Avatar

In March 2015, Cisco created the AMP Threat Grid for Law Enforcement Program, empowering state and local law enforcement agencies with its dynamic malware analysis and threat intelligence platform. Cisco has renewed the program and made it a permanent part of Cisco Gives. Law Enforcement investigators can register for the program on the new Cisco Threat Grid Law Enforcement Program page.

The no-cost AMP Threat Grid for Law Enforcement program is for state and local agencies with less than 1,000 sworn officers. Once empowered with AMP Threat Grid, within seconds of a threat intelligence query or within a few minutes of a submitting a suspicious file or URL for analysis, an investigator has the ability to view and download an easy-to-read and comprehensive report detailing the actual behavior of the submitted file, including changes to the file system, registry, command-and-control communication, downloads, code injection and other malicious activity. In addition, AMP Threat Grid will correlate the file with the millions of samples and billions of artifacts in the threat intelligence database, providing instant global and historical context. The program also includes seamless integration with EnCase Forensic, to reduce investigators’ time and effort to identify and analyze suspected malware.

Threat Grid continues to be used to support law enforcement investigations around the globe. “As a local detective assigned to a USSS Financial Crimes Task Force, I respond to many low to mid-sized point of sale (POS) breaches. We have limited resources and budget, and Threat Grid is invaluable in analyzing suspicious processes to determine the behavior and threat. We appreciate Cisco’s AMP Threat Grid Law Enforcement Program, providing us this leading edge malware analysis and threat intelligence platform to aid in my investigations,” commented Det. Michael Chaves, Monroe CT Police Department, USSS CT Financial Crimes Task Force.

We have limited resources and budget, and Threat Grid is invaluable in analyzing suspicious processes to determine the behavior and threat.

The AMP Threat Grid for Law Enforcement program includes:

  • Two portal user accounts per agency
  • Up to five samples (a suspicious file or computer program) or URLs submitted per day, per user, for analysis, through the portal or via the API integration with EnCase Forensic
  • Unlimited sample queries through the portal or via the API integration with EnCase Forensic, including file hash values, IP addresses, domains, registry keys and file paths
  • The AMP Threat Grid Malware Analysis and Intelligence for EnCase EnScript and installation guide, training manual and video, and EnCase case template
  • Discount program for Federal and large State and Local law enforcement agencies; and for those agencies who need more Threat Grid user accounts, or a higher volume of daily samples submitted for analysis, than those provided in the no-cost program

Cisco will host a hands-on lab for threat intelligence and dynamic malware analysis at the Enfuse Conference, to be held at Caesars Palace in Las Vegas, May 23-26, 2016. The Enfuse session is entitled “Threat Intelligence for Law Enforcement”.

Again, Law Enforcement investigators can register for the program on the Threat Grid Law Enforcement Program page. The AMP Threat Grid Malware Analysis and Intelligence for EnCase EnScript is available for download at no cost to Guidance Software’s customers from the EnCase App Central store; which includes a 30-day pilot of the full solution for non-law enforcement incident responders, with malware sample submissions and contextual searches of the Threat Grid threat intelligence repository.