Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications
  3. Marketing

Cisco AMP Threat Grid Ordering Guide

Ordering Guide
Cisco AMP Threat Grid
Ordering Guide
February 2016
This ordering guide is intended for use by Cisco sales, partners, and distributors and is NOT intended for public use or wide
distribution. Send inquiries to: Email: tgsales@cisco.com
Phone: Toll Free (USA): +1-800-225-0905 International +1-408-902-4872 or 8-902-4872 (Cisco internal)
Live Chat (i.e. Click-to-Chat): http://tinyurl.com/ciscosac
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 17
Contents
Introduction .............................................................................................................................................................. 3
Audience ............................................................................................................................................................... 3
Scope .................................................................................................................................................................... 3
Overview of Solution ............................................................................................................................................... 3
Understanding the Product Offers ......................................................................................................................... 4
Understanding the Service Offers ........................................................................................................................ 12
Understanding the Ordering Process .................................................................................................................. 14
Appendix A: All Offerings ..................................................................................................................................... 15
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 2 of 17
Introduction
The ordering guide is designed to help Cisco sales, partners, and distributors order Cisco® AMP Threat Grid
solutions. This guide will help you:
●
Understand Cisco AMP Threat Grid products and service offers
●
Understand specific Cisco AMP Threat Grid offers and identify the right ones for your customers
●
Make sure that the right quantities and types of parts are selected to reduce the risk of order rejection
●
Provide information about the end-to-end quote-to-fulfillment process in the Cisco Commerce Workspace
and Cisco Service Contract Center for these offers
Audience
This guide is intended for Cisco sales, partners, and distributors qualified to sell Cisco security products and
services based on the Cisco Global Price List.
Scope
This ordering guide provides information about quoting, ordering, and pricing for Cisco security products and
services available based on the Cisco Global Price List.
Overview of Solution
On June 16, 2014, Cisco completed the acquisition of ThreatGRID, a company that offers malware analysis and
threat intelligence technology. ThreatGRID's private and public cloud-based technology combines dynamic
malware analysis with analytics and actionable indicators that security teams can use to proactively defend against
and quickly respond to advanced cyberattacks and malware outbreaks. ThreatGRID solutions complement the
Cisco® Advanced Malware Protection (AMP) portfolio, and the private cloud products expand Cisco's ability to
protect customers with stringent in-house data retention requirements.
The acquisition of ThreatGRID - now a part of Cisco’s Security Business Group (SBG)-reinforces Cisco's
commitment to providing customers with a highly secure, intelligent environment, a major company priority. The
combination of Cisco and ThreatGRID will enhance our already strong ability to aggregate and correlate data
across the extended network, identify advanced and evasive cyberthreats, and provide comprehensive security
solutions for our customers.
New Cisco Product Names
In July 2014, Cisco began rebranding ThreatGRID products and solutions as Cisco AMP Threat Grid. This name
will be used for all of the Cisco AMP Threat Grid products.
Please contact your Cisco security sales representative or partner directly if you have any further questions related
to naming and branding.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 3 of 17
Understanding the Product Offers
Cisco AMP Threat Grid delivers enhanced, in-depth, advanced malware analysis and context-rich intelligence to
help customers better understand and fight malware in their environments. It is available as a standalone solution
and as a component in other Cisco AMP solutions. Cisco AMP Threat Grid is available through both software-as-aservice (SaaS) in the cloud and on-premises delivery models (Figure 1).
Figure 1.
Deployment Models of Cisco AMP Threat Grid: Standalone
Figure 2.
Deployment Models of Cisco AMP Threat Grid with Existing AMP installation
Cisco AMP Threat Grid combines a big data approach with advanced, evasion-resistant techniques to analyze the
samples it receives. It correlates the results with hundreds of millions of other analyzed malware artifacts to provide
a global view of malware attacks, campaigns, and their distribution. Customers can quickly correlate a single
sample’s observed activity and characteristics against millions of other samples to fully understand the sample’s
behavior in a historical and global context and to thereby effectively defend against both targeted attacks and the
broader threats from advanced malware.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 4 of 17
Cisco AMP Threat Grid provides detailed reports that help customers identify key behavioral indicators along with a
threat score, allowing for quick prioritization and recovery from advanced attacks with accuracy and speed.
●
Indicators are the first step in applying context to the analysis. Cisco AMP Threat Grid delivers more than
450 indicators produced through static and dynamic analysis covering malware families, malicious
behaviors, and more. New indicators are added regularly. By providing detailed descriptions as well as
actionable information in the indicators, we ensure that customers have the data necessary to quickly
respond while gaining knowledge and insight into malware and the various techniques used.
●
The threat score provided by Cisco AMP Threat Grid gives customers indications of how malicious a
specific sample is. This score is derived from proprietary analysis and algorithms that consider the
confidence and severity of observed actions, historical data, frequency and clustering indicators, and
samples. Cisco AMP Threat Grid’s threat score helps customers better prioritize threats, which enhances
the efficiency and accuracy of malware analysts, incident responders, and security engineering teams.
Cisco AMP Threat Grid collective intelligence and results are also available for consumption through a well-defined
REST API. Customers may also use this API to submit samples and retrieve results. Additionally, the API allows
for other enhanced intelligence services such as batch and customized threat feeds.
Cisco AMP Threat Grid - Cloud Subscription Overview
Cisco AMP Threat Grid is a cloud service that analyzes more than six million samples a month. Malware samples
are harvested globally, with analysis of these samples generating terabytes of rich, actionable content every day.
This capability benefits customers by giving them tremendous scale for security operations and coverage from
global threats.
Additionally, customers of Cisco AMP Threat Grid may submit samples either directly through the cloud portal or
through an automated process using the Cisco AMP Threat Grid API.
