Security that works together

Cisco Threat Response is the unifying force powering the Cisco integrated security architecture. It’s a single console that automates integrations across Cisco security products and threat intelligence sources. So you can simplify and accelerate critical security operations functions:


Find and confirm the most important threats faster.


Easily determine where you’re affected and how.


Respond immediately from Threat Response.


• Out-of-box integrations. Get more from your Cisco security investments when they are already working together.
• Designed for your Security Operations Center (SOC). Expand the capabilities of your other security products – Cisco or otherwise – and make them work more efficiently.
• Save time and effort. Speed cyber investigations significantly and take corrective action immediately.
• Free. Threat Response is available with integrated Cisco security products. Start using it today – there’s nothing to buy.

Access intelligence anywhere

Our browser plug-in quickly pulls Indicators of Compromise (IOCs) and associated verdicts from any webpage or browser-based console, Cisco or otherwise.

Automated enrichment

Threat Response adds context from Cisco security products and threat intelligence sources automatically so that you know instantly which of your systems were targeted and how.

Intuitive, interactive visualizations

See the results of your investigations on intuitive, relational graphs and timelines for better situational awareness and faster remediation.

Incident tracking

Tracking incidents is easier than ever. Threat Response helps you collect and triage key incident data, so you can manage and document your progress and findings and share them across your team.

Third-party integrations

Leverage your full security stack. Threat Response enhances your existing SIEM and SOAR platform with open APIs to automate data enrichment and response actions across security products in a single interface and seamless workflow.

Direct remediation

Get rid of the swivel chair syndrome in your SOC. Take corrective action directly from the Threat Response interface. Block suspicious files, domains, and more.

Cisco Security integrations

Threat Response integrates with the following Cisco Security products so you can get more value from products that work together.
Additional integrations are coming soon.
• Cisco Advanced Malware Protection
(AMP) for Endpoints
• Cisco Threat Grid
• Cisco Umbrella™
• Cisco Email Security
• Cisco Next-Generation Firewall
(NGFW)/Next-Generation Intrusion
Prevention System (NGIPS)