Whenever a file is downloaded through a Meraki MX with Cisco Advanced Malware Protection (AMP) enabled, that file’s signature will be looked up against AMP’s extensive cloud database; however, the file’s evaluation may return as “unknown”. AMP is capable of retrospectively alerting administrators if such a file is later determined to in fact be malicious with the help of the global AMP cloud. This provides security teams with the necessary insight to take action to quarantine a threat before it spreads.
With our newly released support for Threat Grid, administrators now have the powerful option to send these unknown file types directly to the Threat Grid cloud for immediate analysis. Once received, Cisco Threat Grid will execute the file in a virtual environment and will then analyze the file for over 825 behavioral indicators that may suggest whether or not the file is malicious. If a file is in fact determined to be malicious, Threat Grid will immediately alert all network administrators, and armed with a new signature, AMP will also block any new attempts of the threat from being downloaded. What’s more, if the file is malicious, Threat Grid’s analysis results will also be distributed via the global AMP cloud so that all other subscribers around the world receive the new threat signatures. With record-breaking threats like the recent WannaCry outbreak, this is an important, powerful tool to have in any organization’s arsenal, and instrumental in contributing to the prevention of zero-day exploits around the world.
Example of a downloaded file that was initially permitted, but later determined by Threat Grid to be malicious
We’re incredibly excited to announce the availability of Threat Grid on the Meraki MX as it provides the absolute latest in dynamic malware analysis and a deep, beneficial integration with Cisco’s broader security services. Threat Grid for MX is available as an additional subscription to any Meraki MX* with Advanced Security license. To find out more, please contact your Meraki sales representative and ask about Threat Grid sample packs.
*Threat Grid is not currently available on MX400 and MX600 models.