The full Cisco AMP Threat Grid service provides customers with a full complement of capabilities, above and
beyond basic dynamic analysis capabilities that are available through Cisco AMP solutions (such as Cisco AMP for
Endpoints, AMP for Networks, and AMP for Content). Enhanced capabilities include deep analytics and results
such as process mapping and registry analysis, network connections, videos of malware execution in the
environment, the ability to interact with the running sample, and API access if applicable. Batch feeds of analyzed
intelligence data are also available along with the ability to create custom feeds from the broader set of Threat Grid
data.
All cloud service elements are termed content subscriptions, as shown in Table 1. Please note - One (1) user is
the equivalent of one (1) account; no sharing of accounts is permitted.
Table 1.
Cisco AMP Threat Grid - Cloud Subscriptions
Part Number
Description
L-TG-S1-LIC-K9=
Cisco AMP Threat Grid, 5 Accounts and 500 Daily Submissions
L-TG-1Y-S1-K9
Cisco AMP Threat Grid, 5 Accounts and 500 Daily Submissions, 1 Year
L-TG-3Y-S1-K9
Cisco AMP Threat Grid, 5 Accounts and 500 Daily Submissions, 3 Year
L-TG-5Y-S1-K9
Cisco AMP Threat Grid, 5 Accounts and 500 Daily Submissions, 5 Year
L-TG-S2-LIC-K9=
Cisco AMP Threat Grid, 10 Accounts and 1500 Daily Submissions
L-TG-1Y-S2-K9
Cisco AMP Threat Grid, 10 Accounts and 1500 Daily Submissions, 1 Year
L-TG-3Y-S2-K9
Cisco AMP Threat Grid, 10 Accounts and 1500 Daily Submissions, 3 Year
L-TG-5Y-S2-K9
Cisco AMP Threat Grid, 10 Accounts and 1500 Daily Submissions, 5 Year
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 5 of 17
Part Number
Description
L-TG-S3-LIC-K9=
Cisco AMP Threat Grid, 25 Accounts and 2500 Daily Submissions
L-TG-1Y-S3-K9
Cisco AMP Threat Grid, 25 Accounts and 2500 Daily Submissions, 1 Year
L-TG-3Y-S3-K9
Cisco AMP Threat Grid, 25 Accounts and 2500 Daily Submissions, 3 Year
L-TG-5Y-S3-K9
Cisco AMP Threat Grid, 25 Accounts and 2500 Daily Submissions, 5 Year
L-TG-S4-LIC-K9=
Cisco AMP Threat Grid, 100 Accounts and 10,000 Daily Submissions
L-TG-1Y-S4-K9
Cisco AMP Threat Grid, 100 Accounts and 10,000 Daily Submissions, 1 Year
L-TG-3Y-S4-K9
Cisco AMP Threat Grid, 100 Accounts and 10,000 Daily Submissions, 3 Year
L-TG-5Y-S4-K9
Cisco AMP Threat Grid, 100 Accounts and 10,000 Daily Submissions, 5 Year
New or existing AMP customers (excluding Threat Grid standalone customers) using Cisco AMP’s cloud-based
dynamic analysis may upgrade their service to include full Threat Grid-enhanced intelligence and capabilities at a
reduced subscription price relative to the full AMP Threat Grid service consumed as a standalone solution
(Table 2). (Submission volumes will be dictated by the AMP solutions submitting to Threat Grid.)
Table 2.
Cisco AMP Threat Grid - Cloud Service Subscriptions: AMP Customer Upgrades
Part Number
Description
L-TG-UPG-LIC-K9=
Cisco AMP Threat Grid Upgrade for AMP Cloud Subscribers
L-TG-UPG-1Y-K9
Cisco AMP Threat Grid Upgrade for AMP Cloud Subscribers, 1 Year
L-TG-UPG-3Y-K9
Cisco AMP Threat Grid Upgrade for AMP Cloud Subscribers, 3 Year
L-TG-UPG-5Y-K9
Cisco AMP Threat Grid Upgrade for AMP Cloud Subscribers, 5 Year
L-TG-SEUPG-LIC-K9=
Cisco AMP Threat Grid Upgrade for AMP Security Operations Center (SOC) and Large Enterprise Subscribers
L-TG-SEUPG-1Y-K9
Cisco AMP Threat Grid Upgrade for AMP Security Operations Center (SOC) and Large Enterprise Subscribers, 1 Year
L-TG-SEUPG-3Y-K9
Cisco AMP Threat Grid Upgrade for AMP Security Operations Center (SOC) and Large Enterprise Subscribers, 3 Year
L-TG-SEUPG-5Y-K9
Cisco AMP Threat Grid Upgrade for AMP Security Operations Center (SOC) and Large Enterprise Subscribers, 5 Year
Private Tagging in the Cisco AMP Threat Grid - Cloud Subscriptions
Cisco AMP Threat Grid service offers a feature called private tagging, which allows customers to mark files
submitted to the AMP Threat Grid service as “private” to the organization. This provides a heightened level of
privacy for customers who desire it.
In the event that a customer uses private tagging, unique files submitted and their results are not shared with the
global community of subscribers of Cisco AMP or Cisco AMP Threat Grid. It is made available only to the
submitting customer that flags the file as “private.” One exception to this case is when more than one customer
submits the same file and one person marks it as private and the other(s) don’t. In this case, the non-privatetagged submission takes precedence because the file is no longer unique. Typically, customers are more
concerned about unique files than files that are common elsewhere. For customers who want absolute privacy,
Cisco AMP Threat Grid appliances are the suggested alternative.
All cloud service elements, including private tagging, are termed content subscriptions (Tables 3 and 4).
Table 3.
