Cisco To Acquire ThreatGRID For Malware Analysis, Threat Intelligence


Cisco Wednesday revealed plans to acquire ThreatGRID, a provider of malware analysis and sandboxing technology, in a move it said will strengthen the FireAMP malware detection platform it gained through its Sourcefire buy last year.

Financial terms of the deal, announced at the 2014 Cisco Live event this week in San Francisco, were not disclosed.

New York-based ThreatGRID, which has some 25 employees, makes both on-premises and cloud-based malware protection, and threat intelligence software. The company uses its malware sandboxing technology to analyze suspicious files and sells threat intelligence information to a variety of security vendors. Cisco specifically pointed out it was filling a gap in its security strategy with the acquisition and integration into its Sourcefire FireAMP portfolio.

[Related: Advanced Threat Scare Tactics Don't Sell, Say Solution Providers]

Reached by CRN for comment, ThreatGRID co-founder and CEO Dov Yoran said Cisco saw the ability of bridging its various security capabilities from its IronPort appliances to its Sourcefire network IPS and endpoint security capabilities through the acquisition. ThreatGRID had close ties to Sourcefire prior to the acquisition, he said.

"It's an exciting time to look at the telemetry of attacks from the endpoint to the network and to other security devices within the Cisco framework," Yoran told CRN. "There is interesting visibility in all of those points to produce tangible, actionable threat intelligence from it and that is why we felt the deal made so much sense."

ThreatGRID engineers also plan to work closely with Cognitive Security, a 28-person company based in Prague, Czech Republic, that was acquired by Cisco last year for its advanced behavioral analysis of real-time threat data, Yoran said.

"[ThreatGRID] does dynamic malware detection and analysis, which means they are continuously looking at troves of data to identify threats, malware and zero-day [attacks] as well," Derek Idemoto, vice president of corporate development at Cisco and part of Cisco's M&A team, told CRN Wednesday. "It falls into the area of malware sandboxing, which is something we are enhancing."

Idemoto said ThreatGRID's technology will be integrated into Cisco's FireAMP advanced malware detection platform, which it gained through its $2.7 billion acquisition of Sourcefire last year.

Industry analysts said the Sourcefire acquisition makes Cisco a stronger player against Check Point Software Technologies, FireEye and Palo Alto Networks, which have sandbox file analysis capabilities that are gaining a lot of attention from large businesses. ThreatGRID, according to Cisco, builds on Sourcefire by adding stronger malware analysis capabilities to identify malware communication and other information that creates protection from advanced threats.  

"The malware that [ThreatGRID] detects -- and some of the files that they are looking at -- can then be put into the ThreatGRID sandbox, which is a technology that allows you to look and isolate that file, and analyze it where it's out of harm's way," Idemoto said.

Security has become the chief concern of businesses that have followed high-profile data breaches, reports about targeted attack campaigns and data privacy concerns, said William Payne, president and CEO of East Point, Ga.-based ICP Systems, a Cisco partner in the federal market. Payne said customers are increasingly concerned about protecting endpoints, which are typically the first step of attackers to gain entry into a network.

"There is increased spending on being preventative rather than being reactive, and, ultimately, that's a way to reduce costs," Payne said. "Cutting off the attack before data is breached helps to eliminate the risk of a costly cleanup." 

According to Idemoto, ThreatGRID's 25 employees, the bulk of which he said are engineers, will be rolled into Cisco's FireAMP team when the acquisition closes in the fourth quarter.

Moving forward, Idemoto said security will continue to be a key focus of Cisco's broader M&A strategy. In addition to its acquisition of Sourcefire last year, Cisco in 2013 also scooped up Cognitive Security, a small threat analytics company based in Prague, Czechoslovakia.

"Organically, we will make a lot of investments [in security] and, inorganically, I think you have seen us be very aggressive on the security side," Idemoto said. "[ThreatGRID] is our third security acquisition in the past 16 months -- the others being Cognitive and Sourcefire in 2013 -- and I think that's what we need to do to continue to innovate."

~ CRN Senior Editor Robert Westervelt Contributed To This Report. 

PUBLISHED MAY 21, 2014