Cisco Blogs


Cisco Blog > Security

A Circular Problem in Current Information Security Principles

Editor’s Note: In this second installment of the blog series on more responsive security, we take a closer look at the circular problems associated with four common security principles in managing “weak link” risks in Information Technology organizations.

Before discussing what constitutes this responsive approach to security, let us first look at a few of the fundamental principles of information security to understand the unique challenges organizations face today in managing security risks.

Read More »

Tags: , , , ,

Ancient Mac Site Harbors Botnet that Exploits IE Vulnerability

This post was authored by Alex Chiu and Shaun Hurley.

Last month, Microsoft released a security bulletin to patch CVE-2014-6332, a vulnerability within Windows Object Linking and Embedding (OLE) that could result in remote code execution if a user views a maliciously crafted web page with Microsoft Internet Explorer. Since then, there have been several documented examples of attackers leveraging this vulnerability and attempting to compromise users. On November 26th, Talos began observing and blocking an attack disguised as a hidden iframe on a compromised domain to leverage this vulnerability and compromise Internet Explorer users.

Read More »

Tags: , , , , , , ,

A Model for Evaluating Breach Detection Readiness

Given that modern attacks are complex and sophisticated, there is not a single product or tool that will ever be 100% effective at detecting threats. Prevention eventually fails. Therefore, you need protection before, during, and after an attack.

Modern-day networks are large and complicated. It is a nightmare for incident response teams and security investigators because it often takes days and months to identify that their networks were compromised. A wide variety of tools, technologies and platforms are available, like big data platforms, machine learning algorithms, statistical techniques, threat intelligence platforms, reputation feeds etc. It is often confusing for the decision makers to identify what is needed for their environment.
Read More »

Tags: , , ,

Reintroducing Snort 3.0

Snort 3.0

A little more than a year ago when Sourcefire became a part of Cisco, we reaffirmed our commitment to open source innovation and pledged to continue support for Snort and other open source projects. Our announcement of the OpenAppID initiative earlier this year was one of several ways we have delivered on this promise.

Today we are announcing the alpha release of a new Snort 3.0 architecture. This alpha release builds on several ideas that were part of the original 3.0 prototype developed several years ago and goes well beyond those initial concepts.

Snort 3.0 expands on the extensible architecture users have come to know and includes several new capabilities that make it easier for people to learn and run Snort. We encourage you check out it out at www.snort.org, give us your feedback and help us build a strong foundation for the future. As Joel mentions in his post, this is a very early release that is intended for community feedback more than anything else.

When I first began building Snort, I architected it so that we could continue to extend it over time. By working with the Snort community, it quickly evolved from the initial primitive idea of an easy-to-use intrusion detection engine to the powerful traffic analysis and control capabilities we have today. With millions of downloads and hundreds of thousands of registered users, Snort is the most widely deployed IPS technology in the world and has become the standard for intrusion detection and prevention. Snort is also the foundation of Cisco’s Next-Generation IPS and is one of the core technologies that cemented Sourcefire’s position as a leader in the security industry.

Cisco understands the power of open source and how it can help customers solve tough challenges. In the coming months you’ll hear more from us about Snort 3.0 and our continued efforts to deliver meaningful capabilities that underscore this commitment.

Tags: , ,

Cisco Announces Intent to Acquire Neohapsis

Today, businesses are looking at security in a strategic, comprehensive way to protect mission critical processes and assets. There has never been a greater need to understand the impact that security threats can have on a company’s bottom line. For these reasons, experienced security advice is now among the table stakes required to assess and address the threat landscape that faces enterprises today. The skills and capabilities companies need to maintain a strong security posture, keep pace with rapidly evolving threats and take full advantage of new technologies that can protect their businesses are rare and difficult to retain.

The right advisory service can change all of that.

I am pleased to announce Cisco’s intent to acquire privately held Neohapsis, a Chicago-based security advisory company providing services to address customers’ evolving information security, risk management, and compliance challenges. Neohapsis provides risk management, compliance, cloud, application, mobile, and infrastructure security solutions to Fortune 500 customers.

Together, Cisco, Neohapsis and our partner ecosystem will deliver comprehensive services to help our customers build the security capabilities required to remain secure and competitive in today’s markets. This will help our customers overcome operational and technical security vulnerabilities, achieve a comprehensive view of their risks, take advantage of new business models, and define structured approaches for better protection.

The Neohapsis team will join the Cisco Security Services organization under the leadership of Senior Vice President and General Manager Bryan Palma. The acquisition is expected to close in the second quarter of fiscal year 2015. We look forward to Neohapsis’ outstanding team and technology joining Cisco!

Tags: , , , , , , , , ,