Cisco Blogs

Cisco Blog > Security

AMP Threat Grid integrates with Tripwire Enterprise

Today’s threat landscape is completely different than last year; and next years will be, not surprisingly, even worse. The Industrialization of Hacking has spawned a new era of professional, entrepreneurial, and resourceful cyber criminals. In recent year’s dynamic malware analysis (aka sandboxing) has become the shiny new technology that we all want, no, need to have. At one time anti-virus held this position as well, and the same will eventually be said of sandbox technology used to fight advanced malware.

You may have purchased a sandbox a few years ago but it’s likely that your malware analysis needs have gone beyond the traditional sandboxing technologies that simply extract suspicious samples, analyze in a local virtual machine, and quarantine. You need a more robust malware analysis tool that fits into your infrastructure and can continuously detect even the most advanced threats that are environmentally aware and can evade detection.

Tripwire recently partnered with Cisco and integrated the AMP Threat Grid dynamic malware analysis solutions into Tripwire Enterprise. But why choose this dynamic malware analysis tool? After careful evaluation there were a few key reasons to integrate this tool versus others:

  1. It’s not just dynamic malware analysis

    AMP Threat Grid provides both static and dynamic malware analysis, and a full subscription provides an API that is used to seamlessly deliver context rich threat intelligence into existing security technologies.

  2. Not everyone out there is a security expert

    Heck, very few are. AMP Threat Grid was designed to empower junior security analysts by providing a Threat Score so they can easily determine how malicious a sample is. The behavioral indicators are written in plain English so they can understand what the file is doing, and why its behavior is malicious, suspicious, or benign.

    Tripwire Sandboxing 1

  3. Lack of instrumentation

    AMP Threat Grid was designed without any instrumentation inside the virtual machine. Most experts agree that around 40% of today’s malware is environment aware, checking to see if it is running in a sandbox or the age of the operating system before detonating.

There are 3 ways that most people deploy a malware analysis tool:

  1. A stand-alone solution designed to feed itself samples for analysis without dependency on other security products. This has the most flexibility in deployment but adds significant hardware costs and complexity to management and analysis, especially for distributed enterprises.
  2. A distributed feeding sensor approach, such as firewalls, IPS, or UTMs with built-in sandboxing capabilities. These solutions are usually cost effective and easy to deploy but are less effective in detecting a broad range of suspicious files including web files. They can also introduce bandwidth limitations that can hamper network performance and privacy concerns when a cloud-based solution is the only option.
  3. Built into secure content gateways, such as web or email gateways. This approach is also cost effective but focuses on web and email channels only and also introduces performance limitations and privacy concerns.

Since Tripwire is already monitoring and collecting the data on your mission critical systems, these approaches don’t seem to work. But there’s a fourth way that actually takes the best of what these approaches offer and raises the bar to help you fight well-funded attackers that get better at what they do every day: Cisco AMP Threat Grid. Through AMP Threat Grid, Cisco offers advanced malware analysis and intelligence that delivers integration directly with Tripwire Enterprise providing you with a better ROI and more visibility into what is happening in your environment. Tripwire has integrated AMP Threat Grid into their Tripwire Enterprise, providing both static and dynamic analysis so you can better understand the malware targeting your organization, as well as the ability to automate the consumption of threat intelligence into your existing security infrastructure.

How does the Integration actually work?

AMP Threat Grid’s content driven security analytics dynamically and statically analyzes all submitted files, executing the sample in a safe environment, examining the behavior of the samples, and correlating the results with hundreds of millions of other analyzed malware artifacts. In less than 10 minutes AMP Threat Grid reports back and Tripwire Enterprise tags the file with the result. This enables Tripwire Enterprise customers to prioritize actions for changes on systems with threats identified by AMP Threat Grid and initiate workflow actions for quick remediation.

Tripwire Sandboxing 2

Not only does AMP Threat Grid analyze a broad range of objects, but those interested in an AMP Threat Grid subscription will also be provided with deep analytics capabilities wrapped with robust context. With over 350 behavioral indicators and a malware knowledge base sourced from around the globe, AMP Threat Grid provides more accurate, context rich analytics into malware than ever before. Tripwire customers can register for their free demo here.

