The First Unified Malware Analysis and Threat Intelligence Solution

Be proactive. Speed Recovery. Maximize existing investments.

ThreatGRID® analysis rapidly identifies key behavioral indicators, providing accurate threat content enriched with global and historical context.

Intelligence-Driven Security

ThreatGRID provides knowledge of past and future behaviors, indicators of malware campaigns and details on targeted attacks—be fully armed to defend your organization.

Proactive Response

Integrate Threat Indicators from ThreatGRID’s global dataset to identify and protect against malware sources before you see it on your network.

Global and Historical Context

Get the big picture. Understand malware origins, its resources, connected criminal networks, command and control servers, commercial malware packages and how its attack vectors have changed over time. Benefit from shared intelligence with organizations and experts.


Unified malware analysis and threat intelligence

Recover faster. Be proactive. Maximize existing investments.

Today’s advanced cyber-attacks are persistent and evade existing defenses. ThreatGRID is the first solution that combines advanced malware analysis with deep threat analytics and content to empower security teams to quickly recover from and proactively defend against attacks and malware outbreaks.

Advanced Malware Analysis

Deep insight for stronger defense

ThreatGRID securely crowd-sources malware from a closed community providing a global view of malware attacks, campaigns and their distribution. You can quickly correlate a single sample’s characteristics against millions of other samples to fully understand its behaviors in a historical and global context to effectively defend against the broadest variety of threats and minimize attacks.

Context-driven Security Analytics

Accurately identify attacks, in near real time

ThreatGRID dynamically and statically analyzes all submitted content, and correlates the results with hundreds of millions of other analyzed malware artifacts. Within minutes, ThreatGRID provides a detailed report identifying key behavioral indicators along with a Threat Score enabling you to recover from advanced attacks with confidence, accuracy and speed.

Cloud power and Scale

Defend against threats from anywhere

Six million analyses a month and growing daily. ThreatGRID analyzes millions of malware samples a month, harvested globally and generating terabytes of rich, actionable content every day, to provide you unmatched scale and coverage from global threats. No new hardware or software necessary.

On-premise Appliance

Powerful security and compliance

For organizations with compliance and policy restrictions on submitting malware samples, ThreatGRID provides an appliance for local malware analysis backed by the full power of its cloud. A continuous stream of federated data from the cloud ensures you stay ahead of the latest threats while remaining fully compliant.

Powerful API

Automate for faster detection & response

Automation and integration is critical to effective response today. To keep up with the vast volume of threats and to ensure a fast response, ThreatGRID provides access to the same robust API used by our OEM partners. It simplifies sample submission, queries, content creation, data enrichment and intelligence integration with other security products for monitoring, prevention, network and host forensics in order to maximize effectiveness of your existing investments.

Advanced Indicator Creation

Be armed to respond rapidly & efficiently

Indicators are the first step in applying context to the analysis. ThreatGRID currently supports over 300 indicators produced through static and dynamic analysis covering malware families, malicious behaviors and more. By providing detailed descriptions as well as actionable content in indicators we’re ensure your analysts have the data to quickly respond while gaining knowledge and insight into malware and the various techniques used.

Pre-packaged and Custom Threat Feeds

Stay informed. Block future attacks

Drawing from its unique repository of malware analysis content, ThreatGRID provides automated threat feeds pre-packaged or customized for your industry and threat environment. You gain continuous real-time threat intelligence enriched by global and historical context, and your existing security infrastructure is dramatically improved to better prevent future attacks.

Advanced Pivoting and Correlation

Find related content using any artifact

Any and all artifacts created during analysis can be used as a starting point for search and correlation. A query can leverage an element as simple as an IP address, domain, hash and mutex or even a JavaScript Object Stream from a PDF submission. Each query is made against the entire ThreatGRID database providing recent and historical context around attacks.

Proprietary Analysis Features

Advanced Analysis for greater insight

The ThreatGRID platform leverages multiple proprietary techniques for both static and dynamic analysis. ThreatGRID engineers continually work to improve the fidelity of analysis results, ensuring better context and insight into the malware’s behavior. Some of these features include full remote interaction during analysis, virtual disk analysis showing Master Boot Record modifications and forwarding of network traffic through a drone infrastructure for evasion and obfuscation.

ThreatGRID also offers its solutions through a network of partners

These relationships are key to our success and help provide global coverage to our customers.

Technology Partnerships

Selected security software and appliance vendors currently embed ThreatGRID to provide a wide variety of services from cost-effective analysis of malicious traffic to offer threat intelligence services.

Channel partners

Third party value-added resellers (VARs), system integrators and professional service organizations extend their current offering by including ThreatGRID’s solutions.

Interested in becoming a partner? Please email us at and we’ll be in touch.

Recent Posts / View All Posts