Levi Gundert

Technical Lead

Cisco Threat Research, Analysis, and Communications (TRAC)

Over the past decade, Levi Gundert has become an internationally recognized information security and risk management leader and trusted cyber security advisor to leading corporations. As a Technical Leader for Cisco's Threat Research, Analysis & Communications (TRAC) team, he works to identify and analyze threats, share cyber security information to industry, government and the public, and help to continually improve Cisco security technology. Gundert is also a thought leader in the practical application of big data analytics in threat intelligence programs, and is particularly focused on developing solutions to help Cisco efficiently manage, query, and analyze massive volumes of real-time threat data.

 Previous roles

Gundert always had a deep interest in technology and security, and was able to explore both areas in depth during his time as a U.S. Secret Service Special Agent assigned to the Los Angeles Electronic Crimes Task Force (ECTF). Before joining the U.S. Secret Service, Gundert worked as a senior network administrator for a West Coast-based financial institution and prior to that, was a systems administrator for a global consulting firm. He applied his knowledge from these technology roles in different cybercrime investigations that resulted in global arrests and prosecutions.

 As a special agent, Gundert developed new methodologies for proactively analyzing threat intelligence and producing actionable leads. Additionally, he helped gather criminal intelligence by covertly engaging hackers and fraudsters in the Underground. Gundert’s international assignments included embedding with the United Kingdom’s Serious Organized Crime Agency (SOCA), and collaborating with City of London police which resulted in the arrest of multiple threat actors. Additionally, Gundert performed worldwide presidential and diplomatic protection as assigned by the U.S. Secret Service.

Gundert left government service in 2007 so he could devote his time solely to cyber threat research. He joined Team Cymru, a specialized Internet security research firm where he led the Threat Intelligence Group, an international team responsible for proactive threat monitoring, research, and analysis in support of both government and enterprise clients. During his six years at the nonprofit, Gundert supervised and contributed to more than 100 extensive analysis reports, including malware and network forensics on over 30 federal law enforcement investigations.

In 2012 Gundert was recruited by the U.S. Federal Bureau of Investigation Law Enforcement Executive Development Association (FBI-LEEDA) to develop and deliver a comprehensive law enforcement program on identify theft, fraud, and cybercrime. The course was presented to more than 600 federal, state, and local law enforcement officials.

 Gundert’s industry certifications include Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker, and Systems Security Certified Practitioner. Gundert is a frequent contributor to online information security magazines and is a regular lecturer at risk management conferences. Among the many organizations that have engaged Gundert as a guest speaker are INTERPOL, Kaspersky, the Australian Federal Police, and the U.S. Department of Justice.

To read Levi Gundert’s recent posts on security, visit http://blogs.cisco.com/author/levigundert/.


June 2, 2014


Attack Analysis with a Fast Graph

3 min read

This post is co-authored by Martin Lee, Armin Pelkmann, and Preetham Raghunanda. Cyber security analysts tend to redundantly perform the same attack queries with different input data. Unfortunately, the search for useful meta-data correlation across proprietary and open source data sets may be laborious and time consuming with relational databases as multiple tables are joined, […]

May 19, 2014


Angling for Silverlight Exploits

6 min read

This post is co-authored by Andrew Tsonchev, Jaeson Schultz, Alex Chiu, Seth Hanford, Craig Williams, Steven Poulson, and Joel Esler. Special thanks to co-author Brandon Stultz for the exploit reverse engineering.  https://www.youtube.com/watch?v=Yrc0U3pjVZM Silverlight exploits are the drive-by flavor of the month. Exploit Kit (EK) owners are adding Silverlight to their update releases, and since April 23rd we […]

April 15, 2014


Year-Long Exploit Pack Traffic Campaign Surges After Leveraging CDN

7 min read

Anyone can purchase an exploit pack (EP) license or rent time on an existing EP server. The challenge for threat actors is to redirect unsuspecting web browsing victims by force to the exploit landing page with sustained frequency. Naturally, like most criminal services in the underground, the dark art of traffic generation is a niche specialty that must be purchased to ensure drive-by campaign success. For the past year we have been tracking a threat actor (group) that compromises legitimate websites and redirects victims to EP landing pages. Over the past three months we observed the same actor using malvertising - leveraging content delivery networks (CDNs) to facilitate increased victim redirection - as part of larger exploit pack campaigns.

March 20, 2014


Understanding Security Through Probability

3 min read

This post was also authored by Min-yi Shen and Martin Lee. Security is all about probability. There is a certain probability that something bad will happen to your networks or your systems over the next 24 hours. Hoping that nothing bad will happen is unlikely to change that probability. Investing in security solutions will probably […]

February 11, 2014


Dynamic Detection of Malicious DDNS

6 min read

  This post was co-authored by Andrew Tsonchev. Two weeks ago we briefly discussed the role of dynamic DNS (DDNS) in a Fiesta exploit pack campaign. Today we further analyze and explore the role of DDNS in the context of cyber attack proliferation and present the case for adding an operational play to the incident response and/or threat intelligence […]

January 23, 2014


Fiesta Exploit Pack is No Party for Drive-By Victims

5 min read

This post was also authored by Andrew Tsonchev and Steven Poulson. Update 2014-05-26: Thank you to Fox-IT for providing the Fiesta logo image. We updated the caption to accurately reflect image attribution. Cisco’s Cloud Web Security (CWS) service provides TRAC researchers with a constant fire hose of malicious insight and now that we are collaborating with Sourcefire’s Vulnerability Research […]

January 13, 2014


Detecting Payment Card Data Breaches Today to Avoid Becoming Tomorrow’s Headline

6 min read

A few months ago we discussed the various ways that consumer PII is compromised. The recent attacks against Target and Neiman Marcus illustrate the constant threat that payment card accepting retailers of all sizes face. Yesterday Reuters reported that similar breaches over the holidays affected “at least three other well-known U.S. retailers”. Given the current […]

December 13, 2013


Big Data in Security – Part V: Anti-Phishing in the Cloud

8 min read

In the last chapter of our five part Big Data in Security series, expert Data Scientists Brennan Evans and Mahdi Namazifar join me to discuss their work on a cloud anti-phishing solution. Phishing is a well-known historical threat. Essentially, it’s social engineering via email and it continues to be effective and potent. What is TRAC currently doing […]

December 12, 2013


Big Data in Security – Part IV: Email Auto Rule Scoring on Hadoop

6 min read

Following part three of our Big Data in Security series on graph analytics, I’m joined by expert data scientists Dazhuo Li and Jisheng Wang to talk about their work in developing an intelligent anti-spam solution using modern machine learning approaches on Hadoop. What is ARS and what problem is it trying to solve? Dazhuo: From a high-level view, Auto […]

  • 1
  • 2