Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
221
Views
0
Helpful
2
Replies

Cisco AMP for Endpoints versus Cisco Malware Analytics

Mitrixsen
Level 1
Level 1

‎07-17-2025 01:12 AM - edited ‎07-17-2025 01:13 AM

Hello, everyone.

I am studying security for my ENCOR exam and I have a question regarding the Cisco AMP4E (or secure endpoint) and Cisco Malware Analytics (or Threat Grid) appliances. My book defines Malware Analytics as following:

"Cisco Secure Malware Analytics, formerly Threat Grid, is a solution that can perform
static file analysis (for example, checking filenames, MD5 checksums, file types, and so on)
as well as dynamic file analysis (also known as behavioral analysis) by running the files in a
controlled and monitored sandbox environment to observe and analyze the behavior against
millions of samples and billions of malware artifacts to determine whether it is malware or
not. Behavioral analysis is combined with threat intelligence feeds from Talos as well as with
existing security technologies to protect against known and unknown attacks.

I am wondering, how is Malware Analytics different from AMP? From what I understand about AMP, it's a service that runs in the cloud (or in network devices) that collects information from endpoints that also run the AMP software. For example, if a file is downloaded, it's sent to the AMP cloud where it's checked for its reputation, malware, and so on. If it's not sure, it can also run the file in a sandbox to determine it's behaviour. In the case of AMP for endpoints, the goal is to keep the endpoint safe from any malicious files.

Maybe I am just confusing these two, so could someone please provide me with some clear distinction, or possibly explain what I got wrong about these two?

Thank you.
David

 

0 Helpful
2 Replies 2

M02@rt37
VIP
VIP

‎07-17-2025 01:48 AM

Hello @Mitrixsen 

Cisco Secure Endpoint is an endpoint protection solution that monitor files and activity on devices in real time, using cloud based threat inteligence from Talos to detect/block threats. When it encounters a suspicious file it can’t fully assess, so it forwards it to Cisco Secure malware naalytic (formerly Threat Grid), which is a separate sandboxing platform that perform deep analysis but in a controled environment.

--

https://www.cisco.com/c/en/us/products/collateral/security/fireamp-endpoints/datasheet-c78-733181.html

https://www.cisco.com/site/us/en/products/security/security-analytics/malware-analytics/index.html

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Roman Valenta
Cisco Employee
Cisco Employee

‎07-17-2025 05:59 AM - edited ‎07-17-2025 06:01 AM

Another thing to remember is tricky question when it comes to these two solutions. In integrations such as ESA and WSA these two will be referenced as:

File Reputation Server --- > Secure Endpoint either Cloud or Private Appliance (virtual or physical)

File Analysis Server --- > Secure Malware Analytic aka Threat Grid aka SandBox to detonate malicious files again either Cloud or Private (physical only)

0 Helpful
Customers Also Viewed These Support Documents