Cisco AMP Threat Grid - Cloud, Private Tagging Subscriptions
Part Number
Description
L-TG-PT-S1-LIC-K9=
Threat Grid, Private Tagging 5 Accounts and 500 Files per Day
L-TG-PT-1Y-S1-K9
Threat Grid, Private Tagging 5 Accounts and 500 Files per Day, 1 Year
L-TG-PT-3Y-S1-K9
Threat Grid, Private Tagging 5 Accounts and 500 Files per Day, 3 Year
L-TG-PT-5Y-S1-K9
Threat Grid, Private Tagging 5 Accounts and 500 Files per Day, 5 Year
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 6 of 17
Part Number
Description
L-TG-PT-S2-LIC-K9=
Threat Grid, Private Tagging 10 Accounts and 1500 Files per Day
L-TG-PT-1Y-S2-K9
Threat Grid, Private Tagging 10 Accounts and 1500 Files per Day, 1 Year
L-TG-PT-3Y-S2-K9
Threat Grid, Private Tagging 10 Accounts and 1500 Files per Day, 3 Year
L-TG-PT-5Y-S2-K9
Threat Grid, Private Tagging 10 Accounts and 1500 Files per Day, 5 Year
L-TG-PT-S3-LIC-K9=
Threat Grid, Private Tagging 25 Accounts and 2500 Files per Day
L-TG-PT-1Y-S3-K9
Threat Grid, Private Tagging 25 Accounts and 2500 Files per Day, 1 Year
L-TG-PT-3Y-S3-K9
Threat Grid, Private Tagging 25 Accounts and 2500 Files per Day, 3 Year
L-TG-PT-5Y-S3-K9
Threat Grid, Private Tagging 25 Accounts and 2500 Files per Day, 5 Year
L-TG-PT-S4-LIC-K9=
Threat Grid, Private Tagging 100 Accounts and 10,000 Files per Day
L-TG-PT-1Y-S4-K9
Threat Grid, Private Tagging 100 Accounts and 10,000 Files per Day, 1 Year
L-TG-PT-3Y-S4-K9
Threat Grid, Private Tagging 100 Accounts and 10,000 Files per Day, 3 Year
L-TG-PT-5Y-S4-K9
Threat Grid, Private Tagging 100 Accounts and 10,000 Files per Day, 5 Year
Table 4.
Cisco AMP Threat Grid - Cloud, Private Tagging Subscriptions: AMP Customer Upgrades
Part Number
Description
L-TG-PTUPG-LIC-K9=
Private Tagging Upgrade for AMP Cloud Subscribers
L-TG-PTUPG-1Y-K9
Private Tagging Upgrade for AMP Cloud Subscribers, 1 Year
L-TG-PTUPG-3Y-K9
Private Tagging Upgrade for AMP Cloud Subscribers, 3 Year
L-TG-PTUPG-5Y-K9
Private Tagging Upgrade for AMP Cloud Subscribers, 5 Year
L-TG-PTSEU-LIC-K9=
Private Tagging UPG for AMP SOC and Enterprise Subscribers
L-TG-PTSEU-1Y-K9
Private Tagging UPG for AMP SOC and Enterprise Subscribers, 1 Year
L-TG-PTSEU-3Y-K9
Private Tagging UPG for AMP SOC and Enterprise Subscribers, 3 Year
L-TG-PTSEU-5Y-K9
Private Tagging UPG for AMP SOC and Enterprise Subscribers, 5 Year
Cisco AMP Threat Grid On-Premises Appliances
For organizations with compliance and policy restrictions on submitting malware samples to the cloud, Threat Grid
provides a dedicated appliance for local analysis backed by the full power of its cloud. None of the information
submitted or generated during the local analysis is exported outside the organization.
For customers requiring fully isolated environments, air-gapped (that is, no Internet access) deployment options
are also available. Customers in such environments would not be able to benefit from efficiencies and insights
gained through the use of Threat Grid cloud intelligence and deeper contextual analyses (for example, in cases of
malware attempting to infiltrate through Internet connections).
Cisco Threat Grid AMP 5000 Series Appliances are the currently available on-premises platform.
Cisco AMP Threat Grid 5000 Series Appliances
The Cisco AMP Threat Grid 5000 Series appliance family offers two capacity models based on the same
extensible hardware platform.
The main difference between the two appliance models is the capacity of daily file sample volume processed. The
5000 Series model provides analysis for up to 1500 files per day, while the 5500 Series model provides analysis for
up to 5,000 files per day.
The 5000 Series includes these features:
●
1 rack unit (1RU) form factor
●
10-Gb dual-port copper network interfaces
●
AC or DC power options
●
Latest Cisco AMP Threat Grid software version
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 7 of 17
Customers may upgrade from the 5000 model to the 5500 model by purchasing a ONE time upgrade license.
Upgraded Content Subscription licenses (that is, for the 5500 model) will also apply.
For convenience and ease of ordering, bundles have been created that include both the Cisco AMP Threat Grid
appliance and required subscriptions. The product part numbers are listed in Appendix A and contain a “-BUN”
suffix.
Except for Cisco AMP for Endpoints, AMP for Networks, AMP for Content and other solutions, an appliance
Content Subscription license is also required for each Threat Grid appliance purchased (Table 5). The Content
Subscription provides the necessary access to the Threat Grid intelligence and full Threat Grid functionality such
as portal access, video replay, complex searches, and API access for automating submissions and results
retrieval.
Table 5.
Licenses for the Cisco AMP Threat Grid 5000 & 5500 Series Appliances
Part Number
Description
TG5000-BUN
Cisco AMP Threat Grid 5000 Appliance and Subscription Bundle
TG5000-K9
Cisco AMP Threat Grid 5000 Appliance with software
L-TG5000-LIC-K9=
Threat Grid Content Subscription License for 5000 Model
L-TG5000-1Y-K9
Threat Grid Content Subscription License for 5000 Model, 1 Year
L-TG5000-3Y-K9
Threat Grid Content Subscription License for 5000 Model, 3 Year
L-TG5000-5Y-K9
Threat Grid Content Subscription License for 5000 Model, 5 Year
TG5500-BUN
Cisco AMP Threat Grid 5500 Appliance and Software Bundle
TG5500-K9
Cisco AMP Threat Grid 5500 Appliance with software
L-TG5500-LIC-K9=
Threat Grid Content Subscription License for 5500 Model
L-TG5500-1Y-K9
Threat Grid Content Subscription License for 5500 Model, 1 Year
L-TG5500-3Y-K9
Threat Grid Content Subscription License for 5000 Model, 3 Year
L-TG5500-5Y-K9
Threat Grid Content Subscription License for 5000 Model, 5 Year
L-TG5000-SWUPG-K9
Cisco AMP Threat Grid Upgrade from 5000 Model to 5500 Model
Customers who are new or existing AMP customers (excluding AMP Threat Grid standalone customers) and who
desire only local, on-premises dynamic analysis capabilities to work with their AMP solutions may purchase the
5000 Series appliance bundle(s) without a Content Subscription. Submissions and interactions will be solely
through their AMP solutions. For full Threat Grid intelligence and capabilities, AMP customers may purchase
appliance Content Subscriptions at a 50 percent discount from the standalone Threat Grid appliance subscription
prices (Table 6).
