Talk:Cisco Talos
From Wikipedia, the free encyclopedia
 | This article is rated Start-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||||||||||||||||||||||||||
| ||||||||||||||||||||||||||||||||||||||||||||||
Requesting edits
 | The user below has a request that an edit be made to Cisco Talos. That user has an actual or apparent conflict of interest. The requested edits backlog is very high. Please be extremely patient. There are currently 498 requests waiting for review. Please read the instructions for the parameters used by this template for accepting and declining them, and review the request below and make the edit if it is well sourced, neutral, and follows other Wikipedia guidelines and policies. |
Hello! Requesting changes to the Cisco Talos page as the company's current Content Manager & Editor. Since footnote numbers will change, I'll number them section-by-section. Please feel free to use the automated citation option in order to make the citations consistent. Thank you for your assistance and please let me know if any changes are needed.
Change introduction paragraphs to the following. All hyperlinks and pre-existing references are unchanged.)
Cisco Talos, or Cisco Talos Threat Intelligence Group, is a cybersecurity threat intelligence team that operates as part of Cisco Systems, Inc. and is based in Fulton, Maryland.[1] Comprising researchers, analysts, incident responders, and engineers, Talos provides threat intelligence that supports Cisco Security[2] products and services, such as malware detection, DNS security, and email filtering. The organization partners with industry and government entities to enhance awareness and response to evolving cybersecurity threats globally.
Cisco Talos delivers intelligence-driven protection by integrating threat indicators, contextual analysis, and detection capabilities directly into Cisco’s cloud-based security services. These efforts aim to provide automated, consistent, and adaptive defenses for Cisco customers. Talos is also responsible for maintaining several open-source security tools, including the Snort intrusion prevention system and the ClamAV antivirus engine.[3]
The group is recognized for its role in investigating significant cybersecurity incidents, such as the VPNFilter wireless router malware attack in 2018[4], the CCleaner supply chain attack in 2017[5], and Project PowerUp in 2023, which was a cross-team effort to protect Ukraine’s power grids amid ongoing Russian attacks[6].
References:
[6]: Sean Lyngaas, “Exclusive: This pizza box-sized equipment could be key to Ukraine keeping the lights on this winter,” CNN, November 21, 2023. https://www.cnn.com/2023/11/21/politics/ukraine-power-grid-equipment-cisco
Add following to "History" section chronologically (under existing "Cyber Threat Alliance" paragraph).
In June 2017, the team "SOLAT in the SWEN" from Talos placed first in the inaugural Fake News Challenge (FNC-1), a competition aimed at developing tools to automatically detect the stance of news articles relative to headlines using artificial intelligence and machine learning techniques [1][2][3]. Out of 80 registered teams and 50 submitted entries, the winning Talos team used a hybrid approach leveraging deep convolutional neural networks, pre-trained word vectors, and gradient-boosted decision trees, achieving a relative score of 82.02% [4][5]. The FNC-1 dataset and results have since served as a benchmark for subsequent research in automated stance detection and fake news identification, demonstrating the utility of ensemble deep learning models for improving accuracy in this field [6].
References:
[1] Fake News Challenge Official Website. http://www.fakenewschallenge.org
[2] Aljrees T, et al. "Fake news stance detection using selective features and FakeNET." PLoS ONE, 2023. https://doi.org/10.1371/journal.pone.0287298
[3] Simonite, T. "Humans Can’t Expect AI to Just Fight Fake News for Them." WIRED, June 15, 2017. https://www.wired.com/story/ai-fake-news-challenge-results/
[4] Aljrees T, et al. "Fake news stance detection using selective features and FakeNET." PLoS ONE, 2023. https://doi.org/10.1371/journal.pone.0287298
[5] Simonite, T. "Humans Can’t Expect AI to Just Fight Fake News for Them." WIRED, June 15, 2017. https://www.wired.com/story/ai-fake-news-challenge-results/
[6] Aljrees T, et al. "Fake news stance detection using selective features and FakeNET." PLoS ONE, 2023. https://doi.org/10.1371/journal.pone.0287298
Add following to the end of "History" section.
In January 2021, Talos launched Snort3 — the first major new version of the open-source intrusion prevention and detection system in over a decade[1]. Developed over more than seven years, this release introduced significant updates aimed at making Snort faster, more efficient, and easier to use, including a simpler configuration process and better support for different operating systems.
In July 2023, Cisco and Talos helped to launch the Network Resilience Coalition, a group of technology companies working to ensure users and companies upgrade and update their network infrastructure[2]. The effort was launched after the discovery of JaguarTooth, a massive campaign targeting unpatched wireless routers[3].
