Cisco Blogs

Cisco Blog > Security

Cisco Security Predictions – Reviewed

We recently released the Cisco 2009 Annual Security Report. This is the most recent edition of our security report series, which was started in December of 2007 and now includes both annual and midyear reports. These documents primarily seek to do two things: to help you understand the threats and security events that existed during the report time frame, and to provide you with appropriate guidance on how we believe threats will evolve in the coming year.

I am not one who admires the pontification often performed by security experts and I assure you that any forward-looking guidance we write is intended solely to help you understand the emerging security threats. I believe in looking into the past with a critical eye and understanding how we could have done better.

With that in mind, the release of our 2009 annual report has reminded me to take a few minutes and review our past guidance, and naturally, evaluate our results.

Read More »


ScanSafe Report Highlights Attacker Thrift, Intellectual Property Risk

Computer-based attacks are being leveraged by miscreants to gain a global economic and informational advantage over others. This is the message presented by ScanSafe’s 2009 Annual Global Threat Report, which was released last week. Over the course of 2009, ScanSafe, which was acquired by Cisco in December, 2009, monitored customer web traffic and blocked malicious content through its cloud-based security service. The results of their analysis uncovered some interesting points, the most widely reported being that 80% of exploits in 2009 were based on malicious PDF files. But the subtexts from the report regarding targeted theft and criminal exploitation deserve a deeper look.

Read More »

Melissa Hathaway to Advise Cisco’s Security Team

On February 2, Dennis Blair, the new Director of National Intelligence, gave testimony alongside the heads of the CIA, FBI and Defense Intelligence Agency, to warn Congress that malicious cyberactivity is occurring on an unprecedented scale with extraordinary sophistication. With the ever-present threat of an attack on telecommunications and other networks, the U.S. government – and nations around the globe – must increase focus on cybersecurity and take certain action to ensure the safety and security of each nation’s infrastructure and its way of life.

The responsibility to protect a nation frequently requires private sector companies to do their part, and we at Cisco know this very well. I’m pleased to announce that Melissa Hathaway will serve as a senior security adviser for Cisco. Melissa is the former acting Senior Director for Cyberspace within the National Security Council for President Barack Obama’s administration. She is currently working in association with Harvard Kennedy School’s Belfer Center for Science and International Affairs as a senior adviser to its cyber security initiative, Project Minerva, a joint effort between the Department of Defense, Massachusetts Institute of Technology, and Harvard University. Melissa brings a wealth of knowledge and expertise to Cisco from her years of work in cybersecurity.

Read More »

Whales and IDS

Sometimes there is a perceived need to perfectly fix a problem, and that need can be the enemy of incremental steps that can reduce a problem to an acceptable level. Let me illustrate this by making one of those physical-to-virtual analogies that never really seem to translate very well:

Saving the whales is a difficult task that we will probably never completely finish. We won’t turn the entire planet into a playground for whales, nor do we need to. But if we take steps to regulate the hunting of whales and to protect their food and environment, that may be all that is both possible and needed.

Similarly, we won’t ever completely stop online crime. Consider how that impacts the current view of IPS and signature-based detection methods. These methods often develop a bad reputation because they can be poorly implemented and evaded, and they don’t always detect or prevent all criminal activities.

Read More »

Tags: , ,

A Brief History of Malware Obfuscation: Part 2 of 2

We parted ways last time with a discussion of polymorphism that left you tantalized and on the heels of a malware revolution…


From the Greek meta meaning about or self.

From the Greek morphe meaning shape or form.

In 1998, a virus was found in the wild that was able to conceal itself in a different way. Called the Win95/Regswap virus, it was notable because it didn’t use polymorphic decryptors to thwart detection as it evolved. It would actually switch CPU registers from generation to generation (but otherwise retain the same codebase). This would prevent conventional pattern matching from working, but the technique of wildcard pattern matching, which would soon be implemented, would later catch up and nab this guy. This technique of register swapping was a basic form of metamorphism, and it was going to set the stage for an epic battle in the growing malware arms race.

Metamorphism, which can be thought of as “body-polymorphism,” was a major leap forward. Quite simply, the malware is able to reprogram itself as it evolves across generations. This was a quantum leap in viral programing, as the code is effectively becoming pseudo-self-aware, able to parse and mutate its own body as it spreads.

Read More »