Talos Takes

When Pierre Cadieux steps into a Cisco Talos Incident Response engagement, the first thing he wants to do is check out the customer’s logs. But if there are no logs to be found, he’ll be pretty limited in the kinds of insights he can provide.

This has come up several times during the SolarWinds era, when customers are wanting to know if they were targeted in the widespread supply chain attack. So in this episode of Talos Takes, Pierre joins the show to discuss why it’s so important to keep logs for everything — log-ins, events, applications and more.

For this week’s episode of Talos Takes, we’re switching back to Snort talk. For anyone who hasn’t been on security Twitter over the past month, you may not know that we released the Snort 3 GA last month — formally known as Snort 3.1.0. To celebrate, Nick Mavis joins the show again to discuss Snort 3’s new features and upgrades over 2.9.X. Nick, who regularly writes Snort rules for Cisco Talos and has been working hands-on with both versions of Snort for years, talks about how the rules improve with Snort 3, why detection and protection are better and everything else he loves about Snort 3. For more, check out the Snort 3 page on Snort.org.

On this week’s episode of Talos Takes, we go back a month or so to reflect on the Masslogger trojan Talos wrote about earlier this year. This malware may not make national headlines, but that doesn’t mean you should just ignore it. Find out where this trojan is hiding and why it’s after your Outlook and Google Chrome login credentials.

For the first time in Talos Takes history, we have a whopping TWO guests on to talk about Talos’ latest research paper. In this episode, Dmytro Korzhevin and Azim Khodjibaev discuss their work interviewing a LockBit ransomware operator. They spent multiple weeks speaking to this actor over social media, and eventually turned their conversations into a paper that lays out what we learned about the ransomware landscape. Dmytro and Azim talked about lessons learned, what surprised them about the threat actor, and how actors choose their targets.

We know we just talked about supply chain attacks and SolarWinds last week, but it’s still all anyone in security is talking about. Joe Marshall joins the show this time to approach the SolarWinds breach from an internet-of-things and operational security perspective. He recently co-wrote a blog for Cisco detailing how outsourcing OT over the past few years has made the SolarWinds compromise worse. Joe, a lifelong researcher and security practitioner in the OT and infrastructure space, discusses what we still don’t know about this attack, what you should do if you think you may be affected, and how we can learn from this going forward. For more on Talos’ coverage and defense against the SolarWinds campaign, check out our blog post here.

The major SolarWinds campaign has been generating headlines for weeks now. And while its specific targets make this attack unique, this is far from the first-ever supply chain attack. So what is a supply chain attack? And should your organization be prepared for them? In this episode of Talos Takes, Nick Biasini talks about the history of supply chain attacks, and how they can even be traced back to the 1970s.

Everything was on fire this year, and the internet was no different. Ransomware was the leading cause of headaches and late night for defenders and IT experts this year. On the latest Talos Takes episode (and last of 2020), Azim Khodjibaev joins us to talk about ransomware’s big year. We talk about why adversaries wanted to go big-game hunting, and what this could mean for trends in 2021.

We’ve got another special XL episode this week, this time about Snort 3. This roundtable covers everything you could know about Snort 3’s life, going back as far as its inception in the early 2010s. We even went out of our way to get Marty Roesch, the creator of Snort.

Marty, along with our other panelists, discusses the origins of Snort 3, what benefits you can gain by upgrading and what other features you can expect to see in the future.

More shoppers are expected to buy online this year than ever. Everyone’s encouraged to stay home and avoid lines and crowds due to the COVID-19 pandemic, which has left retailers offering deals earlier in November than ever before. So how can you stay safe while doing all your holiday shopping online? In this episode of Talos Takes, we’ll talk through some of the common schemes we’re seeing and talk about what makes this year unique when it comes to spam campaigns.

Say you’ve got the basics of security down, and now you want to start putting it into practice. Where do you start? In this Talos Takes episode, we run through some free and low-cost security tools anyone can use to beef up their network. We talk about Snort, built-in security tools on operating systems and more.