OpenDNS Umbrella has an integration with AMP Threat Grid. As hundreds of files are analyzed by Threat Grid every minute, any newly discovered malicious domains related to high-severity/confidence IOCs are pulled every few minutes by Umbrella. All Internet activity over any port or protocol destined to these domains can be now logged and blocked--both on and off the network. So as compromised systems are attempting to exfiltrate data, Umbrella is able to contain the command & control callbacks. And Umbrella can identify exactly which systems are compromised--whether they are minor or critical. Now your incident response team can prioritize remediating critical compromised systems with high-severity malware. You can learn more here: https://www.opendns.com/partners/technology-partners/cisco/.

Plus, while AMP Threat Grid shows the creation & evolution of malicious payloads and its relationships to other files, OpenDNS Investigate shows the creation & evolution of malicious infrastructures and its relationship to other domains.

Hi Leamon - Umbrella integrates as one of the modules for Visibility, therefor it can help enrich the data displayed to a security investigator. Users are also provided with a response capability and can enforce custom domain blacklists from Visibility and pivot from Visibility to Investigate. Please feel free to review Visibility preview video at http://cs.co/ats-youtube