Cisco Blogs


Cisco Blog > Security

Sourcefire in Our Data Center – The First Inline Production Deployment at Cisco

In October, we were delighted to announce the completion of our acquisition of Sourcefire. With Sourcefire on board, Cisco provides one of the industry’s most comprehensive advanced threat protection portfolios, as well as a broad set of enforcement and remediation options that are integrated, pervasive, continuous, and open.

Within three weeks of the acquisition closing, we completed the first deployment into a highly secure data center and we are quite impressed with the results, to say the least! Within the first hour, we began seeing some interesting things from our network. The implementation was already giving us insights into our data center that we never had before!

Read More »

Tags: , , , , ,

Where’s Our Grace?

Every year in Scottsdale, Arizona, there’s a unique Information Security conference created by Joyce Brocaglia at ALTA, supported by a who’s who of InfoSec companies like Cisco, RSA, and Symantec, and attended by hundreds of some of the brightest people I’ve ever met. It’s no coincidence that they are all women because this is the Executive Women’s Forum (EWF) and always a highlight of my year.

A special treat for me this year was the presentation by Edna Conway, CISO for Cisco System’s supply chain and, as it turns out, a brilliant and inspiring woman.

A few weeks earlier, after reading that Edna was to be a keynote speaker at the event, I sent her an email just to introduce myself, say “hello,” and let her know that I looked forward to hearing her presentation. Not what I expected, Edna responded with a warm welcome for me to Cisco (yup—I’m a Cisco newbie after almost 30 years with HP!) and said that she was looking forward to getting some help from me on her current focus: securing Cisco’s supply chain. Great! Love to help, let’s keep in touch. However, when she presented to the EWF audience the strategy that she’d already developed and implemented, I was humbled by what an amazingly thorough job she’d done. The other women in the audience recognized the value in her strategy as well, as they lined up to speak with her after her address, and to ask for her help at their own companies. I saw the undeniable admiration in the eyes of these successful women executives—and those aspiring to be successful women executives—and something remarkable occurred to me. Read More »

Tags: , , , , ,

“Feliz Natal” – Bank Theft by Proxy.

Proxy auto-config or PAC files are commonly used by IT departments to update browser settings so that internet traffic passes through the corporate web gateway. The ability to redirect web traffic to malicious proxy servers is particularly attractive for malicious actors since it gives them a method of intercepting and modifying traffic to and from websites from which they can gain financially.

Malicious PAC files have been described since 2005 [1], but this obfuscated example contains a timely festive message. The Portuguese phrase for “Happy Christmas”, “Feliz Natal” is used to encode the IP address of the malicious proxy, 199.188.72.87.
Read More »

Tags: , ,

SecCon 2013: Global and Local

SecCon is our internal security conference, which for the past five years has taken place live in San Jose. Many industry recognized experts  over the years have graced the stage, and the security community at Cisco looks forward to each December where we gather together to network  and  learn  about the new threats that face our products.  In past years, remote sites around the globe were linked into San Jose, sharing part of the speaker line-up and also giving local security people at remote sites the ability to speak to a local audience. In 2013, for the first time ever, SecCon events were hosted in remote locations.

The goal of these events is twofold: first, to provide high-quality, topical security education to those people responsible for building our products, and second, to growthe security community amongst our engineering population. We believe that security must be part of everyone’s job description at Cisco. We are all part of the security solution, and we use these SecCon events to band together. Read More »

Tags: , , , , ,

Cisco Presenting at BayThreat 2013 in Mountain View, CA

BayThreat 2013, the fourth annual information security conference in the San Francisco South Bay, will be held December 6th & 7th. Many South Bay security professionals attend this technical conference. Cisco is a proud sponsor and my colleague, Joe Karpenko, and I will be presenting Beware of Network: Unleash your Network on Threats and Adversaries.

We’ll discuss the results of Cisco’s ongoing threat analysis research and how to leverage network instrumentation as critical incident response components that will help protect your network infrastructure, proprietary and customer information, servers, clients, and users. Network instrumentation is the basis of many of our incident response recommendations and ideally should be implemented while we are preparing to respond to incidents, not in the middle of one. Once we’ve instrumented the network we can leverage the information it provides to gain insight into and quickly respond to threats.

The full list of presenters for the two day conference is here. Please join us and all of the other attending security professionals on December 6 & 7, 2013 at the Hacker Dojo in Mountain View, CA for BayThreat 2013!

Tags: , , , , , ,