Table 6.
Cisco AMP Threat Grid 5000 & 5500 Series Appliances Content Subscriptions
Part Number
Description
L-TG5000-LIC-K9=
Threat Grid Content Subscription License for 5000 Model
L-TG5000-1Y-K9
Threat Grid Content Subscription License for 5000 Model, 1 Year
L-TG5000-3Y-K9
Threat Grid Content Subscription License for 5000 Model, 3 Year
L-TG5000-5Y-K9
Threat Grid Content Subscription License for 5000 Model, 5 Year
L-TG5000-AMPUP-K9=
Threat Grid Content Subscription License for 5000 Model - AMP Subscribers
L-TG5000-AMPUP-1Y
Threat Grid Content Subscription License for 5000 Model - AMP Subscribers, 1 Year
L-TG5000-AMPUP-3Y
Threat Grid Content Subscription License for 5000 Model - AMP Subscribers, 3 Year
L-TG5000-AMPUP-5Y
Threat Grid Content Subscription License for 5000 Model - AMP Subscribers, 5 Year
L-TG5500-LIC-K9=
Threat Grid Content Subscription License for 5500 Model
L-TG5500-1Y-K9
Threat Grid Content Subscription License for 5500 Model, 1 Year
L-TG5500-3Y-K9
Threat Grid Content Subscription License for 5500 Model, 3 Year
L-TG5500-5Y-K9
Threat Grid Content Subscription License for 5500 Model, 5 Year
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 8 of 17
Part Number
Description
L-TG5500-AMPUP-K9=
Threat Grid Content Subscription License for 5500 Model - AMP Subscribers
L-TG5500-AMPUP-1Y
Threat Grid Content Subscription License for 5500 Model - AMP Subscribers, 1 Year
L-TG5500-AMPUP-3Y
Threat Grid Content Subscription License for 5500 Model - AMP Subscribers, 3 Year
L-TG5500-AMPUP-5Y
Threat Grid Content Subscription License for 5500 Model - AMP Subscribers, 5 Year
Cisco AMP Threat Grid API
To help customers keep up with, and response quickly to, the vast volume of threats, Cisco AMP Threat Grid
provides customers with access to a robust API. The API automates sample submission, querying, content
creation, data enrichment, and intelligence integration with other third-party security products for monitoring,
prevention, network, and host forensics. This capability is included with either Threat Grid Cloud Subscription or
On-Premises Content Subscription licenses. AMP customers who purchase only the base appliance without
Content subscriptions will not have access to the API without upgrading their solution with a valid Content
Subscription license listed in Table 6.
Understanding Software Licenses, Appliances, and Subscriptions Options
Cisco AMP Threat Grid is available as both a standalone product and as an upgrade add-on to:
●
Cisco AMP for Endpoints
●
Cisco AMP for Networks
●
Cisco Adaptive Security Appliance (ASA) and Cisco FirePOWER appliances
●
Next Generation Intrusion Prevention System (NGIPS)
●
Cisco Email Security Appliance (ESA)
●
Cisco Web Security Appliance (WSA)
Figure 3 summarizes various consumption options for Cisco AMP Threat Grid.
Figure 3.
Deployment Options for Cisco AMP Threat Grid
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 9 of 17
When customers add a cloud subscription, they receive a provisioned account for the AMP Threat Grid - Cloud
portal. When they order the appliance, the appliance will ship with software preinstalled.
Software Subscription Support
Cisco security software subscription licenses include software subscription support. This support is essential to
keeping your business-critical applications available, highly secure, and operating at optimal performance. For the
term of your software subscription licenses, you will receive timely, uninterrupted access to the latest software
updates and major upgrade releases that may contain significant architectural changes and new features and
functionality. With software subscription support, you will have the current Cisco security solution working to protect
your business. You will also have access to a wide range of online tools and communities that can help you solve
issues quickly, maintain business continuity, improve your competitiveness, and make the most of limited
resources through increased productivity.
This support entitles customers to the services listed below for the full term of the purchased software subscription:
●
Software updates and major upgrades, to keep applications performing optimally at the most current feature
set
●
Access to the Cisco Technical Assistance Center (TAC), which provides fast, specialized support
●
Online tool building, to expand in-house expertise and boost business agility
●
Collaborative learning, to provide additional knowledge and training opportunities
No additional products or fees are required to receive these services with a software subscription.
Sample Valid Cisco Commerce Workspace Configuration for the Cisco AMP Threat Grid 5000
Tables 7 through 9 show Cisco Commerce Workspace configurations for the Cisco AMP Threat Grid 5000 Series
appliances along with the required content subscription for standalone customers.
Note:
For new orders, you are required to order a bundled product (BUN) that combines both hardware and the
software subscription. Content Subscription and Cisco SMARTnet™ support (CON-SNT-TG5000) are also required.
You can select either a 1-year or a 3-year software subscription.
Table 7.
