Page 57 - CSI - Cisco Security Instroduction

Page 57 - CSI - Cisco Security Instroduction - BT

P. 57

AMP Threat Grid

Feeds Dynamic Malware Analysis and Threat Intelligence to the Cisco AMP Solution

1001 1101 1110011 0110011 101000 0110 00
1001 1101 1110011 0110011 101000 0110 00
Low Prevalence Files Actionable threat content and Actionable Intelligence
AMP Threat Grid platform
101000 0110 00 0111000 111010011 101 1100001 110
101000 0110 00 0111000 111010011 101 1100001 110
correlates the sample
intelligence is generated that can
result with millions
be packaged and integrated in to
1100001110001110 1001 1101 1110011 0110011 101000 0110 00101000 0110 00 0111000 111010011 101 1100001 110
a variety of existing systems or
of other samples and
Analyst or system (API) submits used independently. Threat Score/Behavioral Indicators
billions of artifacts
suspicious sample to Threat Grid Big Data Correlation Threat Feeds
An automated engine observes, deconstructs,
and analyzes using multiple techniques
Actionable threat content and
AMP Threat Grid platform Sample and Artifact Intelligence Database intelligence is generated that

correlates the sample result can be used by AMP, or
with millions of other samples packaged and integrated into
and billions of artifacts a variety of existing systems
or used independently.

▪ Proprietary techniques for static
and dynamic analysis

▪ “Outside looking in” approach

▪ 350 Behavioral Indicators

52 53 54 55 56 57 58 59 60 61 62