View
116
Download
0
Category
Tags:
Preview:
Citation preview
3 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
§ Explain AMP ThreatGRID as an architecture § Demo AMP ThreatGRID
Agenda
4 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Malware Analysis and Threat Intelligence Solution
5 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ThreatGRID Advantage Unified Malware Analysis and Threat Intelligence – Key Features
• Proprietary analysis delivers unparalleled insight into malicious activity • High-speed, automated analysis and adjustable runtimes • Does not expose any tags or indicators that malware can use to detect that it is being observed
• 100,000s of samples analyzed daily (6-10 million per month) • SaaS delivery (no hardware) or Appliance (as needed)
• Search and correlate all data elements of a single sample against billons of sample artifacts collected and analyzed over years (global and historic context)
• Enable the analyst to better understand the relevancy of sample in question to one’s environment
• Clearly presented information for all levels of the IT Security team: Tier 1-3 SOC Analysts, Incident Responders & Forensic Investigators, and Threat Intel Analysts
• Web portal, Glovebox (User Interaction), Video Replay, Threat Score, Behavioral Indicators and more
• Architected from the ground up with an API to integrate with existing IT security solutions (Automatically receive submissions from other solutions and pull the results into your environment)
• Create custom threat intelligence feeds with context or leverage automated batch feeds
Data Fidelity & Performance
Scalability & Flexibility
Context & Data Enrichment
Usability
Integration & Architecture
6 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ThreatGRID Connectivity: Cloud SaaS Model
Can Be Access via a Web Browser
Security tools can access and integrate using the ThreatGRID API
Files can be submitted for analysis All of the results can be easily retrieved Samples can be compared and searched for
The analyst can also interact with the sample and change the runtime from 5 to 30 minutes
Malware analysis, threat intelligence correlation and feeds retrieval can be automated and integrated with existing security solutions
Threat intelligence can be enriched
7 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ThreatGRID Connectivity: Appliance Model
Can Be Access via a Web Browser
Security tools can access and integrate using the ThreatGRID API
Files can be submitted for analysis All of the results can be easily retrieved Samples can be compared and searched for
The analyst can also interact with the sample and change the runtime from 5 to 30 minutes
Malware analysis, threat intelligence correlation and feeds retrieval can be automated and integrated with existing security solutions
Threat intelligence can be enriched But no data is sent to cloud from appliance
8 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Advanced Malware Protection Everywhere
AMP Threat Grid Malware Analysis and Intelligence
Dedicated FirePOWER Appliance
Web & Email Security Appliances
Private Cloud
Cloud Based Web Security & Hosted Email
Mac OS X
Virtual Mobile PC
FirePOWER Services on ASA
Enterprise Capabilities
Continuous & Zero-Day Detection
Advanced Analytics And Correlation
Recommended