Cisco Cisco AMP Threat Grid 5004 Appliance Guía De Información
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 3
Solution
Out of the many malware analysis platforms in the market, CIS chose Cisco AMP Threat Grid, which combines
dynamic malware analysis and threat intelligence in a single solution. It also provides real-time behavior analysis
and up-to-the-minute threat intelligence feeds, so CIS can respond quickly to its members.
dynamic malware analysis and threat intelligence in a single solution. It also provides real-time behavior analysis
and up-to-the-minute threat intelligence feeds, so CIS can respond quickly to its members.
Baykal describes the solution as one that has the ability and ease to pivot around different malware samples in
many different ways. “With Threat Grid, we can analyze a malware sample, and through just a click of a mouse
button, pivot from a specific indicator and pull all the different malware samples that have the same indicator.” This
gives CIS the ability to understand what the malware is doing or attempting to do, the scope of the threat it poses,
and how to defend against it.
many different ways. “With Threat Grid, we can analyze a malware sample, and through just a click of a mouse
button, pivot from a specific indicator and pull all the different malware samples that have the same indicator.” This
gives CIS the ability to understand what the malware is doing or attempting to do, the scope of the threat it poses,
and how to defend against it.
CIS uses Threat Grid to identify malicious code that is designed to evade analysis and analyze samples in real
time with proprietary techniques that include static and dynamic analysis. In addition, the solution uses behavioral
indicators and a malware knowledge base sourced from around the globe to identify whether a sample is
malicious, suspicious, or benign—and why.
time with proprietary techniques that include static and dynamic analysis. In addition, the solution uses behavioral
indicators and a malware knowledge base sourced from around the globe to identify whether a sample is
malicious, suspicious, or benign—and why.
Using this context-rich threat content, the solution helps CIS understand specific threats that may need deeper
analysis through Threat Grid. If there is an indicator for a specific domain, URL, or IP address, Threat Grid can
provide thousands of indicators and malware samples, so CIS can identify whether or not it is a common threat.
“Threat Grid provides the context we need to understand who is behind this attack and whether this specific threat
is more general or targeted at a certain entity,” says Baykal. “The solution helps us cluster threat information and
turn it into meaningful data. It allows us to correlate different malware samples in unique ways that tell us more
about the malware and what we’re dealing with.”
analysis through Threat Grid. If there is an indicator for a specific domain, URL, or IP address, Threat Grid can
provide thousands of indicators and malware samples, so CIS can identify whether or not it is a common threat.
“Threat Grid provides the context we need to understand who is behind this attack and whether this specific threat
is more general or targeted at a certain entity,” says Baykal. “The solution helps us cluster threat information and
turn it into meaningful data. It allows us to correlate different malware samples in unique ways that tell us more
about the malware and what we’re dealing with.”
Another capability of Threat Grid that Baykal and his team appreciate is the solution’s feature-rich API. “We built a
completely different front end and customized the solution’s infrastructure to better serve the specific needs of our
team and our members through role-based access controls,” says Baykal. The front end is named MCAP, which
stands for malicious code analysis platform. “MCAP enables our members to build communities so that their
incident response teams can submit and tag malware samples, and see other ones without sharing the specific
nature of their samples with other community members.”
completely different front end and customized the solution’s infrastructure to better serve the specific needs of our
team and our members through role-based access controls,” says Baykal. The front end is named MCAP, which
stands for malicious code analysis platform. “MCAP enables our members to build communities so that their
incident response teams can submit and tag malware samples, and see other ones without sharing the specific
nature of their samples with other community members.”
“We wanted a partner we could trust with a scalable infrastructure that could handle hundreds of thousands of
malware samples a day. And that’s exactly what this solution provides for us,” says Baykal. “The depth of analysis
is just what we needed, as was the ability to customize the solution for our members.”
malware samples a day. And that’s exactly what this solution provides for us,” says Baykal. “The depth of analysis
is just what we needed, as was the ability to customize the solution for our members.”
“We wanted a partner we could trust with a scalable infrastructure that
could handle hundreds of thousands of malware samples a day. And
that’s exactly what this solution provides for us.”
could handle hundreds of thousands of malware samples a day. And
that’s exactly what this solution provides for us.”
— Adnan Baykal, Vice President, Security Services, Center for Internet Security