Get Latest Articles to Your Inbox Till now we all have heard about the Ransomware malware that encrypts your files or lock down your computer and ask for a ransom amount to be paid in a specified duration of time to unlock it.Emsisoft has detected a new piece of malware called “Linkup”, dubbed as “Trojan-Ransom.Win32.Linkup” that doesn't lock your computer or encrypts files; rather it blocks your Internet access by modifying the DNS settings, with the ability to turn your computer into a Bitcoin mining robot.Linkup Trojan Council of EuropeChild Pornography but most likely only a blatant lie Linkup Emsisoft has detail explanation of the working of malware on their site: “This combination of ransomware and Bitcoin mining is a new and fascinating development.At this point, however, its functionality is still quite limited as the downloaded jhProtominer only works on 64-bit operating systems.In time, it will be interesting to see if Linkup is modified to download more flexible variants.” Emsisoft Anti-Malware Best Deals Subscribe Want the most interesting Hacking and Cyber Security News delivered automatically to your inbox?

Subscribe to our FREE Newsletter and eBooks.Share Published on Apr 11, 2017 Presentation from the San Diego Tech Day 2017 ... Technology 0 Comments Statistics Notes Be the first to like this Views Actions 0 Embeds 0 1.December 2016 Robert Bui Cisco Advanced Malware Protection 2.The Reality: Organizations Are under Attack Viruses 1990-2000 Worms 2000-2005 Spyware and Rootkits 2005-Today APTs Cyberware Today + 1990 1995 2000 2005 2010 2015 2020 Phishing, Low Sophistication Hacking Becomes an Industry Sophisticated Attacks, Complex Landscape of large companies targeted by malicious traffic95% of organizations interacted with websites hosting malware100% § Cybercrime is lucrative, barrier to entry is low § Hackers are smarter and have the resources to compromise your organization § Malware is more sophisticated § Organizations face tens of thousands of new malware samples per hour Source: 2014 Cisco Annual Security Report 3.

Malware Will Get into Your Environment 95% of large companies targeted by malicious traffic 60% of data stolen in hours 65% of organizations say attacks evaded existing preventative security tools $5.9M Average cost of a breach in the United States 4.Once Inside, Organizations Struggle to Deal with It 15% of organizations take 2+ years to discover breach 55% of organizations unable to determine cause of a breach 45 days Average time to resolve a cyber-attack 54%of breaches remain undiscovered for months 5.litecoin aud chartTo Defend Against These Advanced Threats Requires Greater Visibility and Control Across the Full Attack Continuum Attack Continuum Data Center EndpointsEmail and Web Network Mobile Before During After Before Discover Enforce Harden During Detect Block Defend After Scope Contain Remediate Threat intelligence and analytics Point-in-Time detection Retrospective security and continuous analysis 6.bitcoin sweatshirt

Visibility and Control Enables You to Effectively Prevent, Block, Detect, and Remediate Advanced Threats Threat Intelligence and Analytics with Point-in-Time protection with Continuous Analysis and Retrospective Security with 2.Visibility See Prevent Before an attack Detect Block and Contain During an attack Record, Analyze, Detect Remediate After an attack 7.litecoin купить visaLearn about threats faster AMP Strengthens Defenses Using Cisco Threat Intelligence Extensive and growing back-end research on the latest threats and security trends Knowledge base Analytics and behavioral indicators for your system written in plain EnglishInsight Team of threat analysts/researches working to provide you with the latest threat intelligence 24/7Expertise 13 billion web requests per day 100 TB of data received daily 1.1 million incoming malware samples per day 35% worldwide email traffic 8.bitcoin dbs