Cisco Commerce Workspace Configuration for the Cisco AMP Threat Grid 5000 Series Appliance: New Order, NonAMP Subscriber
Line
Part Number
Description
Notes
1.0
TG5000-BUN
Cisco AMP Threat Grid 5000 appliance and
software bundle
Base bundle product for the Cisco AMP 5000
Series
1.1
TG5000-K9
Cisco Threat Grid 5000 Model with software
TG5000 hardware appliance
1.1.0.1
CON-SNT-TG5000
Cisco SMARTnet 8 a.m. to 5 p.m. (8x5) next
business day (NBD) TG5000
Duration: 12 months
Cisco SMARTnet support contract (hardware and
software)
1.1.1
TG-CPU-E52697B
2.70 GHz E5-2697 v2/130W 12C/30MB
Cache/DDR3 1866MHz
Included
1.1.2
TG-MEM-32GB
32GB DDR3-1866-MHz LRDIMM/PC3-14900/quad
rank/x4/1.5v
Included
1.1.3
TG-HDD-1TB
1-TB 6-Gb SATA 7.2K RPM SFF HDD/hot
plug/drive sled mounted
Included
1.1.4
TG-SSD-120GB
Thread Grid 120-GB 2.5-inch Enterprise Value 6G
SATA SSD
Included
1.1.5
TG-RAID-9271
MegaRAID 9271CV with 8 internal SAS/SATA
ports with Supercap
Included
1.1.6
TG-10G-NIC
Thread Grid X520 dual-port 10-Gb SFP+ adapter
Included
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 10 of 17
Line
Part Number
Description
Notes
1.1.7
TG-PWR-DC-930W
Cisco Threat Grid 930W DC power supply
Selection of power supply is required
1.1.8
SFP-10G-SR-X
10GBASE-SR SFP module for extended temp
range
Selection of transceiver/cable is recommended
1.1.9
TG5000-SW-K9
Cisco AMP Threat Grid Software for 5000 Model,
Up to 1500 Files/Day
Threat Grid software version (included)
1.2
L-TG5000-LIC-K9=
Threat Grid Content Subscription license for
5000 model
Subscription container selection for Cisco AMP
Threat Grid, 1 year (required selection)
1.2.0.1
L-TG5000-1Y-K9
Threat Grid Content Subscription license for 5000
model 1 YR
Appliance Content Subscription for Cisco AMP
Threat Grid, 1 year
(required selection)
Duration: 12 months
Table 8.
Cisco Commerce Workspace Configuration for the Cisco AMP Threat Grid 5000 Appliance with Optional Content
Subscription: AMP Subscriber
Line
Part Number
Description
Notes
1.0
TG5000-K9
Cisco Threat Grid 5000 Model with software
TG5000 hardware appliance
1.1.0.1
CON-SNT-TG5000
SMARTNET 8x5xNBD TG5000
Cisco SMARTnet support contract (hardware and
software)
Duration: 12 months
1.1.1
TG-CPU-E52697B
2.70 GHz E5-2697 v2/130W 12C/30MB
Cache/DDR3 1866 MHz
Included
1.1.2
TG-MEM-32GB
32-GB DDR3-1866-MHz LRDIMM/PC314900/quad rank/x4/1.5v
Included
1.1.3
TG-HDD-1TB
1-TB 6-Gb SATA 7.2K RPM SFF HDD/hot
plug/drive sled mounted
Included
1.1.4
TG-SSD-120GB
Thread Grid 120-GB 2.5-inch Enterprise Value 6G
SATA SSD
Included
1.1.5
TG-RAID-9271
MegaRAID 9271CV with 8 internal SAS/SATA
ports with Supercap
Included
1.1.6
TG-10G-NIC
Thread Grid X520 dual-port 10-Gb SFP+ adapter
Included
1.1.7
TG-PWR-DC-930W
Cisco Threat Grid 930W DC power supply
Selection of power supply is required
1.1.8
SFP-10G-SR-X
10GBASE-SR SFP module for extended
temperature range
Selection of transceiver/cable is recommended
1.1.9
TG5000-SW-K9
Cisco AMP Threat Grid Software for 5000 Model,
Up to 1500 Files/Day
Threat Grid software version (included)
2.0
L-TG5000-AMPUP-K9=
Threat Grid Content Subscription Upgrade
license for 5000 model for AMP customers
Subscription container selection for Cisco AMP
Threat Grid for AMP customers, 1 year (optional
selection)
2.0.1
L-TG5000-AMPUP-1Y
Threat Grid Content Subscription Upgrade license
for 5000 model for AMP customers
Appliance Content Subscription for Cisco AMP
Threat Grid for AMP customers, 1 year
(optional selection)
Duration: 12 months
Table 9.
Cisco Commerce Workspace Configuration for the Cisco AMP Threat Grid Cloud Service: Standalone Customer
(No Other AMP Solutions)
Line
Part Number
Description
Notes
1.0
L-TG-S1-LIC-K9=
Cisco AMP Threat Grid, 5 Accounts and 500
Daily Submission
Cisco AMP Threat Grid Cloud Service
Subscriptions
1.0.1
L-TG-1Y-S1-K9
Cisco AMP Threat Grid, 5 A/C and 500 Daily
Submission 1 YR
Cisco AMP Threat Grid Cloud Service
Subscriptions, 1 year
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 11 of 17
Cisco AMP Solutions and Threat Grid
Cisco AMP Threat Grid provides enhanced capabilities to Cisco AMP for Endpoints, Cisco AMP for Networks, ASA
with FirePOWER Services, Next Generation Intrusion Prevention System (NGIPS), as well as Cisco Email (ESA)
and Web (WSA) security solutions, which help customers identify and fight advanced malware.
Cisco AMP solutions continuously aggregate data and events across extended networks, endpoints, mobile
devices, and virtual environments. They deliver visibility and control against malware and persistent threats across
the full attack continuum - before, during, and after an attack.
