Security

April 22, 2014

SECURITY

Cisco Announces Managed Threat Defense Service

While out talking to customers, I’ve continually heard about three fundamental security challenges they are wrestling to manage: changing business models, a dynamic threat landscape, and fragmentation of security solutions.  The 2014 Cisco Annual Security Report estimates there will be a global shortage of over one million security professionals this year alone.  The combination of […]

April 18, 2014

SECURITY

Cisco IPS Signature Coverage for OpenSSL Heartbleed Issue

The Cisco IPS Signature Development team has released 4 signature updates in the past week. Each of the updates contains either modifications to existing signatures or additional signatures for detection of attacks related to the OpenSSL Heartbleed issue. I’m going to take a moment to summarize the signature coverage.

April 18, 2014

SECURITY

Summary: IoT Holds Great Promise – But Ensuring Its Security Takes Strong Leadership and Teamwork!

Despite the many benefits of IoT, the billions of connected sensors, devices, and other smart objects it comprises will also dramatically increase the diversity of threats we will face. As a result, ensuring that we can reap the overwhelming benefits of IoT without undermining security will take strong leadership and a great deal of teamwork throughout the industry. That’s why I’m proud that Chris Young, Senior Vice President, Cisco Security Group, recently made the list as one of the top 100 thought leaders for IoT!

April 17, 2014

SECURITY

On Cisco.com password changes

Last week I published a brief blog about the OpenSSL heartbeat extension vulnerability, also known as the Heartbleed bug. One commenter asked, “What about the Cisco.com website? Is it safe to change our passwords on the site?” We received a handful of similar questions from customers today, so I would like to offer our formal […]

April 17, 2014

SECURITY

Not If, but When: The case for Advanced Malware Protection Everywhere

A recent Bloor Research Market Update on Advanced Threat Protection reminds us of something that many security vendors have long been loath to acknowledge: traditional, point-in-time technologies, like anti-virus or sandboxes, are not entirely effective when defending against complex, sophisticated attacks. This is due to something we have said before and we will say again: […]

April 16, 2014

SECURITY

Making Your Metrics Program Effective Beyond Just Charts and Numbers

Information security is all about risk reduction, and risks are notoriously difficult to measure - ask any insurance salesman or actuary. So how do we handle this conundrum for a security metrics program that hasn't even reached its second anniversary yet?

April 16, 2014

SECURITY

Cisco Live 2014 San Francisco: Security Technology Track

Cisco Live, May 18-24, 2014, is quickly approaching and registration is open. This is the 25th anniversary of Cisco Live and we return to the Bay Area at San Francisco's Moscone Center. Educational sessions are organized into technology tracks to make it easy to find the topics that most interest you. With network and data security being top of mind, I'd like to highlight the Security technology track's exciting content lineup.

April 15, 2014

SECURITY

Year-Long Exploit Pack Traffic Campaign Surges After Leveraging CDN

Anyone can purchase an exploit pack (EP) license or rent time on an existing EP server. The challenge for threat actors is to redirect unsuspecting web browsing victims by force to the exploit landing page with sustained frequency. Naturally, like most criminal services in the underground, the dark art of traffic generation is a niche specialty that must be purchased to ensure drive-by campaign success. For the past year we have been tracking a threat actor (group) that compromises legitimate websites and redirects victims to EP landing pages. Over the past three months we observed the same actor using malvertising - leveraging content delivery networks (CDNs) to facilitate increased victim redirection - as part of larger exploit pack campaigns.

April 14, 2014

SECURITY

Building in Security from the Ground Up with The Cisco Secure Development Lifecycle

At Cisco, security runs through everything that we do. It is our commitment to deliver verifiable, trustworthy network architectures built on secure software and secure hardware, backed by prudent supply chain security practices. That’s why Cisco created the Cisco Secure Development Lifecycle (Cisco SDL) to ensure that security is central through the entire product development […]

Why Cisco Security?

Explore our Products & Services

Subscribe to our Blogs

Stay up to date and get the latest blogs from Cisco Security