Cisco Advanced Malware Protection Built on Unmatched Collective Security Intelligence § 1.6 million global sensors § 100 TB of data received per day § 150 million+ deployed endpoints § Team of engineers, technicians, and researchers § 35% worldwide email traffic § 13 billion web requests § 24x7x365 operations § 4.3 billion web blocks per day § 40+ languages § 1.1 million incoming malware samples per day § AMP Community § Private/Public Threat Feeds § Talos Security Intelligence § AMP Threat Grid Intelligence § AMP Threat Grid Dynamic Analysis 10 million files/month § Advanced Microsoft and Industry Disclosures § Snort and ClamAV Open Source Communities § AEGIS Program Web WWW Endpoints DevicesNetworksEmail IPS Automatic Updates in real time 101000 0110 00 0111000 111010011 101 1100001 110 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 1001 1101 1110011 0110011 101000 0110 00 101000 0110 00 0111000 111010011 101 1100001 1100001110001110 1001 1101 1110011 0110011 10100 1001 1101 1110011 0110011 101000 0110 00 Cisco® Collective Security Intelligence AMP Threat Intelligence Cloud AMP Advanced Malware Protection 9.bitcoin huis

Threat Grid Unifies Analysis and Threat Intelligence to Deliver… Automated Analysis Context Rich Analytics Seamless Integration 10.Threat Grid Feeds Malware Analysis and Threat Intelligence to the AMP Solution Cisco® AMP Threat Grid platform correlates the sample result with millions of other samples and billions of artifacts Actionable threat content and intelligence is generated that can be utilized by AMP, or packaged and integrated into a variety of existing systems or used independently.bitcoin kaufen per überweisung1100001110001110 1001 1101 1110011 0110011 101000 0110 00 101000 0110 00 0111000 111010011 101 1100001 110 1001 1101 1110011 0110011 101000 0110 00 Analyst or system (API) submits suspicious sample to Threat Grid Low Prevalence Files An automated engine observes, deconstructs, and analyzes using multiple techniques Actionable threat content and intelligence is generated that can be packaged and integrated in to a variety of existing systems or used independently.

AMP Threat Grid platform correlates the sample result with millions of other samples and billions of artifacts 101000 0110 00 0111000 111010011 101 1100001 110 101000 0110 00 0111000 111010011 101 1100001 110 1001 1101 1110011 0110011 101000 0110 00 Threat Score/Behavioral Indicators Big Data Correlation Threat Feeds Sample and Artifact Intelligence Database Actionable Intelligence § Proprietary techniques for static and dynamic analysis § “Outside looking in” approach § 350 Behavioral Indicators 11.Unique to Cisco® AMP In Addition to Threat Intelligence, AMP Delivers Point-in-Time Protection File Reputation, Sandboxing, and Behavioral Detection Retrospective Security Continuous Analysis 12.Cisco AMP Defends with Reputation Filtering and Behavioral Detection Continuous Protection Reputation Filtering Behavioral Detection Dynamic Analysis Machine Learning Fuzzy Finger-printing Advanced Analytics One-to-One Signature Indications of Compromise Device Flow Correlation Point-in-Time Detection Retrospective Security Cisco Collective Security Intelligence 13.

Dynamic Analysis Machine Learning Fuzzy Finger-printing Advanced Analytics One-to-One Signature Indications of Compromise Device Flow Correlation Reputation Filtering Behavioral Detection Dynamic Analysis Machine Learning Fuzzy Finger-printing Advanced Analytics One-to-One Signature Indications of Compromise Device Flow Correlation Reputation Filtering Is Built on Three Features Unknown file is encountered, signature is analyzed, sent to cloud 1 File is not known to be malicious and is admitted2 Unknown file is encountered, signature is analyzed, sent to cloud 3 File signature is known to be malicious and is prevented from entering the system 4 Collective Security Intelligence Cloud Point-in-Time Detection Retrospective Security Cisco Collective Security Intelligence 14.

