Usman Din, CSE, focused on Cisco ThreatGrid at Cisco Connect Toronto.

2. 2© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

3. 3© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
§ Explain AMP ThreatGRID as an architecture
§ Demo AMP ThreatGRID
Agenda

4. 4© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Malware Analysis and Threat Intelligence Solution

5. 5© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ThreatGRID Advantage
Unified Malware Analysis and Threat Intelligence – Key Features
• Proprietary analysis delivers unparalleled insight into malicious activity
• High-speed, automated analysis and adjustable runtimes
• Does not expose any tags or indicators that malware can use to detect that it is being observed
• 100,000s of samples analyzed daily (6-10 million per month)
• SaaS delivery (no hardware) or Appliance (as needed)
• Search and correlate all data elements of a single sample against billons of sample artifacts collected and analyzed
over years (global and historic context)
• Enable the analyst to better understand the relevancy of sample in question to one’s environment
• Clearly presented information for all levels of the IT Security team: Tier 1-3 SOC Analysts, Incident Responders &
Forensic Investigators, and Threat Intel Analysts
• Web portal, Glovebox (User Interaction), Video Replay, Threat Score, Behavioral Indicators and more
• Architected from the ground up with an API to integrate with existing IT security solutions (Automatically receive
submissions from other solutions and pull the results into your environment)
• Create custom threat intelligence feeds with context or leverage automated batch feeds
Data Fidelity &
Performance
Scalability & Flexibility
Context & Data
Enrichment
Usability
Integration &
Architecture

6. 6© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ThreatGRID Connectivity: Cloud SaaS Model
Can Be Access via a Web Browser
Security tools can access and
integrate using the ThreatGRID API
Files can be submitted for analysis
All of the results can be easily retrieved
Samples can be compared and searched for
The analyst can also interact with
the sample and change the runtime
from 5 to 30 minutes
Malware analysis, threat intelligence
correlation and feeds retrieval can
be automated and integrated with
existing security solutions
Threat intelligence can be enriched

7. 7© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ThreatGRID Connectivity: Appliance Model
Can Be Access via a Web Browser
Security tools can access and
integrate using the ThreatGRID API
Files can be submitted for analysis
All of the results can be easily retrieved
Samples can be compared and searched for
The analyst can also interact with
the sample and change the runtime
from 5 to 30 minutes
Malware analysis, threat intelligence
correlation and feeds retrieval can
be automated and integrated with
existing security solutions
Threat intelligence can be enriched
But no data is sent to
cloud from appliance

8. 8© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Advanced Malware Protection Everywhere
AMP Threat Grid Malware Analysis and Intelligence
Dedicated FirePOWER
Appliance
Web & Email
Security Appliances
Private Cloud
Cloud Based Web Security &
Hosted Email
Mac
OS X
VirtualMobile
PC
FirePOWER Services
on ASA
Enterprise
Capabilities
Continuous &
Zero-Day Detection
Advanced Analytics
And Correlation

9. 9© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Demo

10. 10© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

11. 11© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

12. Thank you.