Empower your security team with context-rich intelligence to quickly recover from and proactively defend against attacks. Available as either a cloud-based software as a service or an on-premises appliance, Cisco AMP Threat Grid combines advanced malware analysis with deep threat analytics and content for a global view of threat activity in your environment.
Features and Capabilities
Advanced Threat Intelligence and Analysis
AMP Threat Grid delivers context-driven security analytics to accurately identify attacks in near real time. The product securely analyzes millions of files and correlates them against hundreds of millions of other analyzed malware artifacts. Customers gain a global view of malware attacks, campaigns, and their distribution.
Detailed reports identify key behavioral indicators and determine threat scores for faster prioritization and recovery from advanced attacks.
Behavioral Indicator Creation and Threat Score
Arm your team to prioritize and respond rapidly and efficiently with confidence. Over 300 indicators produced through static and dynamic analysis covering malware families, malicious behavior, and more can ensure analysis is accurate and specific.
Threat score, a reflection of maliciousness, delivers detailed descriptions and actionable information to gain deep knowledge and insight into malware behavior and various attack techniques. Proprietary analysis and algorithms determine the confidence and severity of a threat by a score for better prioritization.
Premium Content Feeds
Automate for faster detection and response. Easily integrate premium feeds into existing security infrastructures such as security information and event management (SIEM), intrusion detection systems (IDS), gateways, and proxies for faster detection and blocking of malware.
AMP Threat Grid analyzes millions of samples monthly and distills terabytes of rich, actionable content into clearly categorized and easily consumable content feeds. The feeds, delivered in standard formats, are easy to operationalize and automate.
Advanced Search, Correlation, and Reporting
AMP Threat Grid can enable accurate detection and defense against advanced attacks. Robust search, correlation, and reporting capabilities provide detailed information on current and historical malware artifacts, indicators, and samples. Detailed analysis reports include all malware sample activities, including network traffic and artifacts.
Flexible and Scalable
AMP Threat Grid is designed to meet the advanced threat protection needs of any organization. With a powerful and easy to use REST API, AMP Threat Grid seamlessly integrates with your existing security infrastructure, and is available as either an on-premises appliance or a cloud-based solution.
Specifications at a Glance
Supported file types for analysis:
- PE32 files – executable (.EXE), libraries (.DLL)
- Java archives (.JAR)
- Portable document format (.PDF)
- Office documents: .RTF, .DOC(X), .XLS(X), .PPT(X)
- ZIP (.ZIP) as a container
- URLs: Internet shortcut files or URLs
- HTML documents
- Windows XP
- Windows 7
- Application version support