Glad you asked. Threat Grid for Meraki MX has been around a while, but it’s worth explaining. Meraki Threat Grid is a huge, unified threat intelligence and malware analysis platform. Integrates with Cisco’s Advanced Malware Protection solution (AMP). Basically, it runs automated analysis and produces human-readable reports with behavioral indicators for each file submitted. It is an industry-leading anti-malware technology from Sourcefire®, integrated into MX Security Appliances.
What is AMP?
Cisco Advanced Malware Protection is the industry’s leading malware protection solution. To start with, it has a database of over 500 million known files. And there’s over 1.5 million new incoming file samples every day. AMP provides global threat protection AND extensive visibility during and after a malware attack. In short, AMP prevents, detects, and helps remove threats from computer systems efficiently.
Using AMP, Meraki Threat Grid analyzes suspicious files against more than 950 behavioral indicators, and a malware knowledge base sourced from around the world. It provides industry-leading accuracy and context-rich threat analytics. This is quite a powerful resource that is available to Meraki users, and a big benefit of Meraki’s being under the Cisco umbrella.
How does it work?
The AMP integration enables Meraki users to leverage AMP’s File Reputation and File Retrospection services. The AMP Cloud responds to queries from MX devices on files that are downloaded and returns a file disposition of Clean, Malicious, or Unknown. Malicious files are blocked while Clean and Unknown files pass through the MX to the end user. When Threat Grid integration is on, the MX will upload qualified, Unknown files to Threat Grid for additional static and dynamic analysis. Once the analysis is complete, a detailed report containing the threat score and behavioral indicators that matched the behaviors observed during analysis will be available in the Meraki Security Center.
Whenever a file comes through a Meraki MX with AMP on, that file’s signature will be looked up against AMP’s extensive cloud database. However, the file’s evaluation may return as “unknown”. AMP is capable of retrospectively alerting administrators if such a file is later determined to be malicious. This provides you the necessary insight to take action to quarantine a threat.
So you now have the powerful option to send unknown files directly to the Threat Grid cloud for immediate analysis. In the case of malicious files, Threat Grid will immediately alert all network administrators. Then, armed with a new signature, AMP will block any new attempts of the threat being downloaded.
But wait…
What’s more, if the file is malicious, Threat Grid’s analysis results will also be distributed via the global AMP cloud. That means that subscribers around the world receive the new threat signatures. Obviously, this is an important, powerful tool to have in any organization’s arsenal. It’s instrumental in contributing to the prevention of zero-day exploits around the world.
New AMP features
AMP provides context-aware monitoring and reporting and Threat Grid sandboxing to provide an anti-malware solution that does more than just prevent users from downloading malware. It provides comprehensive security before, during, and after a malware attack.
Best of all, integration into the Cisco Meraki cloud dashboard means it’s incredibly easy for Meraki MX customers to configure and monitor AMP.
You can expect enhanced Threat Defense, great Contextual Visibility, Fast Detection, and of course, incredible ease of management. However, It is important to note that AMP is available only with Advanced Security Edition licensing and SD-WAN Licensing.
How do I get it?
We have a team of experienced, certified Meraki specialists who are ready to make the process of integrating Meraki Threat Grid with your MX firewall a snap. So reach out here, or call Corporate Armor at 877-449-0458. Thanks for reading!
Highlights of the Meraki Threat Grid
| Enhanced Threat Defense |
| Contextual Visibility |
| Rapid Detection |
| Enable best-in-class malware protection with just two clicks |