Tags: , , ,

Remembering the small things: IT Security

There are many tasks and responsibilities of the (lone) IT sysadmin, they are sometimes varied, sometimes monotonous.  We know what they are without thinking about them, as if they are unwritten commandments, specific to the IT world.

Security has featured greatly in the world news over the past few years, and even more so within the IT circles. We have the aspects of social responsibility, who is watching the watchers, how should they be held to account (NSA, GCHQ). We have the more particular stories, such as Heartbleed, and the “simplicity” of gaining information from a system.

Sitting down and reading about the recently highlighted issue surrounding a fake Trojan copy of the popular terminal tool, PuTTY, I realized that over all, we spend a great deal thinking about security within IT systems. But sometimes we don’t think about security in the actions we take, or we forget to think about them. Read More »

Tags: , , , ,

Responding to Third Party Vulnerabilities

We are now more than one year on from the release of HeartBleed, the first major vulnerability disclosed in widely used third-party code. This is an excellent point in time to look back at what Cisco and our customers have achieved since, including how the Cisco Product Security Incident Response Team (PSIRT) has evolved to meet this new type of threat. It’s also a key time for us to confirm and clarify our commitment to transparency in the vulnerability disclosure process.

Read More »

Tags: , , ,

Securing the Supply Chain is a Collaborative Effort

I’ve been thinking lately about how collaboration can work for the IT industry as we strive to address security. Cisco’s supply chain security capability focuses on three key exposures: taint, counterfeit and misuse of intellectual property.

Specifically, I’ve been thinking about how we might detect and mitigate against counterfeit ASICs. I have a hunch that working with the semiconductor industry, we can achieve this goal. Read More »

Tags: , ,

Why I Love Big Data Partner Series 6: Highlights from Cisco Live — Top Insights from Platfora

Our last but not least guest blog on “Why I Love Big Data Partner Series” is up! If you are on your way back home from Cisco Live, this would be a great read for your commute. Rob Rosen from Platfora will take us through how easy it is to uncover previously hidden threats with an integrated big data solution that dynamically analyzes large volumes of disparate security data from Cisco’s security portfolio. If you missed Cisco Live this year, Rob also did a great job summarizing some of the key highlights.


Rob Rosen 2 (1)

Rob RosenSr. Director Partner Solutions at Platfora, is responsible for developing Big Data solutions within Platfora’s partner community including Cisco, Hadoop distribution providers and Platfora’s growing channel partner team. Rob has worked in leadership capacities with technology leaders in the infrastructure and Big Data space including MapR Technologies, NetApp, Check Point Software and Sun Microsystems.


Highlights from Cisco Live: Top Insights from Platfora

It was a jam-packed week at Cisco Live and I had the opportunity to dive into the latest developments around big data analytics and security. It’s well known that as IT infrastructure has transferred to virtual cloud-based applications and storage, organizations need visibility and security to keep their assets and data safe. I saw a lot of impressive presentations and I was able to share our own technology in partnership with Cisco.

Highlights from this week’s conference:

  • John Chambers’ keynote: Everyone’s talking about it—and for good reason. As he welcomed the crowd to Cisco Live, Chambers focused on exactly how businesses get disrupted in the digital age. He urged attendees and organizations to not hesitate to scrutinize their IT infrastructure and adopt the new technologies they’d see at the conference.
  •  Collaboration across companies: There was a huge ecosystem of technology companies that partnered with Cisco for a presence at the event. It’s encouraging to see that these tech giants across all industries are collaborating with one another to develop more comprehensive solutions for customers. Cisco’s leading the pack as it models an inclusive approach built on partnerships—which is better for everyone in the long run.
  • Cisco Intercloud announcement: This is a particularly exciting partnership announcement for Platfora. Cisco’s Intercloud Ecosystem could be described as a hybrid “cloud of clouds.” For anyone looking to pull value from their stored data, manage files or do a huge variety of other vital business tasks, this development is huge.

Read More »

Tags: , , , , , , , , ,