security
Securing Employee Device Freedom
4 min read
As a business or technical leader, you know you need to protect your company in a rapidly evolving mobile ecosystem. However, threats are not always obvious. As malware and attacks become more sophisticated over time, business decision makers must work with technical decision makers to navigate security threats in a mobile world. I’m excited to […]
A New Model to Protect the Endpoint, Part 3: Automated Advanced Analytics
2 min read
In my final post in this series, I wanted to focus on another powerful innovation made possible by combining a big data architecture and a continuous approach for more effective protection: automated, advanced analytics. Today’s advanced malware compromises environments from an array of attack vectors, takes endless form factors, launches attacks over time, and can […]
Threat Spotlight: “A String of Paerls”, Part 2, Deep Dive
1 min read
This post has been coauthored by Joel Esler, Craig Williams, Richard Harman, Jaeson Schultz, and Douglas Goddard In part one of our two part blog series on the “String of Paerls” threat, we showed an attack involving a spearphish message containing an attached malicious Word doc. We also described our methodology in grouping similar samples based on Indicators of Compromise: static and […]
Summary: Governing the World of Many Clouds with Cisco Cloud Consumption Optimization Service
1 min read
CIOs face a scary reality. They only know about 5-10% of the cloud applications that are being used within their organization. This shadow IT is ripping holes in their security strategies. In fact, a recent Forrester study cited that 43% of respondents said they believed shadow IT practices were major threats to their respective organizations. […]
A New Model to Protect the Endpoint, Part 2: Attack Chain Weaving
2 min read
In my last post, I talked about the need for a paradigm shift from point-in-time detection technologies to a new model that combines a continuous approach with a big data architecture. This new model lets Cisco deliver a range of other innovations that enhance the entire advanced malware protection process across the full attack continuum—before, […]
Threat Spotlight: A String of ‘Paerls’, Part One
5 min read
This post was co-authored by Jaeson Schultz, Joel Esler, and Richard Harman. Update 7-8-14: Part 2 can be found here This is part one in a two-part series due to the sheer amount of data we found on this threat and threat actor. This particular attack was a combined spearphishing and exploit attempt. As we’ve seen in the past, this […]
A Holistic Approach to Secure Enterprise Mobility
3 min read
“It’s not secure enough… so we are not going to allow it to happen.” Does this phrase seem all too familiar? Today, IT and business leaders are faced with the challenge of securing any user from any location on any device with access to any information. At times, it can be a daunting road to […]
Cisco Web Security and the Health Insurance Portability and Accountability Act (HIPAA)
4 min read
Spurred by the Health Insurance Portability and Accountability Act (HIPAA), which outlined a set of standards and guidelines for the protection and transmission of individual health information, as well as the subsequent amendment to address standards for the security of electronic protected health information, customers often ask me the following questions: Is your product HIPAA […]
A New Model to Protect the Endpoint, Part 1: Continuous vs. Point-in-Time Security
2 min read
The fundamental security problem that many defenders face is securing their environment in a world of continuous change. IT environments change. Threats change. But today’s threat detection technology doesn’t change. It’s stuck in time, point-in-time to be exact. Sure, detection technologies have evolved. The latest improvements include: executing files in a sandbox for detection and […]