Dynamic Analysis Machine Learning Fuzzy Finger-printing Advanced Analytics ne-to-One Signature Indications of Compromise Device Flow Correlation Reputation Filtering Is Built on Three Features Collective Security Intelligence Cloud Machine Learning Decision Tree Possible clean file Possible malware Confirmed malware Confirmed clean file Confirmed clean file Confirmed malware Metadata of unknown file is sent to the cloud to be analyzed1 Metadata is recognized as possible malware2 File is compared to known malware and is confirmed as malware 3 Metadata of a second unknown file is sent to cloud to be analyzed 4 Metadata is similar to known clean file, possibly clean5 File is confirmed as a clean file after being compared to a similarly clean file 6 Point-in-Time Detection Retrospective Security Cisco Collective Security Intelligence 15.

Dynamic Analysis Machine Learning Fuzzy ger-printing Advanced Analytics Indications of Compromise Device Flow Correlation Behavioral Detection Is Built on Four Features Collective Security Intelligence Cloud File of unknown disposition is encountered1 File replicates itself and this information is communicated to the cloud 2 File communicates with malicious IP addresses or starts downloading files with known malware disposition 3 Combination of activities indicates a compromise and the behavior is reported to the cloud and AMP client 4 These indications are prioritized and reported to security team as possible compromise 5 Point-in-Time Detection Retrospective Security Cisco Collective Security Intelligence 16.Dynamic Analysis achine earning Advanced Analytics Indications of Compromise Device Flow Correlation Behavioral Detection Is Built on Four Features Collective Security Intelligence Cloud Collective User Base AMP Threat Grid Sandbox Dynamic Analysis Engine executes unknown files in on-premises or cloud sandboxes powered by Cisco® AMP Threat Grid 1 Two files are determined to be malware, one is confirmed as clean 2 Intelligence Cloud is updated with analysis results, and retrospective alerts are broadcast to users 3 Point-in-Time Detection Retrospective Security Cisco Collective Security Intelligence 17.

Dynamic Analysis Advanced Analytics cations mpromise Device Flow Correlation Behavioral Detection Is Built on Four Features Collective User Base Collective Security Intelligence Cloud Cisco® AMP Threat Grid Analysis Receives information regarding software unidentified by Reputation Filtering appliances 1 Receives context regarding unknown software from Collective User Base 2 Analyzes file in light of the information and context provided3 Identifies the advanced malware and communicates the new signature to the user base 4 Point-in-Time Detection Retrospective Security Cisco Collective Security Intelligence 18. namic alysis Advanced Analytics Device Flow Correlation Behavioral Detection Is Built on Four Features Collective Security Intelligence Cloud IP: 64.233.160.0 Device Flow Correlation monitors communications of a host on the network 1 Two unknown files are seen communicating with a particular IP address 2 One is sending information to the IP address, the other is receiving commands from the IP address 3 Collective Security Intelligence Cloud recognizes the external IP as a confirmed, malicious site 4 Unknown files are identified as malware because of the association 5 Point-in-Time Detection Retrospective Security Cisco Collective Security Intelligence 19.

Unique to Cisco® AMP Cisco AMP Delivers a Better Approach Point-in-Time Protection File Reputation, Sandboxing, and Behavioral Detection Retrospective Security Continuous Analysis 20.Cisco AMP Defends with Retrospective Security To be effective, you have to be everywhere Continuously Point-in-Time Detection Retrospective Security Cisco Collective Security Intelligence 21.Why Continuous Protection Is Necessary 0001110 1001 1101 1110011 0110011 101000 0110 00 0111000 111010011 101 1100001 110 1000111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 0100001100001 1100 0111010011101 1100001110001110 1001 1101 1110011 0110011 101000 0110 00 Web WWW Endpoints NetworkEmail DevicesGateways File Fingerprint and Metadata Process Information Continuous feed Continuous analysis File and Network I/O Breadth and Control points: Telemetry Stream Talos + Threat Grid Intelligence Point-in-Time Detection Retrospective Security Cisco Collective Security Intelligence 22.

