Cisco Talos

Sourcefire was founded in 2001 by Martin Roesch, the creator of the Snort intrusion prevention system. Sourcefire created an original commercial version of Snort known as the "Sourcefire 3D System," which eventually became the Firepower line of network security products. The company's headquarters were in Columbia, Maryland in the United States, with offices across the globe.

On July 23, 2013, Cisco Systems announced a definitive agreement to acquire Sourcefire for $2.7 billion.{{Cite news |date=2013-07-23 |title=Cisco Agrees to Buy Sourcefire in $2.7 Billion Deal |language=en |work=Bloomberg.com |url=https://www.bloomberg.com/news/articles/2013-07-23/cisco-agrees-to-buy-sourcefire-in-2-7-billion-deal |access-date=2022-08-10}} After Cisco's acquisition of Sourcefire, the company combined the Sourcefire Vulnerability Research Team (Sourcefire VRT), Cisco's Threat Research, Analysis, and Communications (TRAC) team, and Security Applications (SecApps) to form Cisco Talos in August 2014. Today, Talos sits under the Cisco Secure umbrella and operates the Cisco Talos Incident Response (Talos IR) team.{{Cite web |title=Cisco Talos Incident Response {{!}}{{!}} Cisco Talos Intelligence Group - Comprehensive Threat Intelligence |url=https://talosintelligence.com/incident_response |access-date=2022-08-10 |website=talosintelligence.com}}  

In 2014, Cisco Talos helped co-found the Cyber Threat Alliance, a not-for-profit organization with the goal of improving cybersecurity "for the greater good"{{Cite web |last=Holseberg |first=Kate |title=Home |url=https://cyberthreatalliance.org/ |access-date=2022-08-10 |website=Cyber Threat Alliance |language=en-US}} by encouraging collaboration between cybersecurity organizations by sharing cyber threat intelligence{{Cite web |title=Cyber Threat Alliance |url=https://cyberthreatalliance.org/member-shares/ |access-date=2022-08-10 |website=Cyber Threat Alliance |language=en-US}} amongst members. As of 2022, the organization had more than 40 members,{{Cite web |last=Holseberg |first=Kate |title=Membership |url=https://cyberthreatalliance.org/membership/ |access-date=2022-08-10 |website=Cyber Threat Alliance |language=en-US}} including Fortinet, Checkpoint, Palo Alto Networks and Symantec.

In 2019, Cisco Security Incident Response Services group announced a new partnership with Talos,{{Cite web |last=Munshaw |first=Jon |title=Talos, Cisco Incident Response team up to offer more protection than ever |date=5 November 2019 |url=http://blog.talosintelligence.com/2019/11/talos-cisco-incident-response-team-up.html |access-date=2022-08-10}} becoming Cisco Talos Incident Response (Talos IR).{{Cite web |title=Cisco Talos Incident Response {{!}}{{!}} Cisco Talos Intelligence Group - Comprehensive Threat Intelligence |url=https://talosintelligence.com/incident_response |access-date=2022-08-10 |website=talosintelligence.com}} Since the creation of Talos IR, the group was named as a leader by IDC in the 2021 MarketScape for Worldwide Incident Readiness Services{{Cite web |url=https://idcdocserv.com/US46741420e_Cisco |access-date=2022-08-10 |website=idcdocserv.com}} (doc #US46741420, November 2021). Talos IR was also added to the approved vendor list on the Bundesamt für Sicherheit in der Informationstechnik (BSI) Advanced Persistent Threat (APT) response service providers list in May 2022.  

Talos regularly collects data on the latest cybersecurity threats, malware, and threat actors through several avenues. That information then powers Cisco Secure's products, including Cisco Secure Cloud{{Cite web |title=Cisco Security Cloud: Open, Integrated Platform |url=https://www.cisco.com/c/en/us/products/security/security-cloud.html |access-date=2022-08-10 |website=Cisco |language=en}} and Cisco Secure Endpoint.{{Cite web |title=Cisco Secure Endpoint (Formerly AMP for Endpoints) |url=https://www.cisco.com/site/us/en/products/security/endpoint-security/secure-endpoint/index.html |access-date=2022-08-10 |website=Cisco |language=en}}

The FBI and U.S. Cybersecurity and Infrastructure Security Agency has credited Talos with several major security research breakthroughs, including the VPNFilter malware that could take over home wireless routers, the BlackCat ransomware group,{{Cite web |title=FBI: This ransomware written in the Rust programming language has hit at least 60 targets |url=https://www.zdnet.com/article/fbi-this-ransomware-written-in-the-rust-programming-language-has-hit-at-least-60-targets/ |access-date=2022-08-10 |website=ZDNet |language=en}} the active exploitation of the PrintNightmare vulnerability{{Cite web |title=Russian State-Sponsored Cyber Actors Access Network Misconfigured with Default MFA Protocols {{!}} CISA |url=https://www.cisa.gov/uscert/ncas/current-activity/2022/03/15/russian-state-sponsored-cyber-actors-access-network-misconfigured |access-date=2022-08-10 |website=www.cisa.gov|date=15 March 2022 }} in Microsoft Windows and the router malware, a cousin of VPNFilter.

