It was a wonderful honor to be named to Silicon Valley Business Journal 100 Women of Influence just over a week ago; one that will help greatly with accelerating my initiatives for cloud safety—not just for business, but also for us all.
And for the honor, I owe much thanks to many incredible mentors who have believed in me and for the immense opportunities they have provided me.
Read More »
In my role leading the development of Cisco’s IoT Systems and Software, I spend a fair amount of time speaking at industry events and talking with customers and partners. There is a lot of excitement about the Internet of Everything (IoE) – the intelligent connection of people, processes, data and things to the Internet – as it continues to take hold, bringing unprecedented economic opportunities to both the private and public sectors.
Read More »
Tags: Connected Safety and Security, Internet of Everything, internet of things, IoE, IoT, security, Video Survelliance
To address today’s evolving threat landscape, there’s been a shift from traditional event-driven security to intelligence-led security. Threat intelligence plays an integral role in this shift.
When you hear the term “Threat Intelligence,” it’s easy to have preconceived notions of what it means. Gartner defines threat intelligence as “evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.” I like that Gartner’s definition does not include intent. Why? Intent implies that the “menace” is trying to target you, but we know that too often this isn’t the case. Pretty much any piece of malware out there will damage unintended targets. One example is Stuxnet. It targeted Iranian nuclear enrichment facilities. Unfortunately it escaped the purported air-gapped system and has been seen in at least 10 other countries. In more practical terms threat intelligence must be:
Read More »
Tags: forensic investigation, incident response, malware, threat intelligence
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 11 bulletins being released which address 26 CVEs. The first 4 bulletins are rated Critical and address vulnerabilities within Internet Explorer, Office, IIS, and Graphics Component. The remaining 7 bulletins are rated Important and cover vulnerabilities within SharePoint, Task Scheduler, Windows, XML Core Services, Active Directory, .NET, and Hyper-V. Read More »
Tags: 0-day, coverage, ms tuesday, rules, security, Talos
One of the great scientific challenges of our time is the construction of a practical quantum computer. Operating using the counterintuitive principles of quantum physics, such a device could rapidly explore an vast number of possible states. It could perform computational tasks that are far beyond our current capabilities, such as modeling molecules and designing new types of drugs—and breaking most of the cryptographic systems that are currently in use. Fortunately, no one has yet built a practical quantum computer, though many countries and companies are striving do just that. It has been claimed that the U.S. National Security Agency has a secret US$80M project with that aim, for example. Quantum computing is still an unproven technology, and it may not be practical for decades, but since it poses an existential threat to cryptography, we need to start preparing now for the possibility that one day the news will announce a breakthrough in quantum computing, and we will be living in a post-quantum world.
Read More »
Tags: Cisco Research, crypto, cryptosystems, cybersecurity, post-quantum, security