Cisco Blogs


Cisco Blog > Security

Primer on the Common Vulnerability Scoring System CVSS

What is CVSS -- (the Common Vulnerability Scoring System)? How can it help me manage risk -- and why is it an important step forward in security research? In this short video Gavin Reid CVSS Program Chair share’s his perspective on the vulnerability scoring standard

Tags: , , ,

Cisco CSIRT on Advanced Persistent Threat

For corporations, Advanced Persistent Threat (APT) is a widely publicized yet little understood topic.  Does it exist?  Is it a real threat?  How can an organization tell if it is impacted?

The Cisco Computer Security Incident Response Team (CSIRT) is a global team of information security professionals responsible for the 24/7 monitoring, investigation and response to cyber security incidents for Cisco-owned businesses. CSIRT engages in proactive threat assessment, mitigation planning, incident detection and response, incident trending with analysis, and the development of security architecture. This article will provide the Cisco CSIRT team’s perspective on APT, and is the fifth in a series of blog posts on related issues from CSIRT’s point of view.  As with the other posts, provided here are some real-world examples and techniques that will hopefully help organizations utilize existing tools and processes, or even understand gaps in security infrastructure.  Read on to find out more.

Read More »

Tags: , , , ,

Netflow for Incident Response

This is the Forth part in the series “Missives from the Trenches.” (Here are the (first), (second), and(third) parts of the series.) In today’s blog post we will be discussing Cisco IOS Netflow. Netflow has an interesting position as being both the most useful and least used tool. When meeting with other companies I often ask them “do you use Netflow?” By asking this question I am actually asking several different questions--Do you care about the security of your site? Or do you have any hopes in managing/responding to events at your site? Answers to these questions unfortunately tend to be as follows: What is Netflow? The network guys use it but we don’t. I think we capture it somewhere but not really sure where -- and so on. I then mention that Netflow is free, they don’t have to buy anything to start using it, and it’s used for every large case we do. At that point they start looking angrily at the sales engineer asking why this is the first they are hearing about it. So what is Netflow and why does Cisco CSIRT say its critical to daily event management? Read on to find out!

Read More »

Tags: , , ,

Call for Speakers – FIRST Security Conference 2011, Vienna

Cisco has had a long history of supporting the Forum of Incident Response Teams (FIRST), as members in the organization, as chairs of various programs, steering committee members, and conference organizers. Cisco has also been providing the network for the global conference for many years. This year I am chairing the conference that will be held in Vienna on June 12-17, 2011. To that end, I am asking for some good security presentations for this year’s conference. We already have some great submissions from Interpol, Kapersky ENISA, etc. As chair I would really like to differentiate the conference with presentations based on real-world cybercrime defense. As we look back we see how rapidly the environment has changed over the past 10 years, starting to bring focus on upcoming changes on the horizon with things like borderless networks, externalization of services, and cloud. And then, further, combine that with the increasing monetization and militarization of cyber threats. FIRST would like to take a close look at the protections and responses of the past, and whether they will be up to the challenge or part of the problem. I talk more about the theme and the conference in this short podcast.

If you have something you would like to share with the security community please read below and contact us using the Speakers Submission Form.

Read More »

Tags: , , , ,

Cisco Ironport Web Security Appliance Deployment

How does Cisco deal with cyber threats from the web? How does Cisco protect any device on a network? The following video will give you an update from Cisco CSIRT’s Gavin Reid on how Cisco is combating this increasing threat.

Tags: , ,