Why Continuous Protection Is Necessary Context Enforcement Continuous Analysis Who What Where When How Event History Collective Security Intelligence Point-in-Time Detection Retrospective Security Cisco Collective Security Intelligence 23.Cisco AMP Defends with Retrospective Security TrajectoryBehavioral Indications of Compromise Elastic Search Continuous Analysis Attack Chain Weaving Point-in-Time Detection Retrospective Security Cisco Collective Security Intelligence 24.TrajectoryBehavioral Indications of Compromise Breach Hunting Continuous Analysis Attack Chain Weaving Retrospective Security Is Built on… Performs analysis the first time a file is seen 1 Persistently analyzes the file over time to see if the disposition is changed 2 Giving unmatched visibility into the path, actions, or communications that are associated with a particular piece of software 3 Point-in-Time Detection Retrospective Security Cisco Collective Security Intelligence 25.

TrajectoryBehavioral Indications of Compromise Breach Hunting Continuous Analysis Attack Chain Weaving Retrospective Security Is Built on… Uses retrospective capabilities in three ways: File Trajectory records the trajectory of the software from device to device File Trajectory1 Process Monitoring monitors the I/O activity of all devices on the system Communications Monitoring monitors which applications are performing actions Attack Chain Weaving analyzes the data collected by File Trajectory, Process, and Communication Monitoring to provide a new level of threat intelligence Process Monitoring2 Communications Monitoring3 Point-in-Time Detection Retrospective Security Cisco Collective Security Intelligence 26.TrajectoryBehavioral Indications of Compromise Breach Hunting nuous ysis Attack Chain Weaving Retrospective Security Is Built on… Behavioral Indications of Compromise uses continuous analysis and retrospection to monitor systems for suspicious and unexplained activity… not just signatures!

Using the power of Attack Chain Weaving, Cisco® AMP is able to recognize patterns and activities of a given file, and identify an action to look for across your environment rather than a file fingerprint or signature An unknown file is admitted into the network 1 The unknown file copies itself to multiple machines 2 Duplicates content from the hard drive 3 Sends duplicate content to an unknown IP address 4 Point-in-Time Detection Retrospective Security Cisco Collective Security Intelligence 27.TrajectoryBehavioral Indications of Compromise Breach Hunting ck Chain eaving Retrospective Security Is Built on… File trajectory automatically records propagation of the file across the network Collective Security Intelligence Cloud Computer Virtual Machine Mobile Mobile Virtual MachineComputer Network Collective Security Intelligence Cloud Mobile Mobile File TrajectoryUnknown file is downloaded to device1 Fingerprint is recorded and sent to cloud for analysis2 The unknown file travels across the network to different devices 3 Sandbox analytics determines the file is malicious and notifies all devices 4 If file is deemed malicious, file trajectory can provide insight into which hosts are infected, and it provides greater visibility into the extent of an infection 5 Point-in-Time Detection Retrospective Security Cisco Collective Security Intelligence 28.

Trajectoryhavioral cations mpromise Breach Hunting Retrospective Security Is Built on… Computer Unknown file is downloaded to a particular device 1 The file executes2 Device trajectory records this, the parent processes lineage and all actions performed by the file 3 File is convicted as malicious and the user is alerted to the root cause and extent of the compromise 4 Drive #1 Drive #2 Drive #3 Device Trajectory Point-in-Time Detection Retrospective Security Cisco Collective Security Intelligence 29.Trajectoryhavioral cations mpromise Elastic Search Retrospective Security Is Built on… Elastic Search is the ability to use the indicators generated by Behavioral IoCs to monitor and search for threats across an environment 1 When a threat is identified, it can be used to search for and identify if that threat exists anywhere else 2 This function enables quick searches to aid in the detection of files that remain unknown but are malicious 3 Point-in-Time Detection Retrospective Security Cisco Collective Security Intelligence 30.

