Cisco Talos is Cisco’s threat intelligence and security research organization that powers Cisco’s product portfolio with that intelligence. While we are well known for the security research in our blog, vulnerability discoveries, and our open-source software, you may not be aware of exactly how our know-how protects Cisco customers.

Talos’ core mission is to understand the broad threat landscape and distill the massive amount of telemetry we ingest into actionable intelligence. This intelligence is put to use in detecting and defending against threats with speed and accuracy, providing incident response and empowering our customers, constituents, and communities with context-rich actionable cyber intelligence. Under the hood of Cisco’s security portfolio, you will find our reputation and detection services applying our real time intelligence to detect and block threats.

Defending networks

Possibly our best-known service is the Cisco Talos Network Intrusion Prevention system, widely known as SNORT®. Snort performs deep packet inspection on network traffic, using advanced signature-based detection to identify known threats. In addition, its machine learning-powered component, SnortML, helps detect and block attempts to exploit zero-day vulnerabilities, providing robust protection against both familiar and emerging network attacks.

Securing the web

The core of securing our customers across our product portfolio is Cisco Talos Web Filtering Service. This service considers the reputation and categorization of domains, IP addresses, and indicators surrounding the URL. The service can proactively block web traffic to sites that have a poor reputation or that serve content in contravention of a customer’s web use policy.

The Cisco Talos DNS Security service augments our web filtering by defending specific attacks at the DNS layer. It detects domains used by threat actors for command and control (C2), data exfiltration, and phishing attacks. Behind the scenes, our machine learning algorithms constantly analyze patterns in the DNS traffic to identify new malicious domains to add to our own intelligence.

Protecting your inbox

Cisco Talos Email Filtering analyzes a wide range of indicators within email to determine if it is malicious, spam, or a genuine email. This includes assessing the sender’s domain and IP reputation and behavior, examining URLs and the content they reference, and evaluating the body of the email, header, and any attachments. By combining these factors, our email filtering can identify benign messages, spam, phish, as well as other unwanted messages.

Cisco Talos Email Threat Prevention goes one step further than DMARC, the standard for properly handling emails with inaccurate sender data, by analyzing anomalies in email traffic patterns with AI, to identify when brands are being impersonated. This technology can detect when an email is likely to be a phish or a business email compromise attempt.

Detecting malware

Talos provides two complementary technologies to detect malware: Cisco Talos Antivirus and Cisco Talos Malware Protection. The former provides signature and pattern detection of malware within files to identify known malware, similar to our ClamAV open-source product. The latter goes further, checking the dispositions of unknown files and looking for suspicious behavior on the machine. This layered approach allows us to quickly spot and contain threats while our researchers scour telemetry for any indications that a bad actor has gained access to a device.

We also provide Orbital queries and scripts, a platform by which administrators can collect information from networked devices and use their own queries (or those provided by us) to hunt for devices that are insecure, out of policy, or potentially affected by a security incident.

Summary

You can find Talos’ intelligence integrated into a wide variety of Cisco products:

Our published research and threat intelligence reports represent just a small part of the work we do at Talos. The many hours our researchers, analysts, and engineers spend researching the threat environment and developing systems to detect and block attacks bear fruit in the components that we deploy as part of the Cisco Security portfolio. Our intelligence and know-how protect Cisco Security customers from threats, brand new or decades old.

Note: You can benefit from the experience of our analysts directly through a Cisco Talos Incident Response (Talos IR) retainer. While Talos IR can provide relevant threat information and expert emergency incident response, you can also use our proactive services to help prepare your systems, support and train your team, or actively hunt for bad guys on your network.

Cisco Talos Blog – ​Read More