Cisco AMP Threat Grid Appliance

On-Premises Malware Analysis, Threat Intelligence

Empower your security team with context-focused intelligence to quickly recover from and proactively defend against attacks. AMP Threat Grid Appliances combine advanced malware analysis with comprehensive threat analytics and content in one on-premises appliance. They are designed for organizations that have compliance or policy restrictions on submitting malware samples to the cloud.

Features and Capabilities

On-Premises Appliance

Get powerful, advanced malware analysis, comprehensive threat analytics, and compliance, all in one on-premises appliance. Information submitted to the AMP Threat Grid appliance, or generated during local analysis, is safely and more securely kept within the organization. It provides the malware protection you need while helping to ensure adherence to organizational requirements.

You also get the most up-to-date malware knowledgebase and behavioral indicators. The appliance has a manual update feature that allows it to stay current while maintaining compliance with corporate and regulatory restrictions.

Advanced Analytics

The AMP Threat Grid appliance delivers context-driven security analytics to accurately identify attacks, in near real time. Files are analyzed and correlated against hundreds of millions of other analyzed malware artifacts to provide a global view of malware attacks, campaigns, and their distribution. Detailed reports identify key behavioral indicators and determine threat scores for faster prioritization and recovery from advanced attacks.

Behavioral Indicators and Threat Score

Arm your team to prioritize and respond rapidly and efficiently with confidence. Over 450 indicators produced through static and dynamic analysis covering malware families, malicious behavior, and more can ensure analysis is accurate and specific.

Threat score, a reflection of maliciousness, delivers detailed descriptions and actionable information to gain deep knowledge and insight into malware behavior and various attack techniques. Proprietary analysis and algorithms determine the confidence and severity of a threat by a score for better prioritization.

Advanced Search, Correlation, and Reporting

AMP Threat Grid Appliance provides accurate detection of advanced malware attacks. Robust search, correlation, and reporting capabilities provide detailed information on current and historical malware artifacts, indicators, and samples. Detailed analysis reports include all malware sample activities, including network traffic and artifacts.

Powerful API and Platform

Automate for faster detection and response. Use the REST API in conjunction with the appliance to easily integrate premium feeds into existing security infrastructures such as security information and event management (SIEM), intrusion detection systems (IDS), gateways, and proxies for faster detection and blocking of malware.

Specifications at a Glance

Cisco AMP Threat Grid 5000 Series

• Capacity 5000: Up to 1500 samples per day
• Capacity 5500: Up to 5,000 samples per day
• General: Cisco UCS C220 M3 Chassis; 2 x E5-2697 CPUs (2.7 Ghz / 12-Core / 30 MB cache per CPU); 512 GB DDR3 RAM; 2 x 100 GB SSD (OS/apps); 6 x 1 TB 7.2K RPM HDD with LSI hardware RAID
• Interfaces: TBD
• Power: 2 x 650 Watt AC

Additional Resources

Additional Resources