The Cisco Threat Grid is part of their Advanced Malware Protection (AMP) systems, and an extremely valuable piece of technology. Threat Grid is one of the most powerful tools yet invented for isolating malware, sandboxing it, and observing its behavior.
For IT and security officers at a business with a high risk of attack, such as those dealing in sensitive\valuable data, the Threat Grid is an invaluable tool. With it, you can prioritize threats, learn how to defeat specific malware attacks, backtrack vectors, and speed up your reporting afterwards.
While Cisco licensing is too complex to be easily covered in such a brief guide, in this blog we wanted to go over your options for acquiring Threat Grid, as well as the add-on products\services which could be licensed and help improve its benefits to your organization.
Understanding Cisco Threat Grid Purchasing And Licensing
I - Acquiring Threat Grid
Threat Grid is available via two routes. First, it's available as a Software-as-a-Service offering, and can be licensed for access directly via Cisco Cloud servers. The SaaS offerings vary in the number of files processed per day, based on licensing. These range from 500 to 10,000 files, with licensing terms of 1, 3, or 5 years.
Obviously, SaaS offerings require the network utilizing Threat Grid to have direct Internet connections. For private networks, Threat Grid is also available via two appliances - the 5004 and the 5504. These appliances are substantially similar, and only significantly vary in the number of files they can process per day - 1,500 for the 5004 and 5,000 for the 5504. Like the SaaS products, these can also be licensed for 1, 3, or 5 years at a time.
II - Upgrade Options For AMP Users
Cisco offers substantial discounts for existing Advanced Malware Protection users with various solutions installed, who decide to add Threat Grid to their SaaS offerings. Threat Grid can be added to:
- Cisco AMP for Endpoints
- Cisco AMP for Networks
- Cisco Adaptive Security Appliance (ASA) and Cisco FirePOWER appliances
- Next Generation Intrusion Prevention System (NGIPS)
- Cisco Email Security Appliance (ESA)
- Cisco Web Security Appliance (WSA)
III - Additional Features And Software Available for Threat Grid
Threat Grid has some additional offerings which can be added or utilized, depending on a company's needs. These include:
1. Private Tagging
Threat Grid relies on user-submitted files as part of its analytics. Having millions of users all submitting data allows Threat Grid to have such a robust database and wide range of response options to analyze. However, there are cases where a business may be dealing with files too sensitive to be added to a public cloud, even with anonymization.
In those cases, users can choose to add a "Private Tagging" license to their install, which is also available for 1, 3, or 5 years. This allows any files to be flagged as "private" and prevented from joining the public cloud.
Users seeking absolute privacy for all their files should look at the 5004 and 5504 appliances instead.
2. Threat Grid API
An API to improve use of Threat Grid is available for all licensed users. The API can allow for integration of Threat Grid with third-party security solutions, as well as adding automation features for activities such as sample submissions.
As long as the Threat Grid SaaS account or appliance is properly licensed, the API is available for no additional charge.
Cisco: World-Class Security For Those Who Need The Best
Cisco remains at the forefront of data security research, investigation, analysis, and defense systems. Those who believe their companies to be at high risk for data intrusion, or other malware attack, would be well-served by Cisco's wide range of cutting-edge security products like the Threat Grid.
To learn more about how Cisco security can help keep your operations safe, contact Hummingbird Networks for a full consultation.