Cyber security that’s reactive isn’t cyber security that works anymore. If you are using a security system that doesn’t have a repository where it can find the latest threats – you’re behind the times. I’m not going to just rant and rave about Cisco but they are doing cyber security a little different.
TALOS is a big reason why. TALOS is a team of researchers, analysts, and engineers that work to protect every Cisco product in the world. They are the backbone of the security network and are responsible for making sure that every device under their purview is up-to-date on new threats. The group is made up of 250+ full-time threat researchers, 1,100+ decoy systems and million of telemetry agents. They pull data from all different applications and their one goal is to protect the internet-at-large from further zero-day attacks.
If ransomware hits in a Croatian restaurant that is using a Cisco security product – TALOS is alerted immediately and is able to push the signature of that attack down to every other device in the TALOS network. That’s crazy! If one device is infected, they can analyze what that piece of malware does and stop it from hitting other machines.
The brilliance in this whole ecosystem is that it is not relegated to just Cisco products. Because the formation of TALOS involved multiple different security teams, they developed a combination of open source and free tools that people can utilize that gives them a wider breadth of sensors looking for attacks. Once the one attack hits a product in the TALOS network, that signature for the exact attack is cataloged and in less than 5 minutes, can be communicated to every device in the planet. This helps reduce millions of rampant pieces of malware from infecting computers that could be saved if they only knew about it.
Zero-day attacks are inevitable. No security product can stop every attack thrown at it – we get it. However, if your neighbor gets attacked, you sure would like to know about it! And that’s the problem with stateful firewalls – it’s on you to go in and update the policy. If your firewall is Next-Generation, it will talk with other applications like your endpoint protection so instead of that virus reaching the endpoint again, it will be stopped at the edge.
The idea behind having this kind of technology is that you don’t want silo'd security. You want an ecosystem. Having an ecosystem speeds up the process of aligning all the devices with the same information and it does it in real-time.