In March 2024, Cisco Talos released SnortML, a machine learning-based detection engine for Snort [4]. Unlike traditional security tools that rely on pre-written rules to spot threats, SnortML uses artificial intelligence to recognize suspicious activity, including new types of cyberattacks that have not been previously identified. The system can detect and block common threats like SQL injection and cross-site scripting (XSS) attacks in real time, helping to keep networks secure even as cyber threats evolve [5]. SnortML runs entirely on local hardware, ensuring that sensitive data stays private and is not sent to the cloud [6].
References:
[1] Marcus Nestor, "Snort 3 Open-Source Intrusion Prevention System Released with Major New Features," 9to5Linux, January 20, 2021. https://9to5linux.com/snort-3-open-source-intrusion-prevention-system-released-with-major-new-features
[2] "New Network Resilience Coalition Launches to Address Threats to Outdated Network Infrastructure on a Global Scale." Center for Cybersecurity Policy and Law. 25 July 2023. https://www.centerforcybersecuritypolicy.org/insights-and-research/new-network-resilience-coalition-launches-to-address-threats-to-outdated-network-infrastructure-on-a-global-scale
[3] "APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers." National Cyber Security Centre. 18 April 2023. https://www.ncsc.gov.uk/news/apt28-exploits-known-vulnerability-to-carry-out-reconnaissance-and-deploy-malware-on-cisco-routers
[4] Marc Mastrangelo & Muhammad Irshad, "SnortML: Cisco’s ML-Based Detection Engine Gets Powerful Upgrade," Cisco Blogs, March 2024. https://blogs.cisco.com/security/snortml-cisco-ml-based-detection-engine-gets-powerful-upgrade
[5] Marc Mastrangelo & Muhammad Irshad, "SnortML: Cisco’s ML-Based Detection Engine Gets Powerful Upgrade," Cisco Blogs, March 2024. https://blogs.cisco.com/security/snortml-cisco-ml-based-detection-engine-gets-powerful-upgrade
[6] Marc Mastrangelo & Muhammad Irshad, "SnortML: Cisco’s ML-Based Detection Engine Gets Powerful Upgrade," Cisco Blogs, March 2024. https://blogs.cisco.com/security/snortml-cisco-ml-based-detection-engine-gets-powerful-upgrade
At the bottom of the Threat Research section, add the following:
In December 2023, after months of collaboration, Cisco Talos released details about Project PowerUp, a cross-team initiative led by Joe Marshall to help protect Ukraine’s power grid amid ongoing Russian attacks [1][2][3]. The effort brought together power grid security experts from multiple countries and companies, many of whom had never worked together before, to address the critical issue of Russian interference with the GPS systems that Ukraine relies on to manage its electricity flow [4][5]. To solve this, the team adapted Cisco’s industrial Ethernet switches, equipping them with robust internal clocks known as oven-controlled crystal oscillators, so the substations could maintain accurate timing and communication even when GPS signals were jammed or unavailable [6][7]. The prototypes were covertly delivered to Ukraine with assistance from U.S. agencies using humanitarian aid flights, and dozens of the devices have since been installed across the country, offering a lifeline to Ukraine’s energy infrastructure during wartime [8][9][10]. In December 2025, the Project PowerUp team won a Cisco Pinnacle Award, Cisco's premiere internal recognition that honors contributions to Cisco’s technical innovation[12].
