Empower your security team with context-focused intelligence to quickly recover from and proactively defend against attacks. Cisco AMP Threat Grid is available as either a cloud-based software as a service solution, or an on-premises appliance. AMP Threat Grid Appliances combine advanced malware analysis with comprehensive threat analytics and content in one on-premise appliance. They are designed for organizations that have compliance or policy restrictions on submitting malware samples to the cloud.
Features and Capabilities
Get powerful, advanced malware analysis, comprehensive threat analytics, and compliance, all in one on-premise appliance. Information submitted to the AMP Threat Grid appliance, or generated during local analysis, is safely and more securely kept within the organization. A one-way continuous stream of federated data from the AMP Threat Grid-Cloud helps to ensure on-premise correlation with the full AMP Threat Grid dataset. It provides the malware protection you need while helping to ensure adherence to organizational requirements.
All information submitted to the on-premise appliance or generated during local analysis is safely and securely kept within the organization. And a one-way continuous stream of federated data from the AMP Threat Grid Cloud helps to ensure on-premise correlation with the full AMP Threat Grid dataset.
Advanced Threat Intelligence and Analysis
The AMP Threat Grid Appliance delivers context-driven security analytics to accurately identify attacks, in near real time. Files are securely analyzed and correlated against hundreds of millions of other analyzed malware artifacts to provide a global view of malware attacks, campaigns, and their distribution. Detailed reports identify key behavioral indicators and determine threat scores for faster prioritization and recovery from advanced attacks
Behavioral Indicator Creation and Threat Score
Arm your team to prioritize and respond rapidly and efficiently with confidence. Over 300 indicators produced through static and dynamic analysis covering malware families, malicious behavior, and more can ensure analysis is accurate and specific.
Threat score, a reflection of maliciousness, delivers detailed descriptions and actionable information to gain deep knowledge and insight into malware behavior and various attack techniques. Proprietary analysis and algorithms determine the confidence and severity of a threat by a score for better prioritization.
Advanced Search, Correlation, and Reporting
AMP Threat Grid Appliance can enable accurate detection and defense against advanced attacks. Robust search, correlation, and reporting capabilities provide detailed information on current and historical malware artifacts, indicators, and samples. Detailed analysis reports include all malware sample activities, including network traffic and artifacts.
Powerful API and Platform
Automate for faster detection and response. Use AMP Threat Grid Appliance to easily integrate premium feeds into existing security infrastructures such as security information and event management (SIEM), intrusion detection systems (IDS), gateways, and proxies for faster detection and blocking of malware.
Specifications at a Glance
- Cisco AMP Threat Grid 5000 Series
- Capacity 5000: Up to 1,500 samples per day
- Capacity 5500: Up to 5,000 samples per day
- General: Cisco UCS C220 M3 Chassis; 2 x E5-2697 CPUs (2.7 Ghz / 12-Core / 30 MB cache per CPU); 512 GB DDR3 RAM; 2 x 100 GB SSD (OS/apps); 6 x 1 TB 7.2K RPM HDD with LSI hardware RAID
- Interfaces: TBD
- Power: 2 x 650 Watt AC