CISCO THREAT GRID
Threat Grid is Cisco’s unified malware analysis and
threat intelligence platform. The idea behind Threat Grid
is to present a combined analysis engine that can
leverage and unify multiple capabilities and multiple
infrastructures within an organization. It does this by
performing static and dynamic analysis and producing
reports and indicators that are human readable. File
records are uploaded typically via the portal or API, and
the output or results are usually consumed also via
content-rich threat intelligence feeds. Figure 11-11 shows
the various functions that Cisco Threat Grid performs.
Figure 11-11 Threat Grid in a Nutshell
Threat Grid integrates real-time behavioral analysis and
up-to-the-minute threat intelligence feeds with existing
security technologies to protect a network from both
known and unknown attacks. Threat Grid analyzes
suspicious files against more than 1000 behavioral
indicators and a malware knowledge base sourced from
around the world to provide more accurate, context-rich
threat analytics than ever before.
Figure 11-12 shows the Cisco Threat Grid solution
architecture.