Cisco Threat Response

Cisco Threat Response

Cisco Threat Response helps us detect, investigate and take corrective action against cyber threats, at no additional cost.

What is CISCO Threat Response?

Cloud dashboard that collects and accumulates threat intelligence from various sources in a single application.

From a single panel, it allows quick access to all security solutions, which facilitates and speeds up the detection, investigation and correction of threats.

CISCO Threat Response is free with the licenses of the following Cisco security products:

In the case of customers using Cisco next-generation firewalls, intrusion prevention systems (IPS), AMP for Endpoints, Cisco Umbrella, Email Security or Threat Grid, Cisco Threat Response helps them detect, investigate and take action corrective against cyber threats, at no additional cost.

What does CISCO Threat Response contribute to my company?

  • Know which systems have been affected by the malicious file. Thanks to the integration with AMP for terminals in the Threat Response console, it will be shown that computers have been affected and will be able to stop the threats immediately.
Tracking / Investigation of the domains accessed. Visibility that teams / users have accessed or possibly been compromised


  • Identify which devices connected to the malicious domain. This is achieved by integrating with Umbrella, in the Threat Response panel you can identify them and block those domains



  • Identify who sends malicious attachments. Integrated with Email Security, in Threat Response you will discover who sent it and much more information.


  • Know if someone else has received the file and has detected that it is a malicious file. Integrate Threat Grid into Threat Response and you will get detailed information about malware, associated paths and much more.


  • Be updated on what alerts should really be investigated, thanks to its integration with NGFW / NGIPS Firepower.
Suspicious domains Identify the compromised host


In the investigative part of Threat Response, you can search using the imprint of the malicious file. Searches for HASH MD5 & SHA-256, …




Also, Threat Response is compatible with third-party products, thanks to its APIs, Cisco Threat Response can be combined with the products and security information of other providers.

How does Cisco Threat Response work?

It is not necessary to be an expert to use Cisco Threat Response. The interface is simple, intuitive and interactive. By simply cutting and pasting a threat, users can ask the tool to investigate it. From the first click, Cisco Threat Response presents details about suspicious activities, files and behaviors. Then, by clicking again, users can see the root cause and even correct it easily and quickly.

Easy-to-read and configurable graphics allow mapping the objectives communicated with the malicious domain under investigation.

The information and results obtained from each threat are collected and added to the Cisco Threat Response portal. There is a common view, which becomes even more valuable thanks to the knowledge provided by other compatible Cisco products. These products are automatically powered by Talos, which offers comprehensive intelligence solutions against threats with continuous updating for Cisco devices. The Cisco Threat Response portal shows local observations of the threat being investigated on your network, along with detailed information that will help you decide, in a timely and secure manner, what are the best corrective actions.

Do you want to try CISCO security products for free ... Umbrella, AMP, email secutity, DUO ...?

Do not hesitate, ask us!

What are the advantages of Cisco Threat Response?

  • Integrated Threat Intelligence

Cisco Threat Response integrates threat intelligence from Cisco Talos and other vendors to automatically search for risk indicators (IOCs) and detect threats quickly.

  • Automatic feeding

Cisco Threat Response automatically feeds on information from Cisco security products so you know at all times which of your systems are being attacked and how.

  • Intuitive and interactive view

Cisco Threat Response shows the results through intuitive and customizable graphics that will allow you to be aware of everything that happens.

  • Incident Tracking

Cisco Threat Response allows you to collect and save key analysis information and manage and document your progress and discoveries.

  • Unprecedented referral

With Cisco Threat Response you can derive investigations to other Cisco security products easily. Want to know where the malicious file has gone? With a single click you can access Cisco AMP for terminals, where all the information you need to know the development of the threat will appear

  • Direct solution

Cisco Threat Response allows you to take the necessary steps to respond to the threat, directly from the user interface. You can block suspicious files and domains, and much more, without using another product.

Related news:

CISCO security in the cloud. News CISCO UMBRELLA


With CISCO security products, you can achieve effective network security

Share this post