As long as people have been fighting there has been a competition between offensive weapons and defensive armor. Chain mail, an effective early form of metal armor, was introduced in the 5th century. It worked well regularly stopping blows from arrows and bladed weapons. To counter chain mail, weapons became heavier and better able to hold an edge in combat.
In the 12th century the crossbow entered the field, immediately becoming a dangerously destabilizing weapon — with a minimum of training a lowly peasant could strike down a high-born and armor-clad knight. (So great was the concern over this weapon that the Catholic Church called for an outright ban, excommunicating and damning to hell the souls of violators.) Unfortunately, the crossbow was so effective that few were willing to give it up. So armorers developed plate mail which worked well until the advent of gun powder.
The long-battle between arms and armor continues today in the realm of cybersecurity. As security technology improves, so too does the threat of hackers toiling away to find a workaround hack. The number of cyberattacks, where different computer systems or networks are manipulated and data is stolen or altered, is on the rise, and there is no single product or strategy which can ensure 100 percent protection for our devices and data.
One way of dealing with ever-evolving cybersecurity threats is to gather intelligence constantly. Doing so enables security experts to understand the authors of the attacks and their methods of execution.
One organization putting great effort into countering cyberattacks is Cisco Talos — Comprehensive Threat Intelligence (Talos). Talos is an elite security research team founded upon and operating on the premise of “threat intelligence gathering” by collecting and analyzing vast pools of data in order to equip security professionals with the best information and training to stop attacks.
In Greek mythology, Talos was an automaton designed to protect the island of Crete from pirates. It would circle the island looking out for pirates intent on mischief. This is an apt description of Cisco’s Talos — a ward against cyberattacks.
Talos was formed by combining the Cisco Security Applications Group, the SourceFire Vulnerability Research Team — a group of networks security engineers which discovers and assesses trends in hacking and vulnerabilities — and Cisco’s Threat Research and Communications. Presently Talos is a primary member of the Cisco Collective Security Intelligence (CSI) ecosystem that contributes threat information to be shared with multiple security solutions.
The team comprises leading threat researchers who are well supported by sophisticated systems that enable them to gather threat intelligence on Cisco products. In this way, they can detect and correlate threats in real time. Talos is dedicated to providing industry-leading security protection before, during, and after any known or emerging threats.
The Talos team is able to get a sound understanding of threats and their related root causes as well as the scope of any outbreaks via a sophisticated infrastructure and systems within the world’s largest threat intelligence network. This wide-ranging network spans multiple sources like emails, web requests, open-source data sets, malware samples, network intrusions, and endpoint intelligence.
Talos proactively discovers and responds to the latest threats related to malware, vulnerabilities, intrusion attempts, spam, hacking activities, and so on for all of Cisco’s security products which can lead to better protection for organizations. Talos also offers a wide range of free software, resources, services, and data to extend support to the security community.
The Talos team consists of industry experts from a variety of backgrounds with in-depth experience in the fields of software development, spam and web reputation, malware research, reverse engineering, and intelligence analysis. Their experience and training enables them to develop and maintain a wide variety of Cisco security tools, resources, official rule sets, and communities, including:
- Project Aspis
In a nutshell, the Talos team is a highly-skilled group of cybersecurity individuals who perform the task of informing and protecting us from a multitude of a multitude of cybersecurity threats like trojans, viruses, malware, spam, and a host of others.
Talos is considered to be one of the most accurate hubs for threat intelligence because of their use of advanced analytical technology. The team continuously gathers data from millions of users across the globe via existing sandboxes, honeypots, as well as extensive industry partnerships. This effort leads to the collection of more than 1.1 million unique malware samples each day.
The team follows a straight forward three-step process for detecting, analyzing, and preventing security threats:
- Collect information once a cyberattack takes place.
- Conduct a public survey of the internet to understand the manner in which these threats work.
- Strategize and develop solutions to prevent such security threats in the future.
On a more in-depth scale, Talos operations encompass five major areas:
Detection Research wherein the team unpacks, analyses, reverse engineers, and develops Proof of Concept (POC) vulnerabilities and malware for the detection of the content and handling of threats in the most efficient manner.
Threat Intelligence involves correlating and tracking threats to convert attribution information into ready-to-implement intelligence.
Engine Development ensures that their inspection engines are regularly updated in order to maintain threat detection and handling capabilities.
Vulnerability Research and Development involves the identification of “Zero-Day” security issues related to customer platforms and operating systems in a programmatic and iterative manner.
Outreach comprises research, identification, and communication of new trends that are currently being used by competitors or rivals of Talos.
Talos has only been around for a few years but has already racked up some impressive cybersecurity accomplishments like breaking down the CryptoWall 4 ransomware scheme and process which enabled them to identify better threat detection methods helping millions of users.
Other significant accomplishments include successfully preventing the Angler Exploit Kit, a huge international ransomware that was generating more than $60 million annually for the crooks, and the development of the TeslaCrypt Decryption Tool which enabled users whose files had been encrypted by the TeslaCrypt ransomware to return their files to their original state.
The Talos team’s approach is quite comprehensive with regard to the protection of IT networks. They are intensely committed to offering high-quality and customer-centric security research characterized by accuracy and relevance.
Organizations like Talos are on the front line of cyber defense. They provide a “comprehensive and proactive approach” to network protection. Like their mythological namesake, Talos is ever vigilant and working hard to protect networks and internet users around the globe.