In 2017, Talos discovered a malware known as Nyetya{{Cite web |last=Alexander Chiu |title=New Ransomware Variant "Nyetya" Compromises Systems Worldwide |date=27 June 2017 |url=http://blog.talosintelligence.com/2017/06/worldwide-ransomware-variant.html |access-date=2022-08-10}} (or "NotPetya") disguising itself as an update for the Ukrainian tax software{{Cite web |last=Biasini |first=Nick |title=The MeDoc Connection |date=5 July 2017 |url=http://blog.talosintelligence.com/2017/07/the-medoc-connection.html |access-date=2022-08-10}} MeDoc. Nyetya was originally believed to be a ransomware attack targeting multinational corporations. But Talos was amongst the first threat research groups to discover that the attack was deliberately designed to destroy data and target Ukraine.

In May 2018, Talos worked with the FBI in the U.S. to disclose the existence{{Cite web |date=2018-05-23 |title=Justice Department Announces Actions to Disrupt Advanced Persistent Threat 28 Botnet of Infected Routers and Network Storage Devices |url=https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected |access-date=2022-08-10 |website=www.justice.gov |language=en}} of a widespread wireless router malware known as VPNFilter. At the time of their initial disclosure, Talos stated that as many as 500,000 networking devices,{{Cite web |last=Largent |first=William |title=New VPNFilter malware targets at least 500K networking devices worldwide |date=23 May 2018 |url=http://blog.talosintelligence.com/2018/05/VPNFilter.html |access-date=2022-08-10}} mainly consumer-grade internet routers, were already infected with the malware across 54 countries.{{Cite web |title=Talos finds new VPNFilter malware hitting 500K IoT devices, mostly in Ukraine |url=https://www.zdnet.com/article/talos-finds-new-vpnfilter-malware-hitting-500k-iot-devices-mostly-in-ukraine/ |access-date=2022-08-10 |website=ZDNet |language=en}} VPNFilter essentially acted as a "kill switch" the threat actor could pull at any time to render the device useless. The FBI would go on to release a warning{{Cite web |last=Limer |first=Eric |date=2018-05-30 |title=Reboot Your Router, But Don't Stop There |url=https://www.popularmechanics.com/technology/security/a20966735/router-factory-reset-vpnfilter-malware-fbi/ |access-date=2022-08-10 |website=Popular Mechanics |language=en-US}} telling users of the affected routers to factory reset their devices to protect against the malware. American law enforcement agencies would eventually go on to seize the botnet associated with VPNFilter and even backdoored some consumer routers. A variant of VPNFilter known as Cyclops Blink would arise again in 2022{{Cite web |last=Malhotra |first=Asheer |title=Threat Advisory: DoubleZero |date=24 March 2022 |url=http://blog.talosintelligence.com/2022/03/threat-advisory-doublezero.html |access-date=2022-08-10}} in Ukraine after Russia's invasion.

Later that year, Talos responded to a major cyber attack against the Winter Olympics in Pyeongchang, South Korea. Eventually dubbed "Olympic Destroyer," Talos found the actors wanted to completely wipe computers used on-site for the opening ceremony, rendering them unusable. The cyber attack disrupted the Olympics' official website the day before the opening ceremony, and attendees were unable to access the site or print their tickets to attend the Olympic events. The Wi-Fi in Pyeonchang Olympic Stadium also stopped working for several hours before returning to normal. Although many media outlets reported the attack came from a Russian threat actor, Talos stated there was too much doubt surrounding this assertion to attribute the attack confidently. Talos has since gone on to work on Olympic cybersecurity at other Games.  

Talos has been heavily involved in protecting Ukraine's network during the 2022 Russo-Ukrainian War. The company announced in early March 2022 that it was directly operating security products 24/7 for critical customers in Ukraine. More than 500 employees in Cisco were assisting at the time in collecting open-source intelligence for Talos to act on. Talos researchers also created Ukraine-specific protections based on the intelligence they received. The company also wrote about numerous cyberattacks targeting Ukraine during Russia's invasion, including countless spam campaigns and wiper malware families.

Cisco Talos has a Vulnerability Research team that identifies high-priority security vulnerabilities{{Cite web |title=Zero-Day Vulnerability & Disclosed Vulnerabilities Reports {{!}}{{!}} Cisco Talos Intelligence Group - Comprehensive Threat Intelligence |url=https://www.talosintelligence.com/vulnerability_info |access-date=2022-08-10 |website=www.talosintelligence.com}} In computer operating systems, software and hardware, including platforms like ICS and IoT systems. This team works with vendors to disclose and patch more than 200 vulnerabilities a year.  

{{Reflist}}

Category:Cisco acquisitions