Ben Nahorney

Threat Intelligence Analyst

Cisco Security

Ben Nahorney is a Threat Intelligence Analyst focused on covering the threat landscape for Cisco Security. With more than a decade and a half of experience in the Internet security field, Ben has weathered threat outbreaks reaching back to the early 2000s and helped develop and report on breaking research such as the Stuxnet virus.

A firm believer in “the right tool for the job,” Ben has been an avid producer of written, graphical, video, and data-driven content to help convey how threats operate, and authored papers on security topics ranging from email threats to detecting IoCs to annual reports on the state of the threat landscape.


April 9, 2024


Defusing the threat of compromised credentials

6 min read

Identity related attacks are a common tactic used by bad actors. Learn how to help protect against these attacks.

October 31, 2023


Determining the 10 most critical vulnerabilities on your network

4 min read

Learn how to take threat intelligence data available in Cisco Vulnerability Management and use it to uncover trends in Cisco Secure Firewall, uncovering new insights.

October 30, 2023


The myth of the long-tail vulnerability

6 min read

A long tail distribution of exploit attempts sounds reasonable. But is this how exploitation attempts really play out? Do attackers abandon exploits after a certain stage? To answer these questions, we’ll look at Snort data from Cisco Secure Firewall.

October 20, 2023


Explorations in the spam folder: A sum greater than the parts

6 min read

We all know to look out for phishing emails, but sometimes these scams can catch us off guard. Learn to identify minute details that, when brought together, shine light on a larger attack.

June 13, 2023


Threat Trends: Snort IPS

7 min read

In this ThreatWise TV episode we look at how Snort can be used to protect organizations, analyze Snort telemetry, and talk about what attackers often target.

December 8, 2022


Explorations in the spam folder–Holiday Edition

7 min read

We explore spam campaigns during this holiday season, demonstrating what can happen if someone actually clicks on links or open attachments in these unsolicited emails.

October 26, 2022


ThreatWise TV: Exploring Recent Incident Response Trends

5 min read

This ThreatWise TV episode, we are examining some of the revelations in the Q3 Cisco Talos Incident Response Trends Report.

September 27, 2022


Threat Trends: Vulnerabilities

7 min read

Are the most talked about vulnerabilities the same as those that are most widely used in attacks?

October 19, 2021


Threat Trends: Firewall

9 min read

Firewalls are a key component of any perimeter defense —the proverbial guard towers in your fortifications. Here, we examine the top threats encountered by Cisco Secure Firewall, and the Secure IPS component and Snort rules used control and inspect the traffic on the network.