Cisco has announced plans to acquire ThreatGrid, a New York City-based malware sandbox technology specialist.
The acquisition fills a gap in Cisco's security products and services. Although it has a broad set of advanced malware detection and protection products, thanks in part to its 2013 acquisition of SourceFire, Cisco has lacked malware sandboxing. Meanwhile, advanced threat vendors like FireEye, and firewall rivals like Palo Alto Networks have released sandbox products and services.
A malware sandbox provides a simulated environment where suspicious files and executables can run. Vendors analyze the behavior of these files in the sandbox to identify and classify potential malware, and to observe what IP addresses and command and control systems they try to contact.
"[ThreatGrid] does give Cisco something to compete against Palo Alto and FireEye," said Rick Holland, principal analyst for security and risk management at Cambridge, Massachusetts-based Forrester Research Inc. "If organizations are looking for a cloud-based sandbox, then [Palo Alto's sandbox service] WildFire and ThreatGrid should be at the top of the list."
ThreatGrid offers both on-premises appliances and cloud-based services. It also allows third-party vendors to resell its threat intelligence data. In fact, Check Point Software Technologies -- one of Cisco's firewall rivals -- announced this week it would launch a threat intelligence marketplace where customers can choose to subscribe to seven third-party intelligence feeds, including ThreatGrid.
Although malware sandboxing and other malware analysis technologies are important, they aren't a silver bullet, Holland cautioned. "Adversaries test their malware against these solutions," he said.
"There is no individual breach detection solution," Holland said. "Organizations need a combination of malware analysis, endpoint analysis and control, network analysis and visibility and security analytics to identify and respond to targeted attacks. The collection of these technologies, operated by skilled and knowledgeable staff, is the true breach detection platform."
Cisco did not disclose the terms of the ThreatGrid acquisition. It expects to close the deal in the fourth quarter.