Last week at RSA 2014, Chris Young and I joined a Live Social Broadcast from the Cisco Booth to discuss our announcements of Open Source Application Detection and Control and Advanced Malware Protection, as well as to answer questions from you, our partners and customers, about the trends, the challenges, the opportunities we’ve seen in the security industry this year.
Below is a link to view the recording of the broadcast. If you have any questions that didn’t get answered, please leave them in the comments, and Chris or I will get back to you.
Tags: malware, open source, RSA 2014, security
January 2014 started with a bang, with one in every 191 web requests resulting in a web malware encounter. The Cisco Computer Security Incident Response Team (CSIRT) observed this same trend, witnessing a 200% increase in web malware encounters experienced by Cisco employees for the month. Overall, January 1, 25, and 26 were the highest risk days for encountering web delivered malware. In the chart below, the lower the number, the higher the risk of encounters. Still, with a median encounter rate of 1:375 requests, every day of January 2014 represented significant risk for web browsing.
Read More »
Tags: 2014 annual security report, CSIRT, malware, Threat Metrics 2014, TRAC
One of my passions is around PCI compliance. I know that sounds oxymoronic. How can someone actually be passionate about something as dry as compliance? Well, for the sake of argument, I prefer delusional rationalization. I think of myself as Batman! I don’t have his intelligence, money, car, or cape (well, I do have the cape, but that is another story), but I DO want to fight injustice where I can. I do think that there are bad guys out there trying to steal my family’s hard earned money. PCI compliance is the leading method for securing the world’s payment systems. The bad guys are real, security is getting harder, and I want to fight on the side of good.
The problem with fighting crime with compliance is that it can be so complex. The general strategy to minimize the complexity of PCI compliance is to use segmentation. Segmentation typically involves putting credit card applications and devices onto its own network, and use traditional firewalls to secure the perimeter. Although effective, this method brings about its own headaches around management. Firewall rulesets can become tedious and complex. Readdressing an entire enterprise with the sole driver of compliance is Herculean. Over time, if not properly managed and sustained, this method, can lead to bloat, misconfiguration, or worse, a breach.
Read More »
Tags: ISE, PCI Compliance, TrustSec
Information security is one of the largest business problems facing organisations. Log data generated from networks and computer systems can be aggregated, stored, and analysed to identify where misuse occurs. The enormous amount of data involved in these analyses is beyond the capability of traditional systems and requires a new, big data approach. Given the right tools, skills and people, security teams can take advantage of big data analysis to quickly identify malicious activity and remediate attacks. Together, the big data platforms, the administration tools, analysis tools, skilled analysts, and pressing problems form an evolving ecosystem driving innovation. It would be a mistake to believe that this ecosystem is not without its challenges.
Read More »
Tags: Big Data, Hadoop, security, TRAC
On Thursday, February 27, at the 2014 RSA Conference, Chris Young, senior vice president of Cisco’s Security Business Group, and Padmasree Warrior, Cisco’s chief technology and strategy officer, delivered a keynote address on “The New Model of Security.”
If you missed the conference in person, you can now join us online, in the Cisco Security Community, to view an on-demand webcast of the keynote. You’ll gain further insight into how Cisco is uniquely positioned to deliver new innovations for security solutions that are visibility-driven, threat focused, and platform based.
We encourage you to interact with Cisco experts and your peers in the new online Security Community as you watch the webcast. The Security Community is also your portal to read the latest blogs related to the announcements, watch videos, continue your dialogue with Cisco experts and your peers, and stay informed about upcoming webcasts.
Tags: RSA 2014, security