Avatar

Jeff Bollinger

CSIRT Manager

Infosec CSIRT

Jeff Bollinger joined Cisco Systems in 2002 supporting Cisco's security technologies and solutions for SMB and enterprise customers. In 2006 Jeff moved to the Computer Security Incident Response Team (CSIRT) and rapidly developed its global security monitoring and incident response capabilities. Specialising in investigations, and intrusion detection, Jeff built one of the largest Cisco IPS networks in the world as well as an enterprise class secure web proxy architecture. His recent efforts include log mining and optimisation, threat research, and security investigations.

Articles

January 15, 2020

SECURITY

Disk Image Deception

Cisco’s Computer Security Incident Response Team (CSIRT) detected a large and ongoing malspam campaign leveraging the .IMG file extension to bypass automated malware analysis tools and infect machines with a variety of Remote Access Trojans. During our investigation, we observed multiple tacti…

May 12, 2019

SECURITY

Cisco Security First: Focusing on the Issues of Incident Response and Security Teams

Cisco CSIRT is a global team of information security professionals responsible for the 24/7 monitoring, investigation and response to cybersecurity incidents for Cisco-owned businesses. CSIRT engages in proactive threat assessment, mitigation planning, incident detection and response, incident trend…

February 9, 2018

SECURITY

Cisco Hosting Amsterdam 2018 FIRST Technical Colloquium

We would like to announce a “Save the Date” and “Call for Speakers” for the FIRST Amsterdam Technical Colloquium (TC) 2018. The main event, hosted by Cisco Systems in Amsterdam, Netherlands will be a plenary style conference held on the 17th and 18th of April 2018. We are also offering optional, fre…

August 7, 2017

SECURITY

Open Source Threat Intel: GOSINT

It’s our pleasure to announce the public availability of GOSINT – the open source intelligence gathering and processing framework. GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operati…

February 27, 2015

SECURITY

Cisco Hosting Amsterdam 2015 FIRST Technical Colloquium

Registration is now open for the upcoming FIRST Technical Colloquium May 4-6, 2015 at Cisco Systems in Amsterdam, Netherlands. Please contact us at amsterdam-tc@first.org for any questions. The event already has an exciting preliminary program covering: Attacks Against Cloud Server Honeypots Emergi…

December 3, 2013

SECURITY

Operational Security Intelligence

Security intelligence, threat intelligence, cyber threat intelligence, or “intel” for short is a popular topic these days in the Infosec world. It seems everyone has a feed of “bad” IP addresses and hostnames they want to sell you, or share. This is an encouraging trend in that it indicates the secu…

October 24, 2013

SECURITY

To SIEM or Not to SIEM? Part II

The Great Correlate Debate SIEMs have been pitched in the past as “correlation engines” and their special algorithms can take in volumes of logs and filter everything down to just the good stuff. In its most basic form, correlation is a mathematical, statistical, or logical relationship…

October 22, 2013

SECURITY

To SIEM or Not to SIEM? Part I

Security information and event management systems (SIEM, or sometimes SEIM) are intended to be the glue between an organization’s various security tools. Security and other event log sources export their alarms to a remote collection system like a SIEM, or display them locally for direct acces…

October 3, 2013

SECURITY

Big Security—Mining Mountains of Log Data to Find Bad Stuff

Your network, servers, and a horde of laptops have been hacked. You might suspect it, or you might think it’s not possible, but it’s happened already. What’s your next move? The dilemma of the “next move” is that you can only discover an attack either as it’s happ…