Malware Policy Configuration for Analyzing Files in Cisco FTD

B.

When a file is detected by Cisco FTD, it is analyzed by Talos, which is Cisco's threat intelligence organization. Based on the analysis, the file is given a verdict which could be either malicious, benign or unknown. If the file is given an unknown verdict, further analysis is required to determine its true nature.

To analyze the file in the Talos cloud, the network administrator must select the appropriate malware policy configuration option. The options available are:

A. Malware Analysis: This option allows the file to be sent to Talos for static analysis. Static analysis involves examining the file's contents and code structure to identify any known malware signatures or patterns. This option is useful for identifying known malware threats.

B. Dynamic Analysis: This option allows the file to be executed in a virtual environment in the Talos cloud. This allows Talos to observe the file's behavior and identify any malicious activities it may perform. This option is useful for identifying new or unknown malware threats.

C. Sandbox Analysis: This option is similar to dynamic analysis, but it involves executing the file in a sandboxed environment that simulates a real-world operating system. This option allows Talos to observe the file's behavior in a more realistic environment and identify any advanced threats that may bypass traditional security measures.

D. Spero Analysis: This option is a machine-learning based analysis that uses behavioral analytics to identify malware. It analyzes the file's behavior and compares it to a database of known malware behaviors to determine if it is malicious or not.

In this case, since the file has an unknown verdict, the network administrator should select the Dynamic Analysis option to further analyze the file in the Talos cloud. This will allow Talos to execute the file in a virtual environment and observe its behavior to determine if it is malicious or not.