2 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

3 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

§  Explain AMP ThreatGRID as an architecture §  Demo AMP ThreatGRID

Agenda

4 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Malware Analysis and Threat Intelligence Solution

5 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

ThreatGRID Advantage Unified Malware Analysis and Threat Intelligence – Key Features

•  Proprietary analysis delivers unparalleled insight into malicious activity •  High-speed, automated analysis and adjustable runtimes •  Does not expose any tags or indicators that malware can use to detect that it is being observed

•  100,000s of samples analyzed daily (6-10 million per month) •  SaaS delivery (no hardware) or Appliance (as needed)

•  Search and correlate all data elements of a single sample against billons of sample artifacts collected and analyzed over years (global and historic context)

•  Enable the analyst to better understand the relevancy of sample in question to one’s environment

•  Clearly presented information for all levels of the IT Security team: Tier 1-3 SOC Analysts, Incident Responders & Forensic Investigators, and Threat Intel Analysts

•  Web portal, Glovebox (User Interaction), Video Replay, Threat Score, Behavioral Indicators and more

•  Architected from the ground up with an API to integrate with existing IT security solutions (Automatically receive submissions from other solutions and pull the results into your environment)

•  Create custom threat intelligence feeds with context or leverage automated batch feeds

Data Fidelity & Performance

Scalability & Flexibility

Context & Data Enrichment

Usability

Integration & Architecture

6 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

ThreatGRID Connectivity: Cloud SaaS Model

Can Be Access via a Web Browser

Security tools can access and integrate using the ThreatGRID API

Files can be submitted for analysis All of the results can be easily retrieved Samples can be compared and searched for

The analyst can also interact with the sample and change the runtime from 5 to 30 minutes

Malware analysis, threat intelligence correlation and feeds retrieval can be automated and integrated with existing security solutions

Threat intelligence can be enriched

7 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

ThreatGRID Connectivity: Appliance Model

Can Be Access via a Web Browser

Security tools can access and integrate using the ThreatGRID API

Files can be submitted for analysis All of the results can be easily retrieved Samples can be compared and searched for

The analyst can also interact with the sample and change the runtime from 5 to 30 minutes

Malware analysis, threat intelligence correlation and feeds retrieval can be automated and integrated with existing security solutions

Threat intelligence can be enriched But no data is sent to cloud from appliance

8 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Advanced Malware Protection Everywhere

AMP Threat Grid Malware Analysis and Intelligence

Dedicated FirePOWER Appliance

Web & Email Security Appliances

Private Cloud

Cloud Based Web Security & Hosted Email

Mac OS X

Virtual Mobile PC

FirePOWER Services on ASA

Enterprise Capabilities

Continuous & Zero-Day Detection

Advanced Analytics And Correlation

9 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Demo

10 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

11 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Thank you.