Home > Security Appliances > Content Filtering and Threat Protection > Threat Grid Integration

Threat Grid Integration

Threat Grid Overview

Threat Grid is an optional component of the Advance Malware Protection (AMP) solution. It provides context-rich malware analysis including both static and dynamic analysis (sandboxing). Threat Grid integrates real-time behavioral analysis and up-to-the-minute threat intelligence feeds with existing security technologies, to provide protection from both known and unknown attacks.

 

Threat Grid analyzes suspicious files against more than 450 behavioral indicators and a malware knowledge base sourced from around the world to provide industry leading accuracy and context-rich threat analytics.

 

Leveraging Threat Grid as a part of a comprehensive network security strategy provides:

  • Deeper insights for stronger defense with dynamic malware analysis
  • Accurate identification of attacks in near real time with context-focused security analytics
  • Proactive protection for businesses using threat intelligence from premium threat feeds
  • Defense against threats from anywhere with the scale and power of a cloud service that analyzes hundreds of thousands of threats every day

Threat Grid and MX Integration

The AMP integration on MX checks file signatures against a centralize cloud of threat intelligence to receive a file's disposition. If the disposition is malicious the file is blocked. Files with clean and unknown dispositions are allowed to pass through to the client. When Threat Grid integration is configured the MX will send executable files (PE32, dll, pdf and office files) with an unknown disposition to Threat Grid for analysis.

 

 Once analysis is completed, a detailed report containing the threat score and behavioral indicators will be available in the Meraki Security Center.

 

The number of daily file submissions that can be made to Threat Grid is limited by organizational licenses. Threat Grid is only available Advanced Security license edition.

Configuration

Prerequisites

  1. Ensure that you have a valid Advanced Security license for your MX appliances.
  2. Ensure that you have a valid Threat Grid license for Meraki MX or a Threat Grid Premium license. 

Linking Threat Grid and Dashboard

Navigate to the Organization > Configure > Settings menu.

 

Under the ThreatGrid heading, select the Integration type from the drop-down and select Cloud or On-Premise Appliance.

 

Next, click the "here" link to access the Threat Grid portal. When prompted, click authorize application to provide MX devices within your organization with permission to access your Threat Grid account.

 

You must be the Threat Grid organizational admin in order to allow Meraki MX to access your Threat Grid account.

 

When Threat Grid and the Meraki Dashboard are successfully linked, you will be able to see the daily file submission limit for your organization and how many are currently available.

Enable Threat Grid Submissions

Navigate to the Security Appliance > Configure > Threat Protection page.

 

Under the ThreatGrid heading, set the mode to enabled. If desired the rate limit can also be configured. This will limit the number of file submissions that the network can submit to Threat Grid for analysis to the value specified. The rate limit cannot exceed the maximum allowed daily submissions.

Reporting

To view the results of Threat Grid analysis, navigate to the Security Appliance > Monitor > Security Center page. Within the Security Center, click the events view.

 

File that have been submitted to Threat Grid will have the threat score and behavioral indicators available in the event view.

 

Clicking the file name link will pull up an info-card that will provide additional information about the file. This will include more specific information about any of the behavioral indicators identified in the Threat Gird analysis.

You must to post a comment.
Last modified
16:03, 12 Sep 2017

Tags

Classifications

This page has no classifications.

Article ID

ID: 5541

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community