Feature Briefs

Cisco Umbrella AMP Threat Grid Integration

Issue link: https://learn-umbrella.cisco.com/i/718749

Contents of this Issue

Navigation

Page 0 of 1

Take faster action on newly discovered malicious domains by leveraging a turn-key integration between Cisco Umbrella and Cisco AMP Threat Grid. Through security automation, dwell time is reduced from hours or days to only minutes. And by gaining internet-wide visibility in real-time, you will discover more compromised systems. Reduce attack dwell time by eliminating manual configuration Every minute, Cisco AMP Threat Grid discovers new malicious domains from files submitted by customers and partners. These domains are the destinations of command & control (C2) callbacks from compromised systems that are used to exfiltrate data to the attacker's botnet infrastructure. You can protect against breaches by taking action on this threat intelligence or this data might lie dormant in Threat Grid because manually configuring appliance and agent- based threat defenses is slow and impossible to maintain. By leveraging our integration, malicious domains that have a very high Threat Grid confidence score and pass Umbrella's false positive filters will be automatically added to the Umbrella cloud-delivered enforcement service. Hours of data entry are gone! About AMP Threat Grid Threat Grid is a cloud-based unified malware analysis and threat intelligence system that identifies key behavioral indicators, providing accurate threat content enriched with global and historical context. By the numbers • 6-10 million files analyzed monthly • 7.5 minutes on average to analyze a single file • 1,000 files analyzed in 15 minutes For more information, please visit cisco.com/go/amptg About Cisco Umbrella Umbrella is a cloud security platform that is built into the foundation of the internet. It analyzes DNS and IP activity to predict current and emerging threats, and block them before they reach your network or endpoints. By The Numbers • 65 million users • 80 billion daily Internet requests • 7 million malicious destinations enforced at any given time © 2016 Cisco and/or its affiliates. All rights reserved. Convert your threat analysis and intelligence into global prevention with Cisco Umbrella and AMP Threat Grid. F E AT U R E B R I E F Customer & partner community Threat analysis & intelligence AMP Threat Grid (Cloud) Automatically pulls newly discovered malicious domains in minutes Logs or blocks all internet activity destined to these domains Customer Files Files Domains Enforcement In real-time, Umbrella will identify compromised systems based on any internet activity destined to malicious Threat Grid domains. Response teams will know which malicious domains and files to further investigate based on "critical" (CEO's laptop, POS server) vs. "minor" (public kiosk, intern's desktop) systems compromised by "severe" (ransomware, APT) vs. "minor" (commodity exploit kit) malware. Medium priority Severe malware Minor systems High priority Severe malware Critical systems Low priority Minor malware Minor systems Medium priority Minor malware Critical systems Systems compromised discovered by Umbrella Malware severity scored by Threat Grid

Articles in this issue

Links on this page

view archives of Feature Briefs - Cisco Umbrella AMP Threat Grid Integration