References:
[1] Sean Lyngaas, “Exclusive: This pizza box-sized equipment could be key to Ukraine keeping the lights on this winter,” CNN, November 21, 2023. https://www.cnn.com/2023/11/21/politics/ukraine-power-grid-equipment-cisco
[2] Jenna McLaughlin, “How Ukraine is keeping the power grid running amidst war with Russia,” NPR, April 17, 2024. https://www.npr.org/2024/04/17/1245366942/how-ukraine-is-keeping-the-power-grid-running-amidst-war-with-russia
[3] Grace Eliza Goodwin, “US officials helped Cisco sneak a cybersecurity prototype into Ukraine using a plane carrying humanitarian aid,” Business Insider, November 21, 2023. https://www.businessinsider.com/us-officials-helped-cisco-sneak-cybersecurity-prototype-ukraine-2023-11
[4] Sean Lyngaas, “Exclusive: This pizza box-sized equipment could be key to Ukraine keeping the lights on this winter,” CNN, November 21, 2023. https://www.cnn.com/2023/11/21/politics/ukraine-power-grid-equipment-cisco
[5] Jenna McLaughlin, “How Ukraine is keeping the power grid running amidst war with Russia,” NPR, April 17, 2024. https://www.npr.org/2024/04/17/1245366942/how-ukraine-is-keeping-the-power-grid-running-amidst-war-with-russia
[6] Sean Lyngaas, “Exclusive: This pizza box-sized equipment could be key to Ukraine keeping the lights on this winter,” CNN, November 21, 2023. https://www.cnn.com/2023/11/21/politics/ukraine-power-grid-equipment-cisco
[7] Jenna McLaughlin, “How Ukraine is keeping the power grid running amidst war with Russia,” NPR, April 17, 2024. https://www.npr.org/2024/04/17/1245366942/how-ukraine-is-keeping-the-power-grid-running-amidst-war-with-russia
[8] Sean Lyngaas, “Exclusive: This pizza box-sized equipment could be key to Ukraine keeping the lights on this winter,” CNN, November 21, 2023. https://www.cnn.com/2023/11/21/politics/ukraine-power-grid-equipment-cisco
[9] Jenna McLaughlin, “How Ukraine is keeping the power grid running amidst war with Russia,” NPR, April 17, 2024. https://www.npr.org/2024/04/17/1245366942/how-ukraine-is-keeping-the-power-grid-running-amidst-war-with-russia
[10] Grace Eliza Goodwin, “US officials helped Cisco sneak a cybersecurity prototype into Ukraine using a plane carrying humanitarian aid,” Business Insider, November 21, 2023. https://www.businessinsider.com/us-officials-helped-cisco-sneak-cybersecurity-prototype-ukraine-2023-11
[11] Cisco Talos Intelligence Group, @TalosSecurity. "Talos is honored to receive a Cisco Pinnacle Award for Project PowerUp, recognizing our work to help keep Ukraine’s lights on in the face of electronic warfare. Thank you to all of our partners who lent us their time, empathy, and expertise." X, 10 December 2025, 3:21 p.m. https://x.com/TalosSecurity/status/1998850492152087011?s=20
Create new section called "Defense for high-profile events." Shift the paragraph in "Threat research" that starts with "Later that year, Talos responded to a major cyber attack against the Winter Olympics..." to this new section.
In this first sentence, swap "Later that year" (factually incorrect, event occurred before May 2018) for "In early 2018" (source).
Finally, add this paragraph beneath the Olympics paragraph:
Since 2021, Cisco has served as the NFL’s Official Enterprise Networking Partner and an Official Cybersecurity Partner. Publicly, Talos has provided cybersecurity support during Super Bowl LVI in 2022[1], Super Bowl LVII in 2023[2], Super Bowl LVIII in 2024[3], and Super Bowl LIX in 2025[4]. During the 2024 event, 39,000 security intelligence events were blocked by the Cisco Secure Firewall, which is fed threat intelligence from Talos, and 254,000 blocked were connections to and from blacklisted areas[5].
References:
[1] Holmes, Aaron (17 February 2022). “The NFL's cybersecurity chief explains how the league worked with Cisco to fend off cyberattacks during the Super Bowl”. Business Insider. Insider, Inc. https://www.businessinsider.com/how-the-nfl-fended-off-cyberattacks-during-super-bowl-cisco-2022-2. Retrieved 11 December 2025.
[2] (9 July, 2024). “Connecting and protecting Super Bowl LVII with Cisco and the NFL.” CBS News. Paramount. https://www.cbsnews.com/news/cisco-teams-up-with-the-nfl-to-defend-super-bowl-paid-content/. Retrieved 11 December 2025.
[3] Bradley, Tony (30 May 2024). “Defending Professional Sports Organizations Against Cyber Threats.” Forbes. Forbes Media, LLC. ats/https://www.forbes.com/sites/tonybradley/2024/05/30/defending-professional-sports-organizations-against-cyber-threats/. Retrieved 11 December 2025.
[4] Vijayan, Jai (28 January 2025). "Super Bowl LIX Could Be a Magnet for Cyberattacks." Dark Reading. TechTarget, Inc. https://www.darkreading.com/endpoint-security/super-bowl-lix-magnet-cyberattacks. Retrieved 11 December 2025.
[5] Bradley, Tony (30 May 2024). “Defending Professional Sports Organizations Against Cyber Threats.” Forbes. Forbes Media, LLC. https://www.forbes.com/sites/tonybradley/2024/05/30/defending-professional-sports-organizations-against-cyber-threats/. Retrieved 11 December 2025. Anciminnisi (talk) 17:23, 16 December 2025 (UTC)