Cisco Blogs

Cisco Blog > Security

Trends in Data Center Security: Part 1 – Traffic Trends

Organizations are quickly discovering that a “one size fits all” approach to security across the network falls short of addressing the unique trends in the Data Center. So what’s really that unique about the Data Center (DC)? This is a multi-part blog to highlight various trends related to securing the DC, with Part One focusing on traffic trends.

Read More »

Tags: , , , , ,

Cisco Announces Intent to Acquire ThreatGRID

For cyber attackers, and those who defend against them, the stakes could not be higher than they are right now.  There’s no question that security is a top priority for organizations and the threat landscape is more dynamic than ever. Given the explosion in the amount of information being created and exchanged, driven by mobility, cloud computing, and the Internet of Everything (IoE), the number of cyber attacks will continue to increase—and with greater speed and complexity. Companies need threat-centric security solutions to address the full attack continuum – before, during, and after an attack.

Today, I am pleased to announce Cisco’s intent to acquire ThreatGRID, headquartered in New York, NY. ThreatGRID offers dynamic malware analysis and threat intelligence technology, both on-premise and in the cloud. This helps organizations and security teams defend proactively against and quickly respond to advanced cyber attacks and malware outbreaks.

The acquisition of ThreatGRID and its team of security innovators strengthen Cisco’s security strategy to deliver intelligent and comprehensive cybersecurity for the real world. ThreatGRID’s technology enhances Cisco’s Advanced Malware Protection (AMP) portfolio, originally developed by Sourcefire, acquired in 2013. ThreatGRID’s on-premise products also expand our ability to help protect customers with in-house data retention requirements. AMP addresses our customers’ security needs from network to endpoint and delivers comprehensive malware-defeating capabilities, including detection and blocking, continuous analysis and retrospective remediation of advanced threats. The combination of Cisco and ThreatGRID will enhance our already strong capabilities to aggregate and correlate data to identify advanced and evasive cyber threats and provide intelligent cybersecurity solutions for the real world.

Mergers and acquisitions (M&A) and investments are a key part of our innovation strategy that includes build, buy, partner, and integrate. This acquisition further supports Cisco’s priority to deliver innovative security offerings and to be the number one IT company, and security partner, to our customers. The acquisition is expected to close in the fourth quarter of fiscal year 2014. We are very excited to welcome ThreatGRID’s outstanding team and technology to Cisco.

Tags: , , , , ,

California Department of State Hospitals (DSH) Shares the Power of IoE to Enhance Security at CiscoLive!

Today, the California Department of State Hospitals shared our story about the power of technology to deliver a safer work environment during a roundtable discussion at Cisco Live!

During the session, I discussed the unique security challenges our organization faces in balancing its charters to provide hope and support to adults with serious mental illness working toward achieving personal recovery, while also committing to providing a safe, secure, violence-free environment for patients, staff, visitors, and the community.
Read More »

Tags: , , , ,

Cupcakes and Cyber Espionage

Espionage2This blog will suggest a change of strategy in how we address the threat of cyber espionage. One which leverages traditional tactics of counter-intelligence and uses a new approach different than the Lockheed Martin Cyber Kill Chain approach to security, which seeks to disrupt the chain of attack as quickly as possible. Rather than simply cut off an attack, a method of intelligence gathering before stopping the event is proposed, without leaking sensitive information. Often these same approaches can discover yet unknown activities.

Read More »

Tags: , , , , , ,

Angling for Silverlight Exploits

VRT / TRACThis post is co-authored by Andrew Tsonchev, Jaeson Schultz, Alex Chiu, Seth Hanford, Craig Williams, Steven Poulson, and Joel Esler. Special thanks to co-author Brandon Stultz for the exploit reverse engineering. 

Silverlight exploits are the drive-by flavor of the month. Exploit Kit (EK) owners are adding Silverlight to their update releases, and since April 23rd we have observed substantial traffic (often from Malvertising) being driven to Angler instances partially using Silverlight exploits. In fact in this particular Angler campaign, the attack is more specifically targeted at Flash and Silverlight vulnerabilities and though Java is available and an included reference in the original attack landing pages, it’s never triggered.

Rise in Angler Attacks

HTTP requests for a specific Angler Exploit Kit campaign

Exploit Content Type

Angler exploit content types delivered to victims, application/x-gzip (Java) is notably absent


Read More »

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,