The Splunk and Cisco team delivered a great talk at this past Cisco Live event in San Francisco. The talk covered the value of integrating Splunk with Cisco Cloud and Managed Security services. Continue reading
Kellep Charles from SecurityOrb interviewed me a few weeks back about my book as well as other general security topics. You can find the recording HERE or on the SecurityORB website. I was fighting a cold so my apologies for the raspy voice.
For those interested in the book, below is a discount code you can use provided by SecurityORB. The link to the book is on the right side of this blog. Continue reading
Nicole Perlroth wrote a interesting post on the NewYorkTimes blog about a new type of Ransomware and Cisco’s view as it spreads in the wild. The original post can be found HERE.
It has been mere days since federal agents seized control of computer networks used by hackers to infect victims with CryptoLocker, a piece of malware known as “ransomware,” which encrypts the contents of computing devices so hackers can demand a ransom to decrypt it. More on Ransomware such as CryptoLocker can be found HERE.
Now security researchers are seeing an influx of another form of ransomware, called Cryptowall. Continue reading
Every once in a while I like to do a product review. Next up is the meraki MX60 (shown above on the left next to the Meraki Z1). The official MX60 data sheet can be found HERE. The MX60 comes with or without wireless capabilities hence the MX60W means wireless while the one used in this post is a MX60. Outside of that, both models are the same and considered the low end / home model as shown in the next image. Continue reading
I’m often asked “why did my system get infected when I had the latest system updates and anti-virus enabled?” Well, a fundamental concept behind security products is they can only look for so many things or use so many detection techniques before they must permit traffic. This means your defenses will fail if an attack uses a method that your detection system can’t see or scanner does not have an existing signature to scan against. This is why attackers hide exploits using techniques such as obfuscation to bypass security detection. Continue reading
There are many SIEM solutions available however I was extremely impressed with recent innovations from Splunk regarding a free Application that can be used to centralize security data from multiple cisco solutions. By definition, a security information and event monitoring system aka SIEM is typically just that; either a good information sorting tool or solution that helps identify and react to events.
One of Splunk’s key market differentiators is their extensive application library developed by customers and Splunk engineering. These applications turn the traditional SIEM into a business enabler to meet specific use cases. Splunk has developed cisco applications in the past however recently face-lifted the cisco Security Application to include Cisco access control (ISE), email security (ESA), web security (WSA), Cisco firewalls, and even SourceFire (both network and only SIEM as of today to support malware aka AMP). This application can link findings with other vendor data such as taking ISE context (IE Joey’s windows 7 laptop on port 1/0/14) and matching it to any captured log by Splunk (For example a McAfee IPS event). This provides a true centralized view of data across a network.
Cisco announced this morning they will be acquiring ThreatGRID. ThreatGRID combines advanced malware analysis with deep threat analytics and content that is used to defend attacks and prevent malware outbreaks. Cisco originally got into the security research market back in 2007 with the acquisition of IronPort, which included a security research division now known as the Security Intelligence Operations aka SIO. Cisco enhanced this research team with the recent acquisition of SourceFire that includes open source projects such as SNORT, ClamAV, etc. ThreatGRID will provide even more research and development around identifying advanced threats as well as compliment SourceFire’s malware detection component known as fireAMP. ThreatGRID’s appliances and cloud offerings should improve the overall security vision of preventing attacks before, during and after they happen.
FireEye just announced they would be acquiring nPulse Technologies. You can find more on this via their website HERE and nPulse HERE. A summery of nPulse is they provide network forensics through a 10 Gbps full duplex solution that can capture, inspect and expositing indications of compromises.
My personal thoughts: Continue reading
For many of us, we have been waiting for Cisco to offer a fully virtualized ASA. This means taking the Cisco Adaptive Security Appliance and providing a virtualized offering like the ASA1000v however without the nexus requirements. I personally haven’t had much time to test it yet but plan to do so shortly and post my experience. Finally … a full blown virtual ASA is available.