These applications are affected What The breach affected these areas Where This is the scope of exposure over time When Here is the origin and progression of the threat How Focus on these users first Who Cisco AMP Provides Contextual Awareness and Visibility That Allows You to Take Control of an Attack before It Causes Damage 31.Cisco Advanced Malware Protection (AMP) Deployment Options Supercharge your next-generation firewall by turning on AMP capabilities on the Cisco FirePOWER™ NGFW or the Cisco ASA with FirePOWER Services.AMP for Firewalls Get deep visibility into threat activity and block advanced malware with AMP deployed as a network- based solution running on AMP-bundled security appliances (NGIPS).AMP for Networks Combat and block network- based threats by deploying AMP capabilities on the Cisco® Integrated Services Router (ISR).

AMP for ISR Add AMP to a Cisco Web Security Appliance (WSA) or Cisco Cloud Web Security (CWS) and get visibility and control to defend against advanced threats launched from the web.AMP for Web An on-premises appliance or cloud-based solution for static and dynamic malware analysis (sandboxing) and threat intelligence.Threat Grid For high privacy environments that restrict the use of the public cloud, use an on-premises, air-gapped private cloud deployment of AMP for Networks or AMP for Endpoints.AMP for Private Cloud Virtual Appliance Protect your endpoints!Get visibility into file and executable- level activity, and remediate advanced malware on devices running Windows, Mac OS, Linux, and Android.AMP for Endpoints Add AMP to Meraki® MX and take advantage of simplified threat protection with advanced capabilities, providing visibility into threats on your network across multiple sites.

AMP for Meraki MX Add AMP to a Cisco Email Security Appliance (ESA) and get visibility and control to defend against advanced threats launched via email.AMP for Email Get Visibility and Control across all attack vectors to defend against today’s most advanced threats.The AMP Everywhere Architecture AMP Protection Across the Extended Network for an Integrated Threat Defense AMP Threat Intelligence Cloud Windows OS Android Mobile Virtua l MAC OS CentOS, Red Hat Linux for servers and datacenters AMP on Web and Email Security Appliances AMP on Cisco® ASA Firewall with FirePOWER™ Services AMP Private Cloud Virtual Appliance AMP on FirePOWER NGIPS Appliance (AMP for Networks) AMP on Cloud Web Security and Hosted Email CWS/ CTA Threat Grid Malware Analysis + Threat Intelligence Engine AMP on ISR with FirePOWER Services AMP for Endpoints AMP for Endpoints Remote Endpoints AMP for Endpoints can be launched from Cisco AnyConnect® AMP on Meraki® MX 33.

HostWebEmailNetwork Attached Controls Unified By Threat Stealthwatch ISRNGIPS NGFW Meraki MX ESA CES WSA CWS Endpoint Database Static & Dymanic Analysis Threat Grid AMP Cloud Cognitive Threat Analytics ISE OpenDNS Umbrella Network File Metadata Network Telemetry Threat Score 34.Endpoint Command Line Visibility 37.Endpoint Command Line Visibility Bitcoin Mining…by someone else 38.Deployment Options in Detail AMP on ESA, WSA, ASA, CWS, ISR AMP for Networks (AMP on FirePOWER Network Appliance) AMP for Meraki (AMP on Meraki MX devices) AMP for Endpoints AMP Private Cloud Virtual Appliance License with ESA, WSA, CWS, ISR, or ASA customers Snap into your network License with Meraki MX Install lightweight connector on endpoints Deploy on-premises Virtual Appliance New or existing Cisco CWS, ISR, Email/Web Security, ASA customers FirePOWER NGIPS customers New or existing Meraki customers Windows, Mac, Android, Linux, virtual machines; can also deploy from AnyConnect client High-Privacy Environments § ESA/WSA: Prime visibility into email/web § CWS: web and advanced malware protection in a cloud-delivered service § AMP capabilities on ASA with FirePOWER Services or ISR § Wide visibility inside network § Broad selection of features- before, during, and after an attack § Broad visibility inside the network, across multiple branch locations § Simplified, cloud-based security management with advanced threat capabilities § Comprehensive threat protection and response § Granular visibility and control § Widest selection of AMP features § Private Cloud option for those with high-privacy requirements § Can deploy full air-gapped mode or cloud proxy mode § For endpoints and networks Hybrid or on-premises integration Cloud integration in November 2015; on-premises integration in 1H 2016 Hybrid or on-premises integration Integrated into file analysis feature Integration coming in 1H 2016 Private Deployment options Method Ideal for Details Threat Grid 39.