In addition, Cisco AMP solutions use the power of big data analytics, continuous analysis, and real-time security
intelligence to deliver detection, tracking, analysis, and remediation to protect the enterprise against malware and
targeted persistent attacks. Continuous analysis uses cloud-based big data analytics to go beyond point-in-time
detection, constantly re-evaluating new and historical data gathered over time to detect stealthy attacks. This
enables robust retrospective security tools that alert security teams to a malware attack that evaded initial detection
but was later identified, which is often the case with targeted zero-day attacks. The various AMP solutions listed
below offer:
●
Malware blocking and continuous analysis
●
Tracking of malware proliferation and activity through trajectory tools
●
Indications of compromise (IoCs)
●
Root cause analysis
●
Outbreak control
●
Impact reporting
With these AMP solution capabilities, security operations can focus on the threats that matter most, increasing
security effectiveness and operational efficiency while decreasing incident response times. When they are
combined with Cisco AMP Threat Grid capabilities, customers can achieve the levels of visibility and control
needed to fight advanced malware.
With Cisco AMP Threat Grid, customers gain the ability to get deeper analytics and intelligence beyond basic
dynamic analysis reports and threat scores through the default AMP capabilities. These additional features include
access to artifacts uncovered by AMP Threat Grid for use to write IoCs, artifact correlation to highlight relationships
with other threats, and access to the full range of intelligence contained in the Threat Grid cloud. Additionally, AMP
Threat Grid appliance customers can analyze files locally without needing to send the file to Cisco’s cloud.
Please refer to the Cisco Advanced Malware Protection Ordering Guide for more details.
Understanding the Service Offers
Cisco Advanced Services
The Cisco Global Security Solutions team provides comprehensive assessment, design, deployment, and
optimization services.
Cisco Advanced Services Transaction
The following Advanced Services Transaction (AS-T) offers are custom scoped and priced and written on a
statement of work (SOW). Partners will need to engage a Cisco Services account manager to purchase them.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 12 of 17
Cisco Security Design Assessment Service
The Cisco Security Design Assessment Service helps customers understand and strengthen their organization’s
security infrastructure. By undertaking a Cisco Security Design Assessment, an organization will:
●
Create a robust and scalable security architecture using a business-focused, risk-avoidance approach.
●
More effectively protect the infrastructure by identifying architectural network device vulnerabilities and
deviations from security best practices.
●
Safeguard employee productivity, primary intellectual property, and sensitive customer data by mitigating
security risks.
Cisco Network Device Security Assessment Service
The Cisco Network Device Security Assessment Service helps protect customer networks against old and new
threats. Cisco security professionals work closely with customers to identify gaps in the safeguards around their
Cisco network infrastructure. The assessments are performed by consultants who have extensive security
experience in a variety of vertical industries and government agencies.
Cisco Security Assessment Service for Incident Response
The Cisco Security Assessment Service for Incident Response provides customers with remote and on-site
support and investigative services when they experience a security event. This service can begin while contract or
SOW details are being negotiated and approved.
To order Cisco Advanced Services Transaction, use the AS Quoter Tool and the AS-T part numbers in Table 10.
Table 10.
Ordering Information for Cisco AS-T Offers
AS-T Part Numbers
Description
Price
AS-SEC-CNSLT (-A, -L)
Cisco Security Design Assessment Service
Custom priced
AS-SEC-CNSLT (-A, -L)
Cisco Network Device Security Assessment Service
Custom priced
AS-SEC-ADVIS
Cisco Security Assessment Service for Incident Response
Custom priced
The security account manager is responsible for creating an accurate AS-T quote and SOW and must engage
delivery experts (the executive client services manager or client services manager) within the Cisco Global Security
Solutions team to effectively build out a properly scoped SOW.
To better understand how to create AS-T quotes and orders for customers and partners, review the AS-T Sales
and Delivery Guide.
Note:
Only Cisco employees have access to this document. Partners must work with their assigned Cisco
account representative to generate a SOW.
The AS-T Quoting Tool allows you to input key requirements for the engagement and will provide you with the
necessary documentation to submit with the SOW.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 13 of 17
Cisco Technical Services
Cisco Technical Services can be quoted and ordered in Cisco tools, including the Cisco Service Contract Center
(SCC), and Cisco Commerce Workspace. Tool usage will vary depending on service offer, partner type, timing of
services being attached, and whether the service is new or a renewal of an existing service offering.
Cisco SMARTnet Service
Customers purchase the Cisco SMARTnet Service for Cisco hardware (see Table 11). Cisco SMARTnet Service
gives customers access to a wealth of Cisco support tools and expertise, providing them with greater network
availability and performance while reducing operating costs. The Cisco SMARTnet Service provides:
●
Global 24-hour access to the Cisco TAC
●
Access to online knowledge base, communities, and tools
●
Current hardware replacement option: next business day, where available
●
Operating system software updates
●
Maintenance and minor software updates
●
Smart, proactive diagnostics and real-time alerts on devices enabled with Smart Call Home
Please refer to the following link for more detailed information regarding Cisco SMARTnet:
http://www.cisco.com/en/US/products/svcs/ps3034/ps2827/ps2978/serv_group_home.html
Recommended Attach
Technical service is automatically attached at the point of the product sale so that customers get the necessary
support and entitlement and the best possible return on investment. When ordering Cisco products in the Cisco
Commerce Workspace, the appropriate SMARTnet Service item(s) will automatically be added to your quote
(Table 11). It is recommended that customers purchase security products with the appropriate services attached.
Table 11.
Cisco SMARTnet Service Part Numbers for AMP Threat Grid
Product Description
Product Part Number
Cisco SMARTnet Part
Number
Threat Grid 5000 chassis, memory card, hard disk drive, PCIe bus, PSU,
w/rail kit
TG5000-K9
CON-SNT-TG5000
Threat Grid 5500 chassis, memory card, hard disk drive, PCIe bus, PSU,
w/rail kit
TG5550-K9
CON-SNT-TG5500
Understanding the Ordering Process
For more information on quoting, ordering, and product support, please visit the webpages shown in Table 12.
Table 12.
Cisco Resources
Topic
Description
General ordering
support
Use My Cisco Workspace to open and manage service cases for orders, quotes, returns, deals, service contracts,
profiles and logins, tool access, training, reporting, feedback, and more.
