Back in July we announced the integration of Cisco Advanced Malware Protection with the Meraki MX. The AMP integration with the MX provided a simple and effective way for MX customers to detect, monitor and remediate advanced threats in their environment. We’re now taking this protection a step further with the integration of Threat Grid into the Meraki MX platform. This integration allows security teams to better understand, prioritize and mitigate attacks by combining advanced sandboxing with threat intelligence.
We’ve all heard it before. Today’s malware is stealthy, designed to evade first line defenses. Even with the best security tools in place, eventually something can and will get in. This is where Threat Grid comes. Simply put, Threat Grid solves the problem of unknown files in your environment. It will rapidly analyze files and suspicious behavior across your environment, providing security teams with context-rich analytics and threat intelligence so they’re armed with insight into what a file is doing, or attempting to do, and can quickly respond to threats. Security teams will get an easy to read threat report with threat scores to help speed up incident response and allow teams to prioritize threats with the biggest impact. This video provides a more comprehensive overview.
So how exactly does the integration work? First, with the AMP for Meraki integration, files that pass through the MX will be queried against AMP, which will respond with a disposition of clean, malicious, or unknown. Clean files are let through; malicious files are blocked. Unknown files can then automatically be sent to Threat Grid for analysis. When the analysis is complete, a detailed report and threat score will be displayed on the Meraki Security Center. Files with a threat score of 95 and above are considered malicious, triggering a retrospective alert and notifying the security team about the malicious file, so they can go in and remediate.
Threat Grid for MX is available now as an add on to the MX Advanced Security license. Customers must have the Advanced Security License to purchase Threat Grid. To find out more contact your account manager and ask about Threat Grid sample packs.
For more information visit meraki.cisco.com/amp.