Cisco Threat Grid & Umbrella

Cisco Threat Grid & Umbrella

29 novembar 2017

Cisco Threat Grid & Umbrella


Convert threat analysis & intelligence into global threat prevention.


Take faster action on newly discovered malicious domains by leveraging a turn-key integration between Cisco and Umbrella. Through security automation, dwell time is reduced from hours or days to only minutes.

And by gaining Internet-wide visibility in real-time, you will discover more compromised systems.

Reduce Attack Dwell Time by Eliminating Manual Configuration


Every minute, Cisco AMP Threat Grid discovers new malicious domains from every file you and others submit. These domains are the destination of command & control (C2) callbacks from compromised systems.

And C2 callbacks are used to exfiltrate data to the attacker’s botnet infrastructure. So we can protect against breaches by simply taking action on this threat intelligence. But we let it lie dormant in Threat Grid because manually configuring appliance- and agent-based threat defenses is slow and impossible to keep up with. By leveraging our integration, malicious domains that have a very high Threat Grid confidence score and pass Umbrella’s false positive filters will be automatically added to our DNS-based service—Umbrella.

Hours of data entry are gone!


Prioritize Investigations by Correlating Malware with Systems

In real-time, Umbrella will identify compromised systems based on any Internet activity destined to malicious Threat Grid domains. Response teams will know which malicious domains and files to further investigate based on “critical” (CEO’s laptop) vs. “minor” (public kiosk) systems compromised by “severe” (>90 score, APT) vs. “minor” ( malware.)


Any Device. Any Port or Protocol. On or Off the Network.

DNS is used by every device on your network, so Umbrella protects any device. DNS precedes Web or non-Web C2 callbacks, so Umbrella logs or blocks Internet activity, including data exfiltration, over any port or protocol. And using lightweight and transparent clients to forward DNS, Umbrella protects compromised Windows or Mac-based systems on or off the corporate network.