All my attackers IP addresses are from my inside network. I never have an external IP show up as an attacker, its all internal. Then the victims are showing external IP addresses. Shouldn't it be the other way around, most of the time.
Lets say that you have "ICMP network scan" signature. A person in the internal vlan just launches an ICMP scan for some public IP addresses. Now since the ICMP scan was originated by the internal host and directed againt the external public IP, inside users will be termed as attackers and the targetted system as the victim.
Just another question, what signatures are causing your internal users as the attackers?
This month, we're excited to bring awareness to a newly formed partnership between Cisco Secure and IBM.
Securing today's dynamic enterprise applications is critical. With hybrid and multi-cloud adoption, traditional network-based security ran into limita...
Listen: https://smarturl.it/CCRS8E42Follow us: twitter.com/CiscoChampion
APIClarity is an open source, cloud-native visibility tool for APIs. It utilizes a Service Mesh framework to capture and analyze API traffic and identify potential risks.
Hello everyone, A new video in the Cisco Secure Terraform Series has just been published. If you are interested in Infrastructure as Code, and Terraform, you don't want to miss out on this amazing series with Jason "Canadian Bacon" Maynard! Newe...
The Cisco Secure Firewall and SecureX teams are looking for feedback from active Secure Firewall users who may or may not have already activated SecureX. Your responses will help us improve the Firepower experience in SecureX. Th...