Security

April 9, 2014

SECURITY

OpenSSL Heartbleed vulnerability CVE-2014-0160 – Cisco products and mitigations

*** UPDATED 15-April 2014  *** By now, almost everyone has heard of the OpenSSL Heartbleed vulnerability with CVE id CVE-2014-0160. The vulnerability has to do with the implementation of the TLS heartbeat extension (RFC6520) and could allow secret key or private information leakage in TLS encrypted communications. For more detailed information, visit the VRT’s analysis. […]

April 8, 2014

SECURITY

Drivers for Managed Security and what to look for in a Cloud Provider [Summary]

The first blog of this series discussing the role of data security in the cloud can be found here. In 2014 and onward, security professionals can expect to see entire corporate perimeters extended to the cloud, making it essential to choose a service provider that can deliver the security that your business needs. While organizations can let business needs […]

April 2, 2014

SECURITY

NSS Labs Breach Detection Systems Testing Demonstrates Why Threat Protection Must be Continuous

Follow @vrybdpkt Long before becoming a part of Cisco, the Sourcefire team was aggressively addressing the advanced malware challenges our customers face daily. We believe that the most effective way to address these challenges is a continuous Advanced Malware Protection (AMP) approach that does more than just track malware at a point in time, but […]

April 1, 2014

SECURITY

The Security Imperative As Mobility Evolves

Editor’s Note: This post is a response to EN Mobility Workspace. Please see that post for full context. A colleague of mine here at Cisco, Jonathan, recently spoke well to the Evolution of Cisco Mobility Workspace Journey. Like all technologies, there is an adoption and engagement cycle based on maturity and risk level. We begin […]

March 28, 2014

SECURITY

Security Metrics Starting Point: Where to Begin?

Editor’s Note: This is the second part of a four-part series featuring an in-depth overview of Infosec’s (Information Security) Unified Security Metrics Program. In this second installment, we discuss where to begin measuring. H. James Harrington, noted author of Business Process Improvement, once said “Measurement is the first step that leads to control and eventually […]

March 27, 2014

SECURITY

Cisco Security Response Team Opens Its Toolbox

Cisco’s network is a massively complex environment that requires extensive monitoring and remediation. In today’s world of advanced threats and attacks, the company that possesses and positions its tools to preemptively identify and mitigate threats is the one left standing when the dust settles. Cisco leverages its Computer Security Incident Response Team (CSIRT), a global […]

March 26, 2014

SECURITY

A Bundle is Born

Today, we released the first Cisco IOS Software Security Advisory Bundled Publication of 2014. Six years ago, Cisco committed to disclosing IOS vulnerabilities on a predictable schedule (on the fourth Wednesday of March and September each calendar year) in direct response to your feedback. We know this timeline allows your organization to plan ahead and […]

March 21, 2014

SECURITY

February 2014 Threat Metrics

Web surfers in February 2014 experienced a median malware encounter rate of 1:341 requests, compared to a January 2014 median encounter rate of 1:375. This represents a 10% increase in risk of encountering web-delivered malware during the second month of the year. February 8, 9, and 16 were the highest risk days overall, at 1:244, […]

March 20, 2014

SECURITY

Coordinated Website Compromise Campaigns Continue to Plague Internet

This post is co-authored with Levi Gundert and Andrew Tsonchev. Update 2014-03-21: For clarity, the old kernel is a common indicator on the compromised hosts. We are still investigating the vulnerability, and do not yet know what the initial vector is, only that the compromised hosts are similarly ‘old’. Update 2014-03-22: This post’s focus relates […]