Cisco Blogs

Introducing Threat Grid for Meraki MX

Back in July we announced the integration of Cisco Advanced Malware Protection with the Meraki MX. The AMP integration with the MX provided a simple and effective way for MX customers to detect, monitor and remediate advanced threats in their environment. We’re now taking this protection a step further with the integration of Threat Grid into the Meraki MX platform. This integration allows security teams to better understand, prioritize and mitigate attacks by combining advanced sandboxing with threat intelligence.

We’ve all heard it before. Today’s malware is stealthy, designed to evade first line defenses. Even with the best security tools in place, eventually something can and will get in. This is where Threat Grid comes. Simply put, Threat Grid solves the problem of unknown files in your environment. It will rapidly analyze files and suspicious behavior across your environment, providing security teams with context-rich analytics and threat intelligence so they’re armed with insight into what a file is doing, or attempting to do, and can quickly respond to threats. Security teams will get an easy to read threat report with threat scores to help speed up incident response and allow teams to prioritize threats with the biggest impact. This video provides a more comprehensive overview.

So how exactly does the integration work?  First, with the AMP for Meraki integration, files that pass through the MX will be queried against AMP, which will respond with a disposition of clean, malicious, or unknown. Clean files are let through; malicious files are blocked. Unknown files can then automatically be sent to Threat Grid for analysis. When the analysis is complete, a detailed report and threat score will be displayed on the Meraki Security Center. Files with a threat score of 95 and above are considered malicious, triggering a retrospective alert and notifying the security team about the malicious file, so they can go in and remediate.

Threat Grid for MX is available now as an add on to the MX Advanced Security license. Customers must have the Advanced Security License to purchase Threat Grid. To find out more contact your account manager and ask about Threat Grid sample packs.

For more information visit

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.


  1. As a long time Meraki fan with a strong security fokus this is very great news! Looking into the license/pricing in CCW I find a "File package" - one of them SKU L-TGSP-S1-LIC-K9= - but I also find L-TG-S1-LIC-K9= Which one do I need for the AMP for MX? Thanks!

    • Hi Michael - Both are valid so you could you use either: - TG Premium license: L-TG-S1-LIC-K9= (5 Accounts and 500 Daily Submissions) - TG Sample Pack license: L-TGSP-S1-LIC-K9= (200 Daily Submissions) You could also stack TG Sample Pack licenses so if you buy both you would get 5 Accounts and 700 Daily Submissions (Premium TG account with additional 200 Daily Submissions).

      • Hi Brian, Is premium supported by Meraki MX? i thought it was only the 200-samples/day subscription the only one supported. Thanks

        • Hi Jose - Yes, the Threat Grid Premium Subscription is available.

  2. Great addition for Meraki, thank you for sharing!