CIS brings MCAP malware sandbox back for SLTT teams
The useful change is access: MS-ISAC members can submit suspicious files and URLs without building their own sandbox.
TL;DR
The Center for Internet Security reintroduced the Malicious Code Analysis Platform, a web-based sandbox for U.S. state, local, tribal and territorial members of the Multi-State Information Sharing and Analysis Center. MCAP lets teams submit suspicious files and URLs for automated analysis using Cisco Secure Malware Analytics. The announcement gives municipal and state incident responders another triage path, though CIS did not spell out integration details for existing security operations center workflows.
CIS has brought back the Malicious Code Analysis Platform, or MCAP, for U.S. state, local, tribal and territorial organizations that belong to the Multi-State Information Sharing and Analysis Center. The service is a web-based sandbox for suspicious files and URLs, with automated analysis run through Cisco Secure Malware Analytics and reports aimed at triage and response.
For state CISOs and municipal IT teams, this is mostly a workflow item. MCAP gives MS-ISAC members a controlled place to submit samples and get behavior and indicator reporting without standing up their own malware lab. CIS says MS-ISAC’s Cyber Incident Response Team can provide deeper assistance, including report interpretation and manual malware analysis.
The unanswered part is plumbing. CIS describes the submission and reporting function, but the announcement does not detail API integrations, pricing, or how cleanly MCAP fits into existing SLTT security operations center tooling. That makes this a useful restored capability, not a full incident-response architecture.
Published ·Deep Fathom