Security

A few years ago, a point-product security vendor proudly declared their technology was the silver bullet that stopped ALL security threats from penetrating the corporate network. Many of us in the industry raised our collective eyebrows in surprise at such a bold claim. While the naive or inexperien…

More organizations are starting to view cybersecurity as a strategic risk. They have to—it’s becoming unavoidable. Technology and the business are so intertwined. Regulators are issuing more compliance measures that include information security directives. And all the while, adversaries are re…

Enterprise security professionals have their hands full these days—monitoring networks for security breaches, managing the implications of “bring your own device” policies, and patching systems to combat “weak links,” or vulnerabilities that could allow online criminals to gr…

Analysis of high-profile cyber breaches often reveals how intruders gain their initial footprint in the targeted organizations and bypass perimeter defenses to establish a backdoor for persistent activities. Such stealthy activities may continue until intruders complete their ultimate mission—claimi…

Even in the world of cybercrime, when a top “vendor” drops out of the market, competitors will scurry to fill the void with their own products. As reported in the Cisco 2014 Midyear Security Report, when Paunch—the alleged creator and distributor of the Blackhole exploit kit—was arrested…

Through our ongoing “Inside Out” project at Cisco, our threat researchers have the opportunity to closely examine select networks—with our customers’ permission—to identify evidence of malicious traffic. We use Domain Name System (DNS) lookups emanating from enterprise networks to create a snapshot…

The Cisco 2014 Midyear Security Report has been released, diving into threat intelligence and cybersecurity trends for the first half of 2014. You may be thinking, “What could have possibly changed since January?” True to form, the attacker community continues to evolve, innovate, and think up new w…

Organizations are rapidly moving critical data into the cloud, yet they still have serious concerns about security and other business risks. Read Bob Dimicco’s blog to learn several important steps companies can take to mitigate the risks of cloud services, such as uncovering shadow IT, assessing da…

This blog was co-authored by Kevin Brooks, Alex Chiu, Joel Esler, Martin Lee, Emmanuel Tacheau, Andrew Tsonchev, and Craig Williams.   On the 21st of July, 2014, Cisco TRAC became aware that the website dwnews.com was serving malicious Adobe Flash content. This site is a Chinese language news websit…