Cisco Blogs


Cisco Blog > Security

Big Data Ecosystem Challenges

Information security is one of the largest business problems facing organisations. Log data generated from networks and computer systems can be aggregated, stored, and analysed to identify where misuse occurs. The enormous amount of data involved in these analyses is beyond the capability of traditional systems and requires a new, big data approach. Given the right tools, skills and people, security teams can take advantage of big data analysis to quickly identify malicious activity and remediate attacks. Together, the big data platforms, the administration tools, analysis tools, skilled analysts, and pressing problems form an evolving ecosystem driving innovation. It would be a mistake to believe that this ecosystem is not without its challenges.
Read More »

Tags: , , ,

Trust but Verify and Verify and Verify Again

TRAC-tank-vertical_logo-300x243
Two recent disclosures show that often the weaknesses in cryptography lie not in the algorithms themselves, but in the implementation of these algorithms in functional computer instructions. Mathematics is beautiful. Or at least mathematics triggers the same parts of our brain that respond to beauty in art and music [1]. Cryptography is a particularly beautiful implementation of mathematics, a way of ensuring that information is encoded in such a way so that it can only be read by the genuine intended recipient. Cryptographically signed certificates ensure that you are certain of the identity of the person or organisation with which you are communicating, and cryptographic algorithms ensure that any information you transfer cannot be read by a third party. Although the science of cryptography is solid, in the real world nothing is so easy.
Read More »

Tags: ,

Cisco Hosting Amsterdam 2014 FIRST Technical Colloquium

The registration is now open and there is still time left to respond to the call for papers for the upcoming FIRST Technical Colloquium April 7-8, 2014. Please contact us at amsterdam-tc@first.org for speaker engagements. The event already has an exciting preliminary program covering:

  • Savvy Attribution in the DNS – Using DNS to Geo-locate Malicious Actors
  • Beyond Zone File Access: Discovering interesting Domain Names Using Passive DNS
  • DNStap: High speed DNS logging without packet capture
  • CVSS v3 – This One Goes to 11
  • Securing the Internet Against DDoS Attacks
  • Threat Actor Techniques
  • Mitigating Attacks Targeting Administrator Credentials in the Enterprise
  • Hardware: The root of trust in the cloud
  • Targeted attack case study
  • What does an enterprise monitor for targeted attacks? -- CSIRT Playbook II
  • Security uses for hadoop & big data
  • OpenSOC
  • Using HBASE for Packet capture

And many more current issues facing the incident response community. Learn how organizations operationalize intelligence to mitigate and detect advanced threats.

The event’s line-up includes so far already notables from Cisco Security Intelligence Operations (SIO), Symantec, Vrije Universiteit Amsterdam and Farsight. Looking forward to A great TC!

Tags: , , , , , ,

Dynamic Detection of Malicious DDNS

 

This post was co-authored by Andrew Tsonchev.TRAC-tank-vertical_logo-300x243

Two weeks ago we briefly discussed the role of dynamic DNS (DDNS) in a Fiesta exploit pack campaign. Today we further analyze and explore the role of DDNS in the context of cyber attack proliferation and present the case for adding an operational play to the incident response and/or threat intelligence playbook to detect attack pre-cursors and attacks in progress. Read More »

Tags: , , ,

Attack Attribution and the Internet of Things

TRAC-tank-vertical_logoOn January 16, 2014, Proofpoint discussed a spam attack conducted via “smart devices which have been compromised.” Among the devices cited by Proofpoint as participating in the “Thingbot” were routers, set-top boxes, game consoles, and purportedly, even one refrigerator. Of course, news about a refrigerator sending spam generates considerable media attention, as it should, since an attack by the Internet of Things (IoT) would represent a high-water mark in the evolution of (in)security on the Internet. However, soon after Proofpoint’s post, Symantec published a response indicating that IoT devices were not responsible for the spam attack in question, and the machines behind the spam attack were all really just infected Windows boxes. So why is determining the identify of the devices used in this spam attack so difficult?

badguy_behind_fridge

Read More »

Tags: , ,