security

October 21, 2015

EXECUTIVE PLATFORM

Agility is the New Smart

As businesses strive to become digital, they need to be more flexible, innovative, and agile than ever. Customers are engaging with businesses differently from how they were just five years ago, and the bulk of their interactions are not with people but with systems (think airport and hotel check-in, ordering a product, or getting a […]

October 20, 2015

RETAIL AND HOSPITALITY

Join the Conversation: Where Shopping Experience Meets the New Digital Consumer

The demands of increasingly mobile and digital consumers are creating unprecedented complexity for retailers and brands.  How should retailers respond?  We’re going to tackle this question together on Twitter next...

October 13, 2015

THREAT RESEARCH

Project Aspis

One of the hardest jobs on the Internet is to work the abuse desk at a hosting provider.  These teams have to strike a difficult balance between protecting their customers, ensuring that their services aren’t being abused by malicious actors and delivering the service and convenience their customers expect.  They don’t get near enough credit […]

October 2, 2015

THREAT RESEARCH

Vulnerability Spotlight: MiniUPnP Internet Gateway Device Protocol XML Parser Buffer Overflow

Vulnerability discovered by Aleksandar Nikolic of Cisco Talos. Post authored by Earl Carter and William Largent Talos is disclosing the discovery of an exploitable buffer overflow vulnerability in the the MiniUPnP library TALOS-2015-0035 (CVE-2015-6031). The buffer overflow is present in client-side XML parser functionality in miniupnpc. A specially crafted XML response can lead to a […]

September 23, 2015

SECURITY

It’s That Time Again—Announcing the Cisco IOS & XE Software Security Advisory Bundled Publication

Today, we released the last Cisco IOS & XE Software Security Advisory Bundled Publication of 2015. As a reminder, Cisco discloses IOS vulnerabilities on a predictable schedule (the fourth Wednesday of March and September each calendar year).  Last cycle, we began including Cisco Security Advisories addressing vulnerabilities in Cisco IOS XE Software in this publication.  This change […]

September 22, 2015

SECURITY

Welcome Michelle Dennedy, Cisco’s Chief Privacy Officer

 “It’s our thesis that privacy will be an integral part of the next wave in the technology revolution and that innovators who are emphasizing privacy as an integral part of the product life cycle are on the right track.” —The Privacy Engineer’s Manifesto, 2014 Privacy in an always and increasingly connected world is a complex […]

September 18, 2015

SECURITY

IT Security: When Maturity is Overrated

In so many parts of life, the passing of time is a benefit. Wine and whisky mature, intelligence is gained, and friendships grow stronger. For those of us working in IT security, however, the passing of time brings new challenges. Prolonging the use of older technology exponentially increases risk and the resulting problems can cost […]

September 15, 2015

SECURITY

SYNful Knock: Detecting and Mitigating Cisco IOS Software Attacks

Historically, threat actors have targeted network devices to create disruption through a denial of service (DoS) situation. While this remains the most common type of attack on network devices, we continue to see advances that focus on further compromising the victim’s infrastructure. Recently, the Cisco Product Security Incident Response Team (PSIRT) has alerted customers around […]

September 14, 2015

SECURITY

Anomaly vs Vulnerability Detection Using Cisco IPS

The Cisco IPS network based intrusion prevention system (NIPS) uses signatures to detect network-based attacks. Signatures can be created in a variety of engines based on the type of network traffic being inspected. Cisco signatures have very flexible configurations. In this blog post, I will discuss the trade-offs between two basic approaches for signature configuration: […]