Cisco AMP Threat Grid

Solution Overview
Cisco AMP Threat Grid allows users to determine if a file is malicious, benign or needs further investigation. Without such a tool, anti-virus platforms have no way of knowing the disposition of each file on the network, increasing the risk of malicious files being treated as trusted and infiltrating a network. By the time an organization gets an update to change a malware definition, its system might already face exposure. Threat intelligence accelerates the OODA (observe, orient, detect and act) loop, so customers can have advanced protection in real time.

Goals & Objectives

The purpose of this demo is to showcase Cisco AMP Threat Grid's threat intelligence capabilities and how the tool can be integrated with other platforms such as Tanium, Splunk and Phantom Cyber. In this demo, an unknown file is downloaded to a Cisco or Palo Alto on-prem firewall, which then uploads the file to Threat Grid for assessment scoring. The file is later loaded into Tanium, Splunk or Phantom Cyber, which allow information about malicious files to be shared across platforms using cloud-based APIs.

Hardware & Software

Cloud-based solution