Security

April 16, 2014

SECURITY

Cisco Live 2014 San Francisco: Security Technology Track

Cisco Live, May 18-24, 2014, is quickly approaching and registration is open. This is the 25th anniversary of Cisco Live and we return to the Bay Area at San Francisco's Moscone Center. Educational sessions are organized into technology tracks to make it easy to find the topics that most interest you. With network and data security being top of mind, I'd like to highlight the Security technology track's exciting content lineup.

April 15, 2014

SECURITY

Year-Long Exploit Pack Traffic Campaign Surges After Leveraging CDN

Anyone can purchase an exploit pack (EP) license or rent time on an existing EP server. The challenge for threat actors is to redirect unsuspecting web browsing victims by force to the exploit landing page with sustained frequency. Naturally, like most criminal services in the underground, the dark art of traffic generation is a niche specialty that must be purchased to ensure drive-by campaign success. For the past year we have been tracking a threat actor (group) that compromises legitimate websites and redirects victims to EP landing pages. Over the past three months we observed the same actor using malvertising - leveraging content delivery networks (CDNs) to facilitate increased victim redirection - as part of larger exploit pack campaigns.

April 14, 2014

SECURITY

Building in Security from the Ground Up with The Cisco Secure Development Lifecycle

At Cisco, security runs through everything that we do. It is our commitment to deliver verifiable, trustworthy network architectures built on secure software and secure hardware, backed by prudent supply chain security practices. That’s why Cisco created the Cisco Secure Development Lifecycle (Cisco SDL) to ensure that security is central through the entire product development […]

April 11, 2014

SECURITY

Heartbleed: Transparency for our Customers

We know that communicating quickly and openly about security vulnerabilities can result in a little extra public attention for Cisco. As a trustworthy vendor, this is something we’re happy to accept. It’s recently been said that there is only one thing being discussed by IT security people right now – the OpenSSL heartbeat extension vulnerability […]

April 10, 2014

SECURITY

March 2014 Threat Metrics

The median rate of web malware encounters in March 2014 was 1:260, compared to a median rate of 1:341 requests in February. At least some of this increased risk appears to have been a result of interest in the NCAA tournaments (aka March Madness), which kicked off during the second week of March in the […]

April 9, 2014

SECURITY

OpenSSL Heartbleed vulnerability CVE-2014-0160 – Cisco products and mitigations

*** UPDATED 15-April 2014  *** By now, almost everyone has heard of the OpenSSL Heartbleed vulnerability with CVE id CVE-2014-0160. The vulnerability has to do with the implementation of the TLS heartbeat extension (RFC6520) and could allow secret key or private information leakage in TLS encrypted communications. For more detailed information, visit the VRT’s analysis. […]

April 8, 2014

SECURITY

Drivers for Managed Security and what to look for in a Cloud Provider [Summary]

The first blog of this series discussing the role of data security in the cloud can be found here. In 2014 and onward, security professionals can expect to see entire corporate perimeters extended to the cloud, making it essential to choose a service provider that can deliver the security that your business needs. While organizations can let business needs […]

April 2, 2014

SECURITY

NSS Labs Breach Detection Systems Testing Demonstrates Why Threat Protection Must be Continuous

Follow @vrybdpkt Long before becoming a part of Cisco, the Sourcefire team was aggressively addressing the advanced malware challenges our customers face daily. We believe that the most effective way to address these challenges is a continuous Advanced Malware Protection (AMP) approach that does more than just track malware at a point in time, but […]

April 1, 2014

SECURITY

The Security Imperative As Mobility Evolves

Editor’s Note: This post is a response to EN Mobility Workspace. Please see that post for full context. A colleague of mine here at Cisco, Jonathan, recently spoke well to the Evolution of Cisco Mobility Workspace Journey. Like all technologies, there is an adoption and engagement cycle based on maturity and risk level. We begin […]

Why Cisco Security?

Explore our Products & Services

Subscribe to our Blogs

Stay up to date and get the latest blogs from Cisco Security