Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1162
Views
5
Helpful
3
Replies

Are Threatgrid submissons from FTD private?

Go to solution
mikemayou
Level 1
Level 1

‎01-20-2021 06:49 AM

When manually submitting files for analysis in Threat Grid you can opt to have them Private or Public. Are those submitted by the automatically from the FTD private or public or is this a setting one can choose?  The worry is that company sensitive information might be submitted. 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-20-2021 09:41 AM

ThreatGrid file submissions are indeed the entire file. As you noted, it's the nature of the sandbox to launch the file and analyze the behavior. If your submissions use the "public option" the file signatures are subsequently used to populate the AMP/ThreatGrid databases for other customers' file submissions to be compared against. In no case are your files shared with anyone outside your organization.

If that level of security isn't sufficient, ThreatGrid can be purchased as an on-premise appliance. In that sort of setup, the appliance itself does all of the sandboxing and returns the disposition to you alone. the file never leaves your premises - even to go to your tenant instance in Cisco's cloud (as it would with the traditional ThreatGrid SaaS model) because there is no cloud-based component.

View solution in original post

3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-20-2021 08:33 AM

it only submit the signatures - not the content.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
mikemayou
Level 1
Level 1
In response to balaji.bandi

‎01-20-2021 08:57 AM

I thought that Threat Grid was the sandbox. We use Cisco Email Security and have the ability to sandbox files with Threat Grid and receive a report/interact with urls etc. This is not signature based. Is it not the same?


0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-20-2021 09:41 AM

ThreatGrid file submissions are indeed the entire file. As you noted, it's the nature of the sandbox to launch the file and analyze the behavior. If your submissions use the "public option" the file signatures are subsequently used to populate the AMP/ThreatGrid databases for other customers' file submissions to be compared against. In no case are your files shared with anyone outside your organization.

If that level of security isn't sufficient, ThreatGrid can be purchased as an on-premise appliance. In that sort of setup, the appliance itself does all of the sandboxing and returns the disposition to you alone. the file never leaves your premises - even to go to your tenant instance in Cisco's cloud (as it would with the traditional ThreatGrid SaaS model) because there is no cloud-based component.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card