Technical support
Partners and customers obtain technical support and/or open a support case using Cisco processes, tools and
systems.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 14 of 17
Topic
Description
Integration-specific
support
The Sales Acceleration Center (SAC) is a one-stop shop for presales support across technologies and architectures.
SAC will provide a heightened level of service to ease the transition period for you and solve transaction challenges.
SAC is designed to complement existing support processes, as well as assist in finding the correct support resource
based on the question or issue.
Email: sac-support@cisco.com
Phone: 800 225-0905, 408 902-4872
IT-specific support
(Cisco internal only)
For Internal audiences experiencing IT issues, go to the Service Request Management tool to open and track cases
as well as the Business Support and Operational Systems page for additional information and existing issues being
tracked.
Licensing and PAK
registration
A self-serve option is available for many licensing functions. However, you may also get assistance from the Global
Licensing Operation (GLO) team by completing the form found here or opening a case using the Support Case
Manager tool.
Partner program and
training support
Visit the Partner Education Connection for more information on partner trainings. Visit Partner Central for information
on specializations, certifications, incentive programs, and much more.
Partner Helpline
The Partner Helpline provides presales product support, and the Cisco Commerce Workspace provides full
Commerce Workspace support.
Technology Solutions
Network (TSN) (Cisco
internal only)
TSN is a 24x5 global network of Virtual Systems Engineers providing presales technical services and talent
development for Cisco's sales organization.
Deal registration
guidance
For help transitioning your existing deals to Cisco, please work with your account managers and security account
managers to obtain the necessary guidance.
Cisco Commerce
Workspace
Submit hardware and new service orders, check order status, and create configurations at
http://iwe.cisco.com/web/salessecentral/tsn
https://cisco-apps.cisco.com/cisco/psn/commerce.
Training link: http://www.cisco.com/web/partners/events/commerce_workspace.html
Cisco Service Contract
Center
View, renew, and make changes to service contracts at:
http://www.cisco.com/web/services/ordering/cscc/index.html.
Training link: http://www.cisco.com/web/services/resources/cscc/training/index.html
Cisco web-based tool
suite
All online tools: http://www.cisco.com/web/ordering/root/index.html
Appendix A: All Offerings
Please note - One (1) user is the equivalent of one (1) account; no sharing of accounts is permitted.
Table A-1 provides product descriptions and Cisco SMARTnet part numbers for all Cisco AMP Threat Grid
appliances.
Table A-1.
Ordering Information for Cisco AMP Threat Grid
Cisco AMP Threat Grid Appliance, 5000 Series
Part Number
Product Description
TG5000-BUN
Cisco AMP Threat Grid 5000 Appliance and Subscription Bundle
TG5500-BUN
Cisco AMP Threat Grid 5500 Appliance and Software Bundle
L-TG5000-SWUPG-K9
Cisco AMP Threat Grid Upgrade from 5000 Model to 5500 Model
TG5000-K9
Cisco AMP Threat Grid 5000 Appliance with Software
CON-SNT-TG5000
TG5500-K9
Cisco AMP Threat Grid 5500 Appliance with Software
CON-SNT-TG5500
L-TG5000-LIC-K9=
Threat Grid Content Subscription License for 5000 Model
L-TG5000-1Y-K9
Threat Grid Content Subscription License for 5000 Model, 1 Year
L-TG5000-3Y-K9
Threat Grid Content Subscription License for 5000 Model, 3 Year
L-TG5000-5Y-K9
Threat Grid Content Subscription License for 5000 Model, 5 Year
L-TG5000-AMPUP-K9=
Threat Grid Content Subscription License for 5000 Model - AMP Subscribers
L-TG5000-AMPUP-1Y
Threat Grid Content Subscription License for 5000 Model - AMP Subscribers, 1 Year
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
SMARTnet
Part Number
Page 15 of 17
Cisco AMP Threat Grid Appliance, 5000 Series
L-TG5000-AMPUP-3Y
Threat Grid Content Subscription License for 5000 Model - AMP Subscribers, 3 Year
L-TG5000-AMPUP-5Y
Threat Grid Content Subscription License for 5000 Model - AMP Subscribers, 5 Year
L-TG5500-LIC-K9=
Threat Grid Content Subscription License for 5500 Model
L-TG5500-1Y-K9
Threat Grid Content Subscription License for 5500 Model, 1 Year
Part Number
Product Description
L-TG5500-3Y-K9
Threat Grid Content Subscription License for 5500 Model, 3 Year
L-TG5500-5Y-K9
Threat Grid Content Subscription License for 5500 Model, 5 Year
L-TG5500-AMPUP-K9=
Threat Grid Content Subscription License for 5500 Model - AMP Subscribers
L-TG5500-AMPUP-1Y
Threat Grid Content Subscription License for 5500 Model - AMP Subscribers, 1 Year
