Cisco Blogs


Cisco Blog > Security

The Dreaded “5-Tuple”

5-tuple

If you were to ask any security administrator who had to manage the security policies across an organization, they would probably define the “5-Tuple” as a “hard to understand, cryptic method leftover from the 1990s’ policy management for implementing access control and segmentation capabilities in networks.

Despite its complexity, 5-Tuple has been a mainstay in performing access control and segmentation for decades. However, Cisco has provided an alternate deployment approach to the pains of the “5-Tuple” approach to managing security policies across the organization by delivering Cisco TrustSec across our product portfolio so that Security Teams could consolidate their security policies, scale segmentation, and create a security fabric that spans across the entire organization. Read More »

Tags: , ,

Malicious PNGs: What You See Is Not All You Get!

This post was authored by Earl Carter and Nick Randolph.

Threat actors are continually evolving their techniques. One of the latest Graftor variants is delivering a Malware DLL via a PNG file delivery mechanism. Graftor basically indicates some type of trojan hiding in a piece of software. Hiding executables and DLLs in PNG files is yet another attempt to avoid detection and deliver malicious content to user systems. In this instance, the malicious content is placed at the end of the real PNG file data.

Read More »

Tags: , , ,

The Proliferation of Mandates: A Growing Threat to Supply Chain Security

As the focus on securing Information and Communications Technology (ICT) supply chains intensifies, the number of standards and guidelines is increasing at a troubling pace. These well-intended efforts to provide a framework for security may very well be “cooking the global ICT supply chain goose,” without moving the security needle. For more on this challenge see SC Magazine from the CSO’s Desk: The proliferation of mandates.

Tags: , ,

No Such Thing as Implicit Trust

News has not been kind to US headquartered technology companies over the past year.  From an erosion of faith because of a company’s geographic location, to a series of high profile breaches that are calling into question trust in your IT systems. Technology providers and governments have a vital role to play in rebuilding trust.  And so do customers—who need to demand more from their technology providers.

In my recent trip to Europe, and speaking to some balanced, thoughtful, and concerned public officials, it got me thinking.  Why do we trust the products we use? Is it because they work as advertised? Is it because the brand name is one we implicitly believe in for any number of reasons? Is it because the product was tested and passed the tests? Is it because everyone else is using it so it must be okay? Is it because when something goes wrong, the company that produced it fixes it? Is it because we asked how it was built, where it was built, and have proof?

That last question is the largest ingredient in product and service acquisition today, and that just has to change. Our customers are counting on us to do the right thing, and now we’re counting on them. It’s time for a market transition: where customers demand secure development lifecycles, testing, proof, a published remediation process, investment in product resilience, supply chain security, transparency, and ultimately – verifiable trustworthiness.

We saw some of this coming, and these are some of the principles I hear customers mention when they talk about what makes a trustworthy company and business partner. Starting in 2007, with a surge that began in 2009, we’ve systematically built these elements into our corporate strategy, very quietly, and now we want the dialogue to start.

I’m challenging customers to take the next step and require IT vendors to practice a secure development lifecycle, have a supply chain security program, and a public, verifiable vulnerability handling process.

I recently recorded the video blog above discussing what it means to be a trustworthy company.  I hope you will share your thoughts and experiences in the comment section.

Tags: , , , ,

Tax Time: Let the Phishing Begin

This post was authored by Earl Carter and Craig Williams.

With the April 15th US tax deadline only about 2 months away, a new wave of tax related phishing is underway. In this latest spear-phishing campaign, attackers are attempting to gain access to your system so that they can steal your banking and other online credentials. An interesting twist to this latest campaign is that they seem to be specifically targeting high level security professionals and CTOs in technical companies.

On Tuesday, Talos noticed the beginning of a phishing campaign in our telemetry data. The subject of the emails all revolve around payment confirmation or Federal taxes. Some of the common subjects include:

Payment Confirmation
Federal tax payment received
Federal TAX payment
Payment Service

Read More »

Tags: , , , , , ,