Protection Across Networks The Network platform uses indications of compromise, file analysis, and in this example file trajectory to show you exactly how malicious files have moved across the environment Endpoint Content Network WWW 40.Protection Across Endpoints The Endpoint platform has device trajectory, elastic search, and outbreak control, which in this example is shown quarantining recently detected malware on a device that has the AMP for Endpoints connector installed Endpoint Content Network WWW 41.Protection Across Web and Email Cisco® AMP for Web and Email protects against malware threats in web and email traffic by blocking known malware and issuing retrospective alerts when unknown files are convicted Endpoint Content Network WWW 42.Are You Able to Defend Against Advanced Malware?Can you detect advanced malware in web and email?1 Assess your current level of network protection2 Assess your current level of endpoint protection 3 43.

Get Started Now Decide on Proof-of-Value (POV) deployment preference 1 Establish a timeframe and installation date for POV 2 Determine hardware requirements and configuration changes3 Select POV length and delivery4 Schedule kick-off meeting5 44.AMP Assets to Learn More AMP Webpages /go/amp /go/ampsolution /go/ampendpoint /go/ampnetwork /go/ampprivatecloud /products/appliances /go/amptg • Cloud deployment • On-premises deployment AMP Solution Overview Videos AMP for Endpoints Overview Video AMP for Networks Overview Video Cisco Executive Perspectives on Security AMP Threat Grid Overview Video AMP Overview in 4 Minutes: Meet Tom, the IT Security Guy John Chambers on Cisco Security and AMP Demos 5-minute AMP Demo, with Threat Grid integration AMP Threat Grid for Incident Response AMP and Threat Grid Full Demo on Techwise TV June 2015 AMP Threat Grid: Portal overview and API demo Customer Testimonials Playlist of all Customer Testimonials on AMP First Financial Bank SHSU.uses AMP for Endpoints Center for Internet Security uses AMP Threat Grid 45.

AMP Assets to Learn More Data Sheets, At-a-Glances, Infographic, Whitepapers AMP Solution Overview AMP for Networks: Data Sheet | AAG AMP for Endpoints: Data Sheet | AAG AMP Private Cloud: Data Sheet AMP for Meraki: AAG Security Everywhere Whitepaper (direct link) AMP Threat Grid Solution Overview AMP Threat Grid - Appliance: Data Sheet | AAG AMP Threat Grid - Cloud: Data Sheet Continuous Endpoint Protection in a Point-in-Time World Third Party Validation Gartner Video-on-Demand: Strategies to Combat Advanced Threats featuring Cisco AMP 2015 NSS Labs Breach Detection Test Results 46.Block Threats Before They Breach A U.S.Bank Case Study Experienced security team of 7 supporting more than 120 locations needed greater intelligence to quickly identify and stop threats.Current defenses alerted personnel and logged details but did nothing to aid investigation of the situation.Augmented intrusion prevention systems with AMP for Endpoints.

