations across select Cisco Security products and accelerates key security operations functions: detection, investigation, and remediation. It is a key pillar of our integrated security architecture.

Get more value from your Cisco Security investment when the products work together to save you time and manual effort--especially when you are under attack and time matters most.

Benefits of Cisco Threat Response

Unleash the full power of our integrated security architecture with Cisco Threat Response.

Out-of-box integrations

Get more from your Cisco Security investments when they are already working together.

Designed for your SOC

Reduce the burden on your other security products and make them work better.

Save time and effort

Speed cyber investigations significantly and take corrective action immediately.

No additional cost

Get it today with integrated Cisco Security product licenses.

Try Now

Cisco Threat Response aggregates cyber threat intelligence from various sources into a single application. It helps you quickly access all the tools in your arsenal, including your other Cisco security products. It makes it easier and faster to detect, investigate and remediate threats.

New to Cisco Security?

If you don’t own a Cisco Security product yet, you can start by improving your first line of defence. Request a free trial:

Umbrella Trial

AMP Trial

Email Security Trial

NGFW Trial

Already a customer?

If you have Cisco AMP for Endpoints, Cisco Umbrella, Cisco Email Security, Cisco Next-Generation Firewall or Cisco Threat Grid, you can use Cisco Threat Response for free. Log in or create your account now.

Log in

Key features

Aggregated threat intelligence

Cisco Threat Response integrates threat intelligence from Cisco Talos and third-party sources to automatically research indicators of compromise (IOCs) and confirm threats quickly.

Automated enrichment

Cisco Threat Response adds context from integrated Cisco Security products automatically so you know instantly which of your systems was targeted and how.

Intuitive, interactive visualisations

Cisco Threat Response shows your results on intuitive, configurable graphs for better situational awareness and quick conclusions.

Incident tracking

Cisco Threat Response provides the capability you need to collect and store key investigation information, and to manage and document your progress and findings.

Seamless drill-down

Cisco Threat Response makes it easy to continue deeper investigations into integrated Cisco Security products. Want to see exactly where that malicious file went? One click and you are inside Cisco AMP for Endpoints with everything you need to know about its trajectory.

Direct remediation

Cisco Threat Response lets you take corrective action directly from its interface. Block suspicious files, domains, and more--without having to log in to another product first.

Resources, demos, and webinars

From breached to blocked

Learn how security integration leads to faster breach response.

Essentials

Let us surprise you with what Cisco Threat Response can do. Here are two must-see videos to explain what it's all about and why you need it.

ThreatWise TV

How about an engaging interview and demonstration of Cisco Threat Response led by our very own Jason Wright?

Threat hunting report

Discover the ins and outs of threat hunting and get a how-to guide for creating a threat hunting team at your organisation.

What the experts are saying

4 reasons to choose Cisco Security

Cisco is making security simpler and more effective. Learn about our newest innovations.  

Email security integration

Read our blog to learn how Threat Response integrates with Cisco Email Security for faster detection.

Open source integrations

Check out the Threat Response open-source integrations you can use to improve your security posture today.

Key integrations

Cisco AMP for Endpoints

Want to know which systems were affected by that malicious file? Integrate AMP for Endpoints with Threat Response and you’ll spot them right away... and then be able to secure them.

Cisco Umbrella

Need to know which devices connected to that malicious domain? Integrate Umbrella with Threat Response and you’ll see that too... and be able to block those domains.

Cisco Firepower

Wonder which alerts are the most critical to investigate? Integrate Firepower NGFW/NGIPS with Threat Response and you’ll get those high-fidelity events.

Cisco Email Security

Want to find out who sent that malicious email attachment? Integrate Email Security with Threat Response and you’ll find out everyone who sent it and so much more.

Cisco Threat Grid

Curious if anyone else has seen that file and knows why it is suspicious? Integrate Threat Grid with Threat Response and get detailed intelligence about malware, associated paths, and more.

Third-party integrations

Does Threat Response work with anything else? Integrate other security products and threat intelligence feeds with Threat Response through its robust APIs. It’s not always about Cisco.

Services

Incident Response Services

An effective security operations centre is not just about great technology. It’s about how your people, processes, and technology work together to identify threats and swiftly take corrective action. Let Cisco Incident Response Services help you prepare for, manage, and recover from network attacks and data breaches.