Cisco ThreatGrid: Malware Analysis and Threat Intelligence
1 like2,181 views
AMP ThreatGRID is a unified malware analysis and threat intelligence solution that analyzes 100,000 samples daily. It delivers insights through proprietary analysis without exposing indicators to malware. The solution can be delivered as a SaaS or appliance model and integrates with security tools through an API. It allows malware samples to be submitted, analyzed, and compared to identify relevancy to an organization's environment. Analysts can interact with samples by adjusting runtimes and view analysis results through a web portal.
Cisco ThreatGrid: Malware Analysis and Threat Intelligence
- 2. 2© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
- 3. 3© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential § Explain AMP ThreatGRID as an architecture § Demo AMP ThreatGRID Agenda
- 4. 4© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Malware Analysis and Threat Intelligence Solution
- 5. 5© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ThreatGRID Advantage Unified Malware Analysis and Threat Intelligence – Key Features • Proprietary analysis delivers unparalleled insight into malicious activity • High-speed, automated analysis and adjustable runtimes • Does not expose any tags or indicators that malware can use to detect that it is being observed • 100,000s of samples analyzed daily (6-10 million per month) • SaaS delivery (no hardware) or Appliance (as needed) • Search and correlate all data elements of a single sample against billons of sample artifacts collected and analyzed over years (global and historic context) • Enable the analyst to better understand the relevancy of sample in question to one’s environment • Clearly presented information for all levels of the IT Security team: Tier 1-3 SOC Analysts, Incident Responders & Forensic Investigators, and Threat Intel Analysts • Web portal, Glovebox (User Interaction), Video Replay, Threat Score, Behavioral Indicators and more • Architected from the ground up with an API to integrate with existing IT security solutions (Automatically receive submissions from other solutions and pull the results into your environment) • Create custom threat intelligence feeds with context or leverage automated batch feeds Data Fidelity & Performance Scalability & Flexibility Context & Data Enrichment Usability Integration & Architecture
- 6. 6© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ThreatGRID Connectivity: Cloud SaaS Model Can Be Access via a Web Browser Security tools can access and integrate using the ThreatGRID API Files can be submitted for analysis All of the results can be easily retrieved Samples can be compared and searched for The analyst can also interact with the sample and change the runtime from 5 to 30 minutes Malware analysis, threat intelligence correlation and feeds retrieval can be automated and integrated with existing security solutions Threat intelligence can be enriched
- 7. 7© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ThreatGRID Connectivity: Appliance Model Can Be Access via a Web Browser Security tools can access and integrate using the ThreatGRID API Files can be submitted for analysis All of the results can be easily retrieved Samples can be compared and searched for The analyst can also interact with the sample and change the runtime from 5 to 30 minutes Malware analysis, threat intelligence correlation and feeds retrieval can be automated and integrated with existing security solutions Threat intelligence can be enriched But no data is sent to cloud from appliance
- 8. 8© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Advanced Malware Protection Everywhere AMP Threat Grid Malware Analysis and Intelligence Dedicated FirePOWER Appliance Web & Email Security Appliances Private Cloud Cloud Based Web Security & Hosted Email Mac OS X VirtualMobile PC FirePOWER Services on ASA Enterprise Capabilities Continuous & Zero-Day Detection Advanced Analytics And Correlation
- 9. 9© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Demo
- 10. 10© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
- 11. 11© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
- 12. Thank you.