Page 75 - CSI - Cisco Security Introduction
P. 75
AMP Threat Grid
Feeds Dynamic Malware Analysis and Threat Intelligence to the Cisco AMP Solution
1001 1101 1110011 0110011 101000 0110 00
1001 1101 1110011 0110011 101000 0110 00
AMP Threat Grid platform
Low Prevalence Files Actionable threat content and Actionable Intelligence
101000 0110 00 0111000 111010011 101 1100001 110
101000 0110 00 0111000 111010011 101 1100001 110
correlates the sample
intelligence is generated that can
result with millions
be packaged and integrated in to
1100001110001110 1001 1101 1110011 0110011 101000 0110 00 101000 0110 00 0111000 111010011 101 1100001 110
a variety of existing systems or
of other samples and
billions of artifacts
Analyst or system (API) submits used independently. Threat Score/Behavioral Indicators
suspicious sample to Threat Grid Big Data Correlation Threat Feeds
An automated engine observes, deconstructs,
and analyzes using multiple techniques
Actionable threat content and
AMP Threat Grid platform Sample and Artifact Intelligence Database intelligence is generated that
correlates the sample result can be used by AMP, or
with millions of other samples packaged and integrated into
and billions of artifacts a variety of existing systems
or used independently.
Proprietary techniques for static
and dynamic analysis
“Outside looking in” approach
350 Behavioral Indicators
©
© 2018 Engage ESM All Rights Reserved 2018 Engage ESM All Rights Reserved
