Categories
CCNP Enterprise Core (350-401) Cisco Security

Cisco Threat Grid

Cisco Threat Grid was acquired by Cisco in 2014.

Cisco Threat Grid can perform static file analysis as well as dynamic file analysis.

Static file analysis checks the files name, MD5, file types and more.

Dynamic file analysis checks how the software behaves when it is ran in a controlled sandbox enviroment.

It uses the software behaviour to compare against millions of other different software examples to determine whether the software is malware or not.

If Threat Grid is able to identify a file as malware. It will further analyse it to try find out what it is doing or attempting to do.

Malware can include features to detect if it is running in a virtualised environment, and try evade running if the malware picks up on a virtualised environment. Cisco Threat Grid contains an atypical set-up for analysing malware, so the malware is unable to pick up on this.

Threat grid can be used as an appliance, or as part of a cloud application.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.