indicators of compromise

Co-authored with: Jan Jusko, Harry Nayyar, and Danila Khikhlukha. Adversaries continue to evolve their techniques to evade detection. Static analysis approaches are prone to evasion using malicious packers, code obfuscation, and polymorphism. That means that the vast majority of malware is unique to…

Many pieces of forensic evidence come into play when investigating a crime scene – analysis of fingerprints, DNA, shoe prints, videos/photos, ballistics, etc. By analyzing the data, a picture of the crime emerges, which in the case of a serial killer often includes his or her MO or method of operati…

Advanced threats are continuously evolving and so must our ability to detect, understand, and stop them. Indicators of Compromise are vital to this process. At Cisco, our approach to developing Indicators of Compromise and interpreting them is continuously evolving to empower you with the best intel…

As a result of Cisco’s acquisition last May, ThreatGRID is now part of the Cisco Advanced Malware Protection (AMP) portfolio as AMP Threat Grid. The acquisition expands Cisco AMP capabilities in the areas of dynamic analysis and threat intelligence technology, both on-premise and in the cloud. AMP T…

Cisco ASA with FirePOWER Services has redefined the next-generation firewall (NGFW) as an adaptive, threat-focused platform, delivering superior, multi-layered protection, unparalleled visibility, and reduced security costs and complexity. This innovative new solution addresses three strategic imper…

In my final post in this series, I wanted to focus on another powerful innovation made possible by combining a big data architecture and a continuous approach for more effective protection: automated, advanced analytics. Today’s advanced malware compromises environments from an array of attack vecto…