Cisco Blogs


Cisco Blog > Security

Nominations are Now Open for Cisco Champions for Security

Are you passionate about security technology? Are you interested in connecting with a global network of people like you? If so, you could be a good candidate to join the all-new Cisco Champions for Security group. Cisco Champions are a group of individuals from around the world who enjoy connecting with each other and sharing their knowledge with the larger community.

Cisco Champions make a difference by:

  • Supporting their peers in social communities, forums, and networks
  • Sharing their relevant experiences and thoughts on Cisco blogs
  • Providing valuable feedback directly to Cisco
  • And more

Cisco Champions have a unique opportunity to contribute to and enhance the way people use the latest technologies. They also receive:

  • Invitations to exclusive events
  • Opportunities to communicate with Cisco employees
  • Recognition for their contributions

I'm happy to announce the call for nominations for the all-new Cisco Champions for Security. From now until October 31, 2014, you can nominate yourself, a friend, or mentor for inclusion in this program. See our announcement post in the Cisco Champions Community and submit your application here. Be sure to mention "Security" in your nomination. All Cisco Champions for Security will be selected and alerted no later than November 25, 2014.

Have questions about the Cisco Champions Program? Check out our FAQ or contact us.

Tags: , ,

Visualizing a String of Paerls

Researchers from the Cisco Talos Security Intelligence and Research Team recently discovered an elaborate attack dubbed the String of Paerls. The attack, a combined spearphishing and exploit attempt, was able to bypass most antivirus engines and used a targeted phishing email that included a malicious Word document attachment. Upon opening the Word attachment, a macro downloaded and launched an executable on the victim’s machine, which then called out to command and control servers.

In the graphic below you can see an illustration of each of the major steps of the attack. A common thread is that Cisco security provides protection against attacks like this one using the approach of integrated threat defense. Specifically, Advanced Malware Protection tools were used throughout the discovery and analysis process to expose the exploit.

paerls-blog-1024x714

For a complete play-by-play of this attack, read the String of Paerls blog post from Talos. For more about integrated threat defense in our products, see the new Cisco ASA with FirePOWER Services.

Tags: , , , , , ,

Cisco Identity Services Engine (ISE) Further Expands Technology Partner Ecosystem

It’s the 25th anniversary of the film Field of Dreams, the movie about an Iowa farmer who hears a whisper that says, “If you build it, he will come.” Given the need for control with context for secure access initiatives, we did build it–and they have come.

After its introduction last year, momentum has continued for the Cisco Identity Services Engine (ISE) partner ecosystem, enabled by Cisco pxGrid, our robust context-sharing platform.

The Cisco ISE partner ecosystem began with an idea to create a group of best-in-class IT infrastructure partners who use the deeper level of contextual data collected by ISE, our security policy management platform for access control and security compliance, enabling IT organizations to have a consistent method of making their IT platforms identity, device and network aware. This enables deeper, broader network and security insight, makes network and security events more actionable and allows for consistent, cross-platform user and device visibility and control. Read More »

Tags: , ,

Shellshock Exploits in the Wild

This post was authored by Joel Esler & Martin Lee.

The recently discovered Bash vulnerability (CVE-2014-6271) potentially allows attackers to execute code on vulnerable systems. We have already blogged about the issue and provided more technical detail in a further blog. The rapid release of IPS signatures for our platforms allowed us to follow very quickly, the attempts at exploitation of the vulnerability in the wild.

For further details of our response to the issue, please see the Event Response Page.
Read More »

Tags: , , , , , ,

Greater Dynamic Controls for Secure Access and Mobility

Businesses today are required to meet multiple challenges with respect to connecting users to applications.

First, it is no secret that the demands of employees and users are great–they expect access to enterprise resources and their work via more mediums than ever before–by personal laptops, tablets and smartphones, both at home and on the road. The Internet of Things (IoT) is the latest technology where we must now prepare for a world where everything is connected. From Wi-Fi-enabled sensors for treatment care to vending machines for restocking or even sensors linked to power controls.

In addition to meeting demands of workers and all of these connected devices, there are also security challenges associated with connecting these devices into business networks to balance productivity with keeping advanced security threats, insider misuse and data breaches at bay. Read More »

Tags: , , , ,