Advanced Malware Protection AMP for Endpoints Overview

AMP2 Advanced Malware Protection AMP for Endpoints Overview

Detecting threats on endpoints like laptops and mobile devices is important but not enough to defend against the threats we see against our users. Reason why is Anti-Virus and host IPS/IDS can only scan for so many signatures and leverage so many behavior checks before they must let the traffic go through or it will impact the user experience. This is why many users get compromised by clicking the wrong email, accessing the wrong website, share the wrong USB drive and so on. Detection needs to extend beyond the doorway and look at files that have breached a host’s defense to determine if that system has been compromised as well as offer a method to remediate the entire outbreak. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Payment Card Industry PCI Security Best Practices

PCI 1 Payment Card Industry PCI Security Best PracticesMany industries rely on revenue generated by sales and if credit is used, Payment Card Industry (PCI) compliance is mandated. This includes all industries that process, store or transmit credit card information. Like any compliancy standard, this is the minimal level of real security and should not be considered the goal to protect sensitive data. All compliance mandates that matter must go through various review and audit processes that take time and cause the results to be dated compared to the speed of new attacks you should expect against your network. This means meeting mandates such as PCI should just be part of your overall security strategy. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco Midyear Security Report Highlights Weak Links in Increasingly Dynamic Threat Landscape

Cisco Security Report Cisco Midyear Security Report Highlights Weak Links in Increasingly Dynamic Threat Landscape

The Cisco 2014 Midyear Security Report found HERE examines threat intelligence and security trends for the first half of 2014. Cisco’s research helps to underscore just how many different types of weak links exist in the systems we use. These weak links – which could be outdated software, bad code, abandoned digital properties, or user errors – contribute to the adversary’s ability to exploit vulnerabilities with methods such as DNS queries, exploit kits, amplification attacks, point-of-sale (POS) system compromise, malvertising, ransomware, infiltration of encryption protocols, social engineering and “life event” spam. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

2014 Cisco Live Talk: Splunk Analytics and Cisco for Security and BYOD

Ciscolive1 2014 Cisco Live Talk: Splunk Analytics and Cisco for Security and BYOD

The Splunk and Cisco team delivered a great talk at this past Cisco Live event in San Francisco. The talk covered the value of integrating Splunk with Cisco Cloud and Managed Security services.  Continue reading

VN:F [1.9.22_1171]
Rating: 4.7/5 (3 votes cast)

Interview with Joseph Muniz Co-Author : SecurityOrb Podcast

SOInterview Interview with Joseph Muniz Co Author : SecurityOrb Podcast

Kellep Charles from SecurityOrb interviewed me a few weeks back about my book as well as other general security topics. You can find the recording HERE or on the SecurityORB website. I was fighting a cold so my apologies for the raspy voice.

For those interested in the book, below is a discount code you can use provided by SecurityORB. The link to the book is on the right side of this blog. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Days After a Federal Seizure, Another Type of Ransomware Gains Ground

cryptolocker Days After a Federal Seizure, Another Type of Ransomware Gains Ground

Nicole Perlroth wrote a interesting post on the NewYorkTimes blog about a new type of Ransomware and Cisco’s view as it spreads in the wild. The original post can be found HERE

It has been mere days since federal agents seized control of computer networks used by hackers to infect victims with CryptoLocker, a piece of malware known as “ransomware,” which encrypts the contents of computing devices so hackers can demand a ransom to decrypt it. More on Ransomware such as CryptoLocker can be found HERE

Now security researchers are seeing an influx of another form of ransomware, called Cryptowall. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Meraki MX60 / MX60W Security Appliance First Look

MX60 Meraki MX60 / MX60W Security Appliance First Look Comparing the meraki MX60 to meraki Z1

Every once in a while I like to do a product review. Next up is the meraki MX60 (shown above on the left next to the Meraki Z1). The official MX60 data sheet can be found HERE. The MX60 comes with or without wireless capabilities hence the MX60W means wireless while the one used in this post is a MX60. Outside of that, both models are the same and considered the low end / home model as shown in the next image. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Using Metasploit To Bypass Anti-Virus Software – Generating and Obfuscating Payloads

msintro Using Metasploit To Bypass Anti Virus Software   Generating and Obfuscating Payloads

I’m often asked “why did my system get infected when I had the latest system updates and anti-virus enabled?” Well, a fundamental concept behind security products is they can only look for so many things or use so many detection techniques before they must permit traffic. This means your defenses will fail if an attack uses a method that your detection system can’t see or scanner does not have an existing signature to scan against. This is why attackers hide exploits using techniques such as obfuscation to bypass security detection. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (3 votes cast)

Splunk Cisco Security App – Expanding Cisco Security With Centralized Reporting and Multi-Vendor Alerting

There are many SIEM solutions available however I was extremely impressed with recent innovations from Splunk regarding a free Application that can be used to centralize security data from multiple cisco solutions. By definition, a security information and event monitoring system aka SIEM is typically just that; either a good information sorting tool or solution that helps identify and react to events.

One of Splunk’s key market differentiators is their extensive application library developed by customers and Splunk engineering. These applications turn the traditional SIEM into a business enabler to meet specific use cases. Splunk has developed cisco applications in the past however recently face-lifted the cisco Security Application to include Cisco access control (ISE), email security (ESA), web security (WSA), Cisco firewalls, and even SourceFire (both network and only SIEM as of today to support malware aka AMP). This application can link findings with other vendor data such as taking ISE context (IE Joey’s windows 7 laptop on port 1/0/14) and matching it to any captured log by Splunk (For example a McAfee IPS event). This provides a true centralized view of data across a network.

Splunk1 Splunk Cisco Security App – Expanding Cisco Security With Centralized Reporting and Multi Vendor Alerting Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (5 votes cast)