The security research team at Cisco known as Talos released a huge discovery of complete hidden whois data attached to more than 282,000 domains registered through the company’s Google Apps for work service. This accounts for around 94% of the addresses Google Apps has registered through a partnership with eNom. The original post can be found HERE. The post was created by Nick Biasini, Alex Chiu, Jaeson Schultz, Craig Williams and William McVey. Continue reading
This post will cover how to install Cisco Sourcefire FireSIGHT / Defense Center on a environment aka a virtualized FireSIGHT manager. The purpose is to setup the management system for central management of ASAx series appliances running the FirePOWER services. For more information on how to use Cisco Soucefire FireSIGHT and FirePOWER services go HERE. For more information on licensing go HERE. For more information on setting up the ASAx with FirePOWER services go HERE. Continue reading
I am asked about Cisco Next Generation Security aka FireSIGHT licensing at least once a week. This post will explain the license options for Cisco FirePOWER and what is needed to request demo licenses to enable your demo system. NOTE: This is the current license model as of March 8th 2015.
For those that are not familiar with the new Cisco FirePOWER offering, it is a blend of Content Filtering, Reputation Security, Application Visibility and Controls, Vulnerability Scanning, IPS/IDS, Network and Endpoint Day Zero protection. These features are offered as a dedicated physical or virtual appliance, as a software option ran inside of a X generation ASA or as a Cloud service. For the dedicated appliance, virtual appliance and ASA version, there are three license options. Continue reading
Earl Carter and Craig Williams from the Cisco Security Blog posted a great article on a recent wave of taxed related spear-phishing attacks (original post found HERE). What is interesting is how attackers leverage current trends as the theme for their malware. For example, we will probably see a bunch of March Madness attacks along with Tax related phishing this month since thats what people are searching for online. This contradictions the old belief that “safe searching” aka not going to adult websites or searching for free software will keep you safe from malware. The reality is the attackers want the most bang for their buck so they will target where the most people are at. In March, thats Tax season and March Madness. Here is the post from Cisco. Continue reading
Anyconnect is Cisco’s flagship VPN solution providing users access to internal sources from anywhere, on any device regardless of physical location. Anyconnect has many bells and whistles such as “always on” meaning auto-connecting when off network yet turning off when on a trusted network, throttling apps that eat up bandwidth, checking the posture of devices prior to permitting connectivity (anti virus, system updates, etc), security for selective apps and many more. Cisco’s old VPN client IPsec is end of life (more HERE) so hopefully those using IPsec have migrated. Continue reading
Nick Biasini, Earl Carter, Alex Chiu and Jaeson Schultz from the cisco security research team posted about the real impact of the recent announced ghost vulnerability found by Qualys. It seems to not be as scary as the market is advertising. The original post can be found HERE.
On Tuesday January 27, 2015, security researchers from Qualys published information concerning a 0-day vulnerability in the GNU C library. The vulnerability, known as “GHOST” (a.k.a. CVE-2015-0235), is a buffer overflow in the __nss_hostname_digits_dots() function. As a proof-of-concept, Qualys has detailed a remote exploit for the Exim mail server that bypasses all existing protections, and results in arbitrary command execution. Qualys intends to release the exploit as a Metasploit module. Continue reading
Cisco just released its Annual Security Report for 2015. You can download this report for free HERE. The Cisco 2015 Annual Security Report, which presents the research, insights, and perspectives provided by Cisco Security Research and other security experts within Cisco, explores the ongoing race between attackers and defenders, and how users are becoming ever weaker links in the security chain. Continue reading
Friea Berg at Splunk wrote a nice article summarizing some of the latest highlights of how Splunk and Cisco have been teaming up to provide end to end security visibility and protection. You can find the original post HERE.
Over the past 7 years Cisco and Splunk have built a broad and multi-faceted relationship.
Internally Cisco IT, security, engineering and other teams use Splunk software every day for operational intelligence and security analytics. Cisco shared details at Splunk’s 2014 user conference in a session titled “How Cisco IT Moved from Reactive to Proactive and Even Predictive with Splunk” and Cisco’s CSIRT team commented a blog post on Security Logging in an Enterprise “… [W]e moved to Splunk from a traditional SIEM as Splunk is designed and engineered for ‘big data’ use cases.” Continue reading