Cisco announced this morning that they are adding ThreatGrid to their portfolio. ThreatGrid uses instrumented sandboxes to conduct its research of advanced malware.
They address the issue created when advanced malware started to modify its behavior when it detected it was in a virtual environment, a common defense against sandboxing. Relying on emulation and a few other tricks ThreatGrid detonates the malware and collects key indicators of compromise such as IP addresses of C&C machines.
ThreatGrid’s model is to sell subscriptions to their feeds to mostly other vendors. Check Point Software, which is holding its annual user conference in Barcelona while Cisco is hosting theirs in San Francisco, announced a service whereby customers can subscribe to multiple threat feeds including that of ThreatGrid.
With the acquisition of ThreatGrid Cisco has filled an important gap in their network security offerings. Like Palo Alto Networks, Fortinet, and FireEye, they will now be able to offer a sandbox solution to compliment the rest of their offerings.
ThreatGrid is led by Dov Yoran, co-founder and CEO, one of three brothers who are serial security entrepreneurs. Dov, Amit, and Elad were all part of Riptech, an MSSP that sold to Symantec in 2002 for $145 million. Amit went on to a short stint as National Cybersecurity Director before taking Netwitness to a successful sale to RSA, the security division of EMC. Elad Yoran was a founder of Sentrigo, a database security company sold to McAfee in 2011. He is currently Chairman and CEO of Vaultive, a cloud encryption company.
ThreatGrid has 23 employees.
While confirmation was not immediately available that ThreatGrid complies with Microsoft’s Client License Agreement for embedded systems Cisco told securitycurrent that that issue was part of the due diligence.
If Cisco executes on integration as well as they have been with SourceFire’s products and team this could be a dramatic challenge to FireEye. Cisco has a market leading install base of firewalls and IDS. Selling a sandbox solution into that install base could give them a rapid and dominant position.