Cisco Secure Malware Analytics (Threat Grid) Overview

Cisco Secure Malware Analytics, formerly called Cisco Threat Grid, is a unified threat intelligence and malware analysis platform. It is integrated with Cisco’s AMP, Advanced Malware Protection, and it incorporates threat intelligence and advanced sandboxing to create a unified solution that aims to protect its users from malware. With Cisco Secure Malware Analytics, you’ll be able to comprehend what the malware is doing or is trying to do, is the malware a threat, and how you can defend against it.


Cisco (Threat Grid) Secure Malware Analytics File Analysis

Cisco Secure Malware Analytics performs automated static file analysis, such as checking supported file types, filenames, MD5 checksums, etc. It also does dynamic file analysis or behavioral analysis by running and observing the files in a controlled environment (sandbox) to determine if it’s malware, malicious files, or not. It also generates human-readable reports that include behavioral indicators for the submitted file.

The intelligence feeds from Cisco Talos and other existing security technologies are combined with behavioral analysis in order to protect against attacks, both known and unknown. If Cisco Secure Malware Analytics identifies a file as malware, it will discover what the malware is doing or attempting to do, how significant the threat is, and how to defend against it.

However, some malware has codes that allow the malware to detect if it is executed in a sandbox environment. If so, the malware will not run, and the analysis will be pointless. Cisco Threat Grid can evade getting detected by the malware, though.


Cisco Secure Malware Analytics Benefits

Implementing Cisco Secure Malware Analytics or Threat Grid as a part of your network security gives the following benefits:

Faster and Better Decisions

Cisco Secure Malware Analytics analyzes files and suspicious behaviors rapidly, and it produces context-rich information which can be easily utilized directly or through threat intelligence feeds. Therefore, it provides insights regarding what the file is doing and swiftly responds to the threats.


Deep Malware Analysis

Cisco Secure Malware Analytics examines the file behavior against billions of malware artifacts and millions of samples. This highly contributes to the accurate identification of threats. You are also capable to view the malware, globally and historically, on what it’s doing and how large a threat it is.


Prioritize Threats

Cisco Threat Grid also identifies the key behavioral indicators of malware. Based on the analysis and algorithms that review the file data, the attacks can be prioritized based on their threat score or potential impact. It greatly improves efficiency, accuracy, and it also saves time.


Speed Up Incident Investigations

Suspicious and unknown files can be uploaded into a sandbox environment, such as Glovebox, to safely interact and observe possible malware behaviors directly without infecting the network. Cisco Secure Malware Analytics also has search capabilities, correlations, static analysis, and dynamic analysis, which helps in understanding and responding to threats faster.


Edge-to-Endpoint Integration

Threat Grid’s API automates and incorporates existing security technologies and processes, such as gateways, proxies, and SIEM platforms. This simplifies and speeds up malware threat detection and response.


Cisco Secure Malware Analytics Deployment

Cisco Secure Malware Analytics offers flexible deployment options. This increases the number of malware samples submitted and analyzed. Threat Grid is available as an on-premise appliance, as a cloud-based subscription, and it can also be integrated into existing third-party and Cisco security solutions.


The Cisco Secure Malware Analytics on-premise appliance provides highly secure malware analysis, comprehensive threat analytics, compliance, and advanced sandboxing while keeping the information on site. This enables quick recovery and proactively defending against attacks.



Cisco Secure Malware Analytics or Threat Grid Cloud subscription gives you access to the APIs and Glovebox. You can also access premium subscriptions to various specialized threat intelligence feeds.



Integrated Cisco Secure Malware Analytics is accessible via a Threat Grid portal.  It has been integrated across numerous third-party security technologies and the Cisco Secure portfolio, which includes the following:

  • Cisco Secure Firewall Malware Defense
  • Cisco Secure Firewall Threat Defense Intrusion Prevention System (IPS)
  • Cisco Umbrella
  • Meraki MX
  • Secure Endpoint
  • Secure Firewall ASA & Threat Defense Manager
  • Secure Endpoint Private Cloud
  • Web and Email

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: