security

July 10, 2014

SECURITY

Securing Employee Device Freedom

4 min read

As a business or technical leader, you know you need to protect your company in a rapidly evolving mobile ecosystem. However, threats are not always obvious. As malware and attacks become more sophisticated over time, business decision makers must work with technical decision makers to navigate security threats in a mobile world. I’m excited to […]

July 9, 2014

SECURITY

A New Model to Protect the Endpoint, Part 3: Automated Advanced Analytics

2 min read

In my final post in this series, I wanted to focus on another powerful innovation made possible by combining a big data architecture and a continuous approach for more effective protection: automated, advanced analytics. Today’s advanced malware compromises environments from an array of attack vectors, takes endless form factors, launches attacks over time, and can […]

July 8, 2014

SECURITY

Threat Spotlight: “A String of Paerls”, Part 2, Deep Dive

1 min read

This post has been coauthored by Joel Esler, Craig Williams, Richard Harman, Jaeson Schultz, and Douglas Goddard  In part one of our two part blog series on the “String of Paerls” threat, we showed an attack involving a spearphish message containing an attached malicious Word doc. We also described our methodology in grouping similar samples based on Indicators of Compromise: static and […]

July 7, 2014

SECURITY

Summary: Governing the World of Many Clouds with Cisco Cloud Consumption Optimization Service

1 min read

CIOs face a scary reality. They only know about 5-10% of the cloud applications that are being used within their organization. This shadow IT is ripping holes in their security strategies. In fact, a recent Forrester study cited that 43% of respondents said they believed shadow IT practices were major threats to their respective organizations. […]

July 2, 2014

SECURITY

A New Model to Protect the Endpoint, Part 2: Attack Chain Weaving

2 min read

In my last post, I talked about the need for a paradigm shift from point-in-time detection technologies to a new model that combines a continuous approach with a big data architecture. This new model lets Cisco deliver a range of other innovations that enhance the entire advanced malware protection process across the full attack continuum—before, […]

June 30, 2014

SECURITY

Threat Spotlight: A String of ‘Paerls’, Part One

5 min read

This post was co-authored by Jaeson Schultz, Joel Esler, and Richard Harman.  Update 7-8-14: Part 2 can be found here This is part one in a two-part series due to the sheer amount of data we found on this threat and threat actor. This particular attack was a combined spearphishing and exploit attempt. As we’ve seen in the past, this […]

June 27, 2014

SECURITY

A Holistic Approach to Secure Enterprise Mobility

3 min read

“It’s not secure enough… so we are not going to allow it to happen.” Does this phrase seem all too familiar? Today, IT and business leaders are faced with the challenge of securing any user from any location on any device with access to any information. At times, it can be a daunting road to […]

June 26, 2014

SECURITY

Cisco Web Security and the Health Insurance Portability and Accountability Act (HIPAA)

4 min read

Spurred by the Health Insurance Portability and Accountability Act (HIPAA), which outlined a set of standards and guidelines for the protection and transmission of individual health information, as well as the subsequent amendment to address standards for the security of electronic protected health information, customers often ask me the following questions: Is your product HIPAA […]

June 25, 2014

SECURITY

A New Model to Protect the Endpoint, Part 1: Continuous vs. Point-in-Time Security

2 min read

The fundamental security problem that many defenders face is securing their environment in a world of continuous change. IT environments change. Threats change. But today’s threat detection technology doesn’t change. It’s stuck in time, point-in-time to be exact. Sure, detection technologies have evolved. The latest improvements include: executing files in a sandbox for detection and […]