Home / Cisco Security / Cisco Advanced Malware Protection (AMP) Threat Grid Sandboxing

Cisco Advanced Malware Protection (AMP) Threat Grid Sandboxing

Cisco AMP so called as Advance Malware Protection is a term used for Malware file detection technology. AMP will provides you threat intelligence and analytics, point-in-time detection, continuous analysis, and retrospective security of malware files

AMP- Advance Malware Protection can be used at various levels of the network. It can be used as Threat Grid, Endpoints, Network. These all products actually make up an architecture and is not just a different products in the cisco portfolio.

We have following various AMP features at Cloud, Endpoint, Networks, web and email. In this article i am only covering the AMP for Threat Grid.

  • AMP Threat Grid
  • AMP for Endpoints
  • AMP for Networks
  • AMP for Web
  • AMP for Email

AMP Threat Grid
AMP threat Grid can be used for appliances or in the cloud. Huge organisations with compliance and policy restrictions can analyze malware with the help of AMP Threat Grid locally by submitting samples to the appliance. It helps you effectively defend against both targeted attacks and threats from advanced malware in the network premises or in the cloud based solutions.

AMP Threat Grid detailed reports, identifying key behavioral indicators along with a threat score, help enable quick prioritization and recovery from advanced attacks with accuracy and speed. AMP Threat Grid provides a global view of malware attacks, campaigns, and their distribution. It analyses millions of samples monthly and distills terabytes of malware analysis into rich, actionable intelligence.

Fig 1.1- Cisco AMP Threat Grid for Premises or Cloud


Cloud based AMP Threat Grid crowd-sources malware from a closed community and analyses all samples using proprietary, highly secure techniques that include static and dynamic (sandboxing) analysis.  Security teams can quickly correlate a single sample of observed activity and characteristics against millions of other samples to fully understand its behaviours in a historical and global context.

 It analyzes millions of samples monthly and distills terabytes of rich, actionable content into clearly categorized and easily consumable threat-intelligence feeds. This helps you effectively defend against the broadest variety of threats and reduces the damage from attacks. Threat Grid provides several categories of prepackaged premium feeds that address numerous threat types

 So we have Combines static and dynamic analysis of malware files  through sandboxing and threat analysis

  • Static Analysis: Examine the code of the file without running it. It also identifies the characteristics like file size, hash and so on.
  • Dynamic Analysis: With the help of Dynamic Analysis actually run the file to see how it behaves and is available for on premises or you can deploy on the cloud based solutions as well.