How Will You Keep Up With An Avalanche of Connections in 2013?
Ask the Data Center Security Expert with Cisco’s Rajneesh Chopra Rajneesh Chopra is the Director of Product Management and Marketing at Cisco for the enterprise firewall line of technologies and has more than 10 years of product management leadership experience in the networking and data center arena. He also has a very futuristic outlook and a […]
Red October in January: The Cyber Espionage Era
Researchers from Kaspersky Lab have released information about a large-scale cyber espionage campaign called Operation Red October (otherwise known as Rocra). The report has garnered the attention of multiple news agencies and generated many published articles since the Kaspersky report has claimed that attackers were targeting hundreds of diplomatic, governmental, and scientific organizations in numerous countries. These reports indicate that the command-and-control (C&C) infrastructure that is used on these attacks receives stolen information using more than 60 domain names to hide its identity. Furthermore, this information appears to be funneled into a second tier of proxy servers. These are very clever attacks that many are now claiming have been taking place for more than five years! Red October is being compared with other malware that has been associated with cyber espionage such as Duqu, Flame, and Gauss.
New PSIRT Deliverable Aids Transparency in Vulnerability Disclosure
A phrase I’ve recently been hearing repeated is that “product features will come and go, but risk mitigation is continuous.” With that in mind, our Product Security Incident Response Team (PSIRT) is doing its part by seeking ways to improve how we transparently communicate information about Cisco product vulnerabilities to our Customers and Partners. Starting […]
New Java Vulnerability Being Exploited in the Wild
The new Oracle Java arbitrary code execution vulnerability has not only hit many news wires and social media outlets, but many victims as well, and it has been incorporated into several exploit kits. This critical vulnerability, as documented in IntelliShield alert 27845, could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system with the […]
Protecting Our Networks: It’s a Team Game Now!
I have been coaching youth sports for the past seven plus years now and one of my common mantras when speaking to the girls and boys each season is that “we will win as a team and lose as a team.” In other words, I will never tolerate one player acting selfishly enough to think […]
Security Assessments: More Than Meets the Eye
Is the product safe to use? I have been asked this question on occasion in a non-technical sense and maybe you have too. In a technical context, I could frame the question as “Are the online services and underlying technologies supporting my services safe?” A continuous effort must go into substantiating the preferable answer (“Yes”) […]
Commitment and Community: Cisco’s Security DNA
This is our final post in the series of SecCon-related articles. This post drives home the point made by Cisco's senior executives at the SecCon conference - security must be pervasive in every aspect of every product we design, develop, and deploy. It’s what our customers expect, and SecCon is one of the major delivery vehicles for creating a unified front within the engineering community as part of Cisco’s evolution towards the “Internet of Everything”.
Security Features vs. Securing Features
Here's the fourth in a series of posts revolving around the recently held Cisco SecCon 2012 (December 3-6) security conference. This post zeroes in on the fact that software vendors need to start focusing (more) on the overall security and quality of software, not just on the implementation of security features in products.
Securing Linux Based Products With CSDL
Here's the third in a series of posts revolving around the recently held Cisco SecCon 2012 (December 3-6) security conference. The focus of this post is on the Cisco Secure Development Lifecycle (CSDL), Cisco’s approach to building secure products and solutions, and specifically the release of two Cisco documents that have been an integral part of CSDL: “Linux Hardening Recommendations For Cisco Products” and “Product Security Baseline Linux Distribution Requirements."