Tripwire Enterprise and Cisco AMP Threat Grid

Advanced Protection to Combat Malware and Advanced Threats

Overview

There is mounting concern at the senior executive and board level regarding cybersecurity, driven by highly visible advanced targeted attacks. These attacks threaten precious IP, valuable customer information, company valuation and trade secrets. To truly protect valuable resources, organizations have to accept the nature of modern networked environments and devices, and start defending them by understanding how attackers think and what is required to keep ahead of attackers’ abilities in order to secure the infrastructure. Tripwire® Enterprise provides real time endpoint and server monitoring and detection. Cisco AMP Threat Grid offers dynamic malware analysis, which correlates the results of hundreds of millions of analyzed malware samples and related artifacts to provide a global view of malware attacks. The integration provides a comprehensive end-to-end solution with unprecedented protection from both known and unknown threats.

Image
Fig. 1 AMP Threat Grid and Tripwire Enterprise together provide enhanced  protection from advanced threats.

How the Joint Solution Works

Tripwire Enterprise continuously captures, monitors and records system and file change data on a broad range of enterprise servers and endpoint platforms. When Tripwire Enterprise discovers a suspicious, unknown threat, it sends the file to Threat Grid for further analysis.

AMP Threat Grid’s content-driven security analytics dynamically and statically analyzes all submitted files, examines the behavior of the samples, and correlates the results with hundreds of millions of other analyzed malware artifacts. Within minutes, Threat Grid reports back and Tripwire Enterprise tags the file with the result. This enables Tripwire Enterprise customers to prioritize actions for changes on systems with threats identified by Threat Grid and initiate workflow actions for quick remediation.

Cisco automatically and continuously updates its threat intelligence database, creating protections for all newly-discovered threats and sharing them with Threat Grid subscribers worldwide in minutes. Malicious binaries detected by Tripwire Enterprise are tagged as malicious, enabling prioritization of actions for changes on endpoint systems as well as blocking these binaries within minutes at the network level, preventing further infection.

Together, Cisco and Tripwire reduce the time to accurately detect and protect against advanced threats from endpoint systems to the network edge.