Page 78 - CSEW
P. 78
AMP Threat Grid
Feeds Dynamic Malware Analysis and Threat Intelligence to the Cisco
AMP Solution
1001 1101 1110011 0110011 101000 0110 00 1101 1110011 0110011 101000 0110 00
1001
AMP Threat Grid platform
Actionable threat content and
Low Prevalence Files 101000 0110 00 0111000 111010011 101 1100001 110nable Intelligence
Actio
101000 0110 00 0111000 111010011 101 1100001 110
correlates the sample
intelligence is generated that can
result with millions
be packaged and integrated in to
1100001110001110 1001 1101 1110011 0110011 101000 0110 00101000 0110 00 0111000 111010011 101 1100001 110
a variety of existing systems or
of other samples and
billions of artifacts
Analyst or system (API) submits suspicious used independently. Threat Score/Behavioral Indicators
sample to Threat Grid Big Data Correlation Threat Feeds
An automated engine observes, deconstructs,
and analyzes using multiple techniques
Actionable threat content and
AMP Threat Grid platform Sample and Artifact Intelligence Database intelligence is generated that
correlates the sample result with can be used by AMP, or
millions of other samples and packaged and integrated into a
billions of artifacts variety of existing systems or
used independently.
Proprietary techniques for
static and dynamic analysis
“Outside looking in” approach
350 Behavioral Indicators
© 2016 Engage ESM All Rights Reserved 86
