Cognitive Intelligence
Cisco Security at Work: Threatwall at Mobile World Congress 2019
If you attended a Cisco Live or an RSA conference in the past couple of years you may have come across a display entitled “Cisco Security at Work”. This display, often referred to as the Threatwall, is a live display of threats on the wireless network at the conferences where it is deployed. Current…
Defeating Polymorphic Malware with Cognitive Intelligence. Part 2: Command Line Argument Clustering
Co-authored with: Jan Jusko, Harry Nayyar, and Danila Khikhlukha. Adversaries continue to evolve their techniques to evade detection. Static analysis approaches are prone to evasion using malicious packers, code obfuscation, and polymorphism. That means that the vast majority of malware is unique to…
Cognitive Intelligence: Empowering Security Analysts, Defeating Polymorphic Malware
Co-authored with: Jan Jusko, Harry Nayyar, and Danila Khikhlukha. In psychology, the term “cognition” refers to a human function that is involved in gaining knowledge and intelligence. It helps describe how people process information and how the treatment of this information may lead to various deci…
Securing Encrypted Traffic on a Global Scale
written by Martin Rehak and Blake Anderson, on behalf of Cognitive and ETA teams Introduction How many engineers does it take to find malware in encrypted traffic? In case of Cisco, the core of machine learning team that enables Encrypted Traffic Analysis (ETA) is about 50 engineers, security resear…
Are You The Lucky One? Sometimes Luck Can Bring You Malware
For more than two decades, malicious actors have been evolving their Phishing techniques to effectively achieve their goals. From poorly crafted scams to extremely well crafted documents, Phishing attacks keep being a very effective technique in the attackers toolbox. Anyone can be a target. While m…
The light is green! But is it safe to go? Abusing users’ faith in HTTPS
This post was authored by Anna Shirokova and Ivan Nikolaev John Smith had a lot of friends and liked to travel. One day he got an email that read: “Money has been sent to your PayPal account”. The sender appeared to be a person he met from recent trip to Cape Town. John Smith was curious…
Closing One Learning Loop: Using Decision Forests to Detect Advanced Threats
This blog post was authored by Veronica Valeros and Lukas Machlica Malicious actors are constantly evolving their techniques in order to evade detection. It is not only the sophistication or the rapid pace of change that is challenging us as defenders, but the scale of attacks. With the continuous f…
In plain sight: Credential and data stealing adware
Adware has been around for a while now. In principle, displaying advertising in order to finance your software is not necessarily something bad. Users are used to seeing advertising everywhere: newspapers, magazines, and websites. When advertising was introduced to software, users had a surprisingly…
Piecing Together Malicious Behavior in Encrypted Traffic
This post was authored by Jan Kohout, Veronica Valeros and Petr Somol. Increasing adoption of encryption in web communication significantly contributes to protection of users’ privacy. However, it also brings tough challenges for intrusion detection systems that need to analyze the traffic wit…