After installation of AMP for Endpoints, a targeted attack was identified and remediated in half a day.Seven days after the initial attack, new business processes and intelligences implemented by AMP for Endpoints resulted in the immediate mitigation of a second targeted attack.Challenge Solution Result Before 47.Defend Against Threats During the Attack FVC Case Study Previous, bulky malware solution was not centrally managed, so it was difficult for IT to monitor and troubleshoot the network effectively Installed AMP for Endpoints for a lighter footprint, central monitoring, and real-time, remote visibility.The AMP for Endpoints dashboard helped the team find and stop threats much faster than previous methods.What used to take them hours now requires only 2 or 3 minutes.With remote management, the team is also able to solve many problems remotely and keep employees productive.Challenge Solution Result During 48.

Identify Scope and Remediate Impact after Breach Power Utility Case Study After The company is a frequent victim of spear-fishing campaigns with indications of infection emanating from multiple sources.Added AMP for Endpoints to a system already using a FirePOWER NGIPS to enable the company to track and investigate suspicious file activity.The company gained complete visibility into its malware infections, determined the attack vector, assessed the impact on the network, and made intelligent surgical decisions for remediation in a fraction of the time than it would take to respond manually.Challenge Solution Result 49.How Cisco AMP Works Network File Trajectory Use Case 50.An unknown file is present on IP: 10.4.10.183, having been downloaded from Firefox 51.At 10:57, the unknown file is from IP 10.4.10.183 to IP: 10.5.11.8 52.Seven hours later the file is then transferred to a third device (10.3.4.51) using an SMB application 53.

The file is copied yet again onto a fourth device (10.5.60.66) through the same SMB application a half hour later 54.The Cisco® Collective Security Intelligence Cloud has learned this file is malicious and a retrospective event is raised for all four devices immediately.At the same time, a device with the AMP for Endpoints connector reacts to the retrospective event and immediately stops and quarantines the newly detected malware 56.Eight hours after the first attack, the Malware tries to re-enter the system through the original point of entry but is recognized and blocked.It’s a Dynamic Threat Landscape It is a Community that hides in plain sight avoids detection, and attacks swiftly 60% of data is stolen in hours 54% of breaches remain undiscovered for months 100% of companies connect to domains that host malicious files or services 59.

Too Many Disparate Security Products Mean Gaps in Protection vs â â Fragmented offerings across multiple vendors Streamlined advanced security solution Cost Lower opex and easier to manage Higher total cost to build and run Overall performance Less communication between components Better communication and integration Time to detection Faster time to detection More lag in finding threats 60.Comprehensive Security Requires Breach Prevention Rapid Breach Detection, Response, Remediation Threat Intelligence /article/2109210/report-average-of-82-000-new-malware-threats-per-day-in-2013.html 61.Threat Grid Unifies Analysis and Threat Intelligence to Deliver… Automated Analysis Context Rich Analytics Seamless Integration 62.Automatically Submit Suspicious Files Automated Analysis, from Edge to Endpoint Submission Analyst or system (API) submits suspicious sample to Threat Grid Suspicious File Edge Endpoints ASA w/ FIREPOWER Services ESA CTAWSA AMP for Endpoints AMP for Network 63.

Examine Files with Context-Driven Analysis “Outside looking in” approach No presence in the VM Proprietary techniques for static and dynamic analyses Observing all changes to local host and network communications Downloadable analysis JSON, in minutes Capability to pivot on any data element Detailed report identifying key behavioral indicators and threat score Accurately identify attacks, in near real time Static and Dynamic Analysis Execute Automatically F R S Process with additional activity File activity Registry activity Sample process Legend: Dynamic Analysis: Process tree visualization 64.Introducing Threat Grid Everywhere Suspicious File Analysis Report Edge Endpoints ASA w/ FIREPOWER Services Meraki CTA ESA/ WSA AMP for Endpoints AMP for Network Partner Integration S E C U R I T Y Security Monitoring Platforms Deep Packet Inspection Gov, Risk, Compliance SIEM Dynamic Analysis Static Analysis Threat Intelligence AMP Threat Grid Cisco Security Solutions Non-Cisco Security Solutions Suspicious File Premium Content Feeds Security Teams