Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    Cisco Rolls Out Threat Intelligence, Incident Response Services

    Written by

    Sean Michael Kerner
    Published April 7, 2015
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      In the modern world of security threats, intelligence and the ability to rapidly respond to incidents are the keys to survival. To that end, Cisco today announced new threat intelligence and incident response services.

      The new capabilities come to Cisco thanks in part to the integration of technologies from ThreatGrid, a company Cisco acquired in May 2014. Helping to push forward the new threat intelligence capabilities is
      co-founder and former CTO of ThreatGrid Dean De Beer, who is now principal engineer of Advanced Threat Solutions, AMP ThreatGrid at Cisco.

      The AMP (Advanced Malware Protection) platform is now being expanded with the help of ThreatGrid’s platform. The original AMP product was first integrated into Cisco’s security portfolio in February 2014, after the $2.7 billion acquisition of SourceFire in 2013.

      “There is now an integration of AMP with the ThreatGrid platform that I developed,” De Beer told eWEEK.

      AMP is a file reputation, behavior and sandbox technology, and the expanded AMP ThreatGrid integration provides additional malware analysis and intelligence capabilities. An enterprise can manually submit a potential malware sample for analysis, and once the analysis is complete, the system can determine where else the sample can be found on the network to perform full remediation, according to De Beer. The AMP system provides the ability for an organization to do a retrospective analysis to potentially help determine the source of infection, he added.

      In addition to the manual submission, there is now a new low-prevalence file submission feature. De Beer explained that the low-prevalence feature is a way for an organization to automatically submit files to AMP for analysis based on certain criteria.

      “Files that are unique or seldom seen that have certain characteristics and that might be of interest are automatically submitted to ThreatGrid,” he said. “The samples are scored, and when a certain threshold is met, we change the disposition of the file.”

      For example, a file could come into the AMP system as being unknown and then, after analysis, AMP determines the file is in fact malicious. De Beer explained that by changing the file’s disposition, AMP automatically kicks off a retrospective analysis across an organization’s infrastructure searching for any other signs of the file and taking remediation actions against the file.

      “The added benefit of ThreatGrid is that we’re not just analyzing the files that are coming from AMP, whether those files were submitted manually or automatically,” De Beer said. “We’re seeing hundreds of thousands of samples going through our own infrastructure every day, and they all go through the same analysis and disposition changes.”

      The information from the ThreatGrid analysis gets pushed into the AMP cloud, where it is used to help secure the broader base of Cisco AMP customers. ThreatGrid integration with AMP also enables users to query for a given technology item, which could include a file hash or a URL.

      “So as you search with the AMP console, you not only search your infrastructure for the data, but also the ThreatGrid infrastructure,” De Beer said.

      Incident Response

      Being able to detect security incidents is only one part of the modern security challenge, with another key part being the ability to actually respond to incidents. As such, Cisco is formally launching its own incident response services to help companies both respond to and prepare for security incidents.

      Paul Davis, director of the Advanced Threats Security Solutions Architecture Team at Cisco, explained that the preparation component of the incident response services is about helping organizations have the right people, processes and infrastructure in place to deal with security incidents.

      There are multiple vendors in the incident response market today, including FireEye’s Mandiant division and Rapid7, which recently entered the market.

      “The market for incident response is big, and we do think we have some unique differentiators, based upon our history, experience and tools,” Davis told eWEEK. “We have tools like ThreatGrid and the infrastructure that is enabled to support it.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and writer for several leading IT business web sites.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.