CSIRT

March 27, 2014

SECURITY

Cisco Security Response Team Opens Its Toolbox

1 min read

Cisco’s network is a massively complex environment that requires extensive monitoring and remediation. In today’s world of advanced threats and attacks, the company that possesses and positions its tools to preemptively identify and mitigate threats is the one left standing when the dust settles. Cisco leverages its Computer Security Incident Response Team (CSIRT), a global […]

March 21, 2014

SECURITY

February 2014 Threat Metrics

2 min read

Web surfers in February 2014 experienced a median malware encounter rate of 1:341 requests, compared to a January 2014 median encounter rate of 1:375. This represents a 10% increase in risk of encountering web-delivered malware during the second month of the year. February 8, 9, and 16 were the highest risk days overall, at 1:244, […]

March 5, 2014

SECURITY

January 2014 Threat Metrics

2 min read

January 2014 started with a bang, with one in every 191 web requests resulting in a web malware encounter. The Cisco Computer Security Incident Response Team (CSIRT) observed this same trend, witnessing a 200% increase in web malware encounters experienced by Cisco employees for the month. Overall, January 1, 25, and 26 were the highest […]

December 3, 2013

SECURITY

Operational Security Intelligence

7 min read

Security intelligence, threat intelligence, cyber threat intelligence, or “intel” for short is a popular topic these days in the Infosec world. It seems everyone has a feed of “bad” IP addresses and hostnames they want to sell you, or share. This is an encouraging trend in that it indicates the security industry is attempting to […]

November 1, 2013

SECURITY

Using a “Playbook” Model to Organize Your Information Security Monitoring Strategy

7 min read

CSIRT, I have a project for you. We have a big network and we’re definitely getting hacked constantly. Your group needs to develop and implement security monitoring to get our malware and hacking problem under control.   If you’ve been a security engineer for more than a few years, no doubt you’ve received a directive […]

October 24, 2013

SECURITY

To SIEM or Not to SIEM? Part II

10 min read

The Great Correlate Debate SIEMs have been pitched in the past as "correlation engines" and their special algorithms can take in volumes of logs and filter everything down to just...

October 22, 2013

SECURITY

To SIEM or Not to SIEM? Part I

7 min read

Security information and event management systems (SIEM, or sometimes SEIM) are intended to be the glue between an organization's various security tools. Security and other event log sources export their...

October 18, 2013

SECURITY

Getting a Handle on Your Data

9 min read

When your incident response team gets access to a new log data source, chances are that the events may not only contain an entirely different type of data, but may also be formatted differently than any log data source you already have. Having a data collection and organization standard will ease management and analysis of […]

October 9, 2013

SECURITY

Making Boring Logs Interesting

6 min read

This post centers around the practice of logging data - data from applications, devices, and networks - and how the components of data logging can help in the identification and remediation of network events.