Secure Malware Analytics Integration

Cisco Secure Malware Analytics (formerly Cisco Threat Grid) combines advanced sandboxing with threat intelligence into a powerful solution to protect organizations from malware. Secure Malware Analytics is an advanced and automated malware analysis and malware threat intelligence platform in which suspicious files or web destinations can be detonated without impacting the user environment.

Cisco Secure Malware Analytics leverages both static and dynamic analysis to thoroughly examine sample files that users submit either directly through the cloud portal or automated through the Secure Malware Analytics API. In static analysis, the system inspects submission attributes, while dynamic analysis involves executing the file or browsing the URL to observe its behavior. By aggregating data from a vast repository of malware samples and associated domains, Secure Malware Analytics enriches context around threat artifacts, enabling a comprehensive understanding of the scope and impact of a threat.

When integrated with Cisco XDR, Secure Malware Analytics provides contextual responses about investigated observables, such as whether an investigated file hash or URL has been analyzed by Secure Malware Analytics and, if so, what associated artifacts were discovered in that analysis including C&C, payload, and behavior information. Additionally, it provides information on whether the investigated domain or URL has been contacted by any analyzed malware and, if so which malware and which observed behaviors were related to the connection. These responses will include information from your own private submissions as well as any of the millions of submissions per year that are public information.

The Secure Malware Analytics integration also serves as a reference module that provides licensed Secure Malware Analytics portal users with the ability to pivot into the Secure Malware Analytics Cloud portal to gather additional intelligence about file hashes, IPs, domains, and URLs. Through this pivot, users can access a detailed sample analysis that includes threat scores, metadata, behavioral indicators, domain connections, and more.

The integration supports automation workflows that can automatically trigger certain actions within Secure Malware Analytics, such as submitting URLs for analysis. This capability allows security teams to automate parts of their incident response process. This enables timely threat detection and response, reducing manual effort.

Additionally, the integration allows for the creation of dashboard cards for quick insight into current Secure Malware Analytics sample submission data.