What is our primary use case?
Our primary use case is to use it to identify unknown files. It checks to see if it's a malicious file or a clean file because this is a sandboxing solution which is why it's used on-prem. They don't want to share their own files to the cloud so they use it on their own prem-solutions. It checks even static or dynamic checking to see if it's clean or it's malicious then it makes a verdict.
What is most valuable?
The most valuable feature is the integration with firewalls. It's integrated with AMP so the ecosystem with equal solutions from Threat Grid is good with Cisco products.
What needs improvement?
The feedback I get from customers is that it's limited with the extension of files. It doesn't check every extension. Also, customers have some confusion about accessing the systems because sometimes it requires a different portal to access. It's good to have a different portal but sometimes they don't have access to this portal. So if you get the devices, get a subscription, you will need to deal with another portal instead of the traditional Cisco portal. They come in and have multiple management solutions but it doesn't scan or doesn't have the ability to look at every file extension.
For how long have I used the solution?
I have been using Cisco Threat Grid for three to four years.
What do I think about the scalability of the solution?
Our customers are primarily enterprise-size.
How are customer service and technical support?
I haven't contacted Technical Access Support because that would require another service phone number. Cisco's other support services are very supportive. They give me free licenses and free access to the cloud. They are very supportive for Threat Grid, Umbrella, and AMP.
How was the initial setup?
Sometimes I go to the cloud. I have set up labs and I don't feel that it is complex for me. So I have some hands-on experience because I work with operations. It is not so difficult to comprehend its initial configuration. It's straightforward.
The deployment only requires one single engineer. If it's for Firepower, we have a dedicated team to secure Cisco security. Some of them deal with Firepower and Threat Grid.
If the deployment is on-prem and we don't have a lot of integration with other systems, it might take five business days to set up.
What's my experience with pricing, setup cost, and licensing?
They have different pricing packages. If you upload around 525 AMP per day, this is a certain cost. If you upload 100 soundbites per day, this is another package cost. If you upload 1000 soundbites per day this is a third package cost. They're basic costs and then they also have advanced rates.
You have a subscription that is a package and then you have the ability to go over to the cloud. If you go in-prem, then you have another cost for the appliances and software.
What other advice do I have?
We have a lot of Cisco security products. There are other competitors who do it better. They have a better market share and you can see they have better visibility on the fleet. They started before Cisco did. Products like Firepower and Palo Alto have their own solution. Palo Alto actually started this concept actually. They have their own solutions. IBM has its own solutions. But if you heavily use Cisco security products then it is better to go with Cisco Threat Grid.
The biggest lesson that I learned from this solution is that hackers are very smart because even you use Threat Grid, hackers can bypass these techniques. They have countermeasure techniques to avoid Threat Grid and sandboxing solutions.
I would rate it a seven out of ten.