L-TG5500-AMPUP-3Y
Threat Grid Content Subscription License for 5500 Model - AMP Subscribers, 3 Year
L-TG5500-AMPUP-5Y
Threat Grid Content Subscription License for 5500 Model - AMP Subscribers, 5 Year
Part Number
Product Description
L-TG-S1-LIC-K9=
Cisco AMP Threat Grid, 5 Accounts and 500 Daily Submissions
L-TG-1Y-S1-K9
Cisco AMP Threat Grid, 5 Accounts and 500 Daily Submissions, 1 Year
L-TG-3Y-S1-K9
Cisco AMP Threat Grid, 5 Accounts and 500 Daily Submissions, 3 Year
L-TG-5Y-S1-K9
Cisco AMP Threat Grid, 5 Accounts and 500 Daily Submissions, 5 Year
L-TG-S2-LIC-K9=
Cisco AMP Threat Grid, 10 Accounts and 1500 Daily Submissions
L-TG-1Y-S2-K9
Cisco AMP Threat Grid, 10 Accounts and 1500 Daily Submissions, 1 Year
L-TG-3Y-S2-K9
Cisco AMP Threat Grid, 10 Accounts and 1500 Daily Submissions, 3 Year
L-TG-5Y-S2-K9
Cisco AMP Threat Grid, 10 Accounts and 1500 Daily Submissions, 5 Year
L-TG-S3-LIC-K9=
Cisco AMP Threat Grid, 25 Accounts and 2500 Daily Submissions
L-TG-1Y-S3-K9
Cisco AMP Threat Grid, 25 Accounts and 2500 Daily Submissions, 1 Year
L-TG-3Y-S3-K9
Cisco AMP Threat Grid, 25 Accounts and 2500 Daily Submissions, 3 Year
L-TG-5Y-S3-K9
Cisco AMP Threat Grid, 25 Accounts and 2500 Daily Submissions, 5 Year
L-TG-S4-LIC-K9=
Cisco AMP Threat Grid, 100 Accounts and 10,000 Daily Submissions
L-TG-1Y-S4-K9
Cisco AMP Threat Grid, 100 Accounts and 10,00 Daily Submissions, 1 Year
L-TG-3Y-S4-K9
Cisco AMP Threat Grid, 100 Accounts and 10,00 Daily Submissions, 3 Year
L-TG-5Y-S4-K9
Cisco AMP Threat Grid, 100 Accounts and 10,00 Daily Submissions, 5 Year
L-TG-PT-S1-LIC-K9=
Threat Grid, Private Tagging 5 Accounts and 500 Files per Day
L-TG-PT-1Y-S1-K9
Threat Grid, Private Tagging 5 Accounts and 500 Files per Day, 1 Year
L-TG-PT-3Y-S1-K9
Threat Grid, Private Tagging 5 Accounts and 500 Files per Day, 3 Year
L-TG-PT-5Y-S1-K9
Threat Grid, Private Tagging 5 Accounts and 500 Files per Day, 5 Year
L-TG-PT-S2-LIC-K9=
Threat Grid, Private Tagging 10 Accounts and 1500 Files per Day
L-TG-PT-1Y-S2-K9
Threat Grid, Private Tagging Accounts and 1500 Files per Day, 1 Year
L-TG-PT-3Y-S2-K9
Threat Grid, Private Tagging 10 Accounts and 1500 Files per Day, 3 Year
L-TG-PT-5Y-S2-K9
Threat Grid, Private Tagging 10 Accounts and 1500 Files per Day, 5 Year
L-TG-PT-S3-LIC-K9=
Threat Grid, Private Tagging 25 Accounts and 2500 Files per Day
L-TG-PT-1Y-S3-K9
Threat Grid, Private Tagging 25 Accounts and 2500 Files per Day, 1 Year
L-TG-PT-3Y-S3-K9
Threat Grid, Private Tagging 25 Accounts and 2500 Files per Day, 3 Year
L-TG-PT-5Y-S3-K9
Threat Grid, Private Tagging 25 Accounts and 2500 Files per Day, 5 Year
L-TG-PT-S4-LIC-K9=
Threat Grid, Private Tagging 100 Accounts and 10,000 Files per Day
L-TG-PT-1Y-S4-K9
Threat Grid, Private Tagging 100 Accounts and 10,000 Files per Day, 1 Year
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
SMARTnet
Part Number
Page 16 of 17
Part Number
Product Description
L-TG-PT-3Y-S4-K9
Threat Grid, Private Tagging 100 Accounts and 10,000 Files per Day, 3 Year
L-TG-PT-5Y-S4-K9
Threat Grid, Private Tagging 100 Accounts and 10,000 Files per Day, 5 Year
L-TG-UPG-LIC-K9=
Cisco AMP Threat Grid Upgrade for AMP - Cloud Subscribers
L-TG-UPG-1Y-K9
Cisco AMP Threat Grid Upgrade for AMP - Cloud Subscribers, 1 Year
L-TG-UPG-3Y-K9
Cisco AMP Threat Grid Upgrade for AMP - Cloud Subscribers, 3 Year
L-TG-UPG-5Y-K9
Cisco AMP Threat Grid Upgrade for AMP - Cloud Subscribers, 5 Year
L-TG-SEUPG-LIC-K9=
Cisco AMP Threat Grid Upgrade for AMP SOC and Large Enterprise Subscribers
L-TG-SEUPG-1Y-K9
Cisco AMP Threat Grid Upgrade for AMP SOC and Large Enterprise Subscribers, 1 Year
L-TG-SEUPG-3Y-K9
Cisco AMP Threat Grid Upgrade for AMP SOC and Large Enterprise Subscribers, 3 Year
L-TG-SEUPG-5Y-K9
Cisco AMP Threat Grid Upgrade for AMP SOC and Large Enterprise Subscribers, 5 Year
L-TG-PTUPG-LIC-K9=
Private Tagging Upgrade for AMP - Cloud Subscribers
L-TG-PTUPG-1Y-K9
Private Tagging Upgrade for AMP - Cloud Subscribers, 1 Year
L-TG-PTUPG-3Y-K9
Private Tagging Upgrade for AMP - Cloud Subscribers, 3 Year
L-TG-PTUPG-5Y-K9
Private Tagging Upgrade for AMP - Cloud Subscribers, 5 Year
L-TG-PTSEU-LIC-K9=
Private Tagging Upgrade for AMP SOC and Enterprise Subscribers
L-TG-PTSEU-1Y-K9
Private Tagging Upgrade for AMP SOC and Enterprise Subscribers, 1 Year
L-TG-PTSEU-3Y-K9
Private Tagging Upgrade for AMP SOC and Enterprise Subscribers, 3 Year
L-TG-PTSEU-5Y-K9
Private Tagging Upgrade for AMP SOC and Enterprise Subscribers, 5 Year
Printed in USA
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
C07-733608-05
04/16
Page 17 of 17
Related documents
Module Summary
Module Summary
WWW+Internet+networking - Edulink
WWW+Internet+networking - Edulink
Download