The Cisco IPS Signature Development team has released 4 signature updates in the past week. Each of the updates contains either modifications to existing signatures or additional signatures for detection of attacks related to the OpenSSL Heartbleed issue. I’m going to take a moment to summarize the signature coverage.
To best utilize your Cisco IPS to protect against the OpenSSL Heartbleed issue:
- Update your sensors to signature update pack S788.
- Enable and activate sub-signatures /3 and /4 for signature 4187, leaving /0, /1, and /2 disabled and retired (by default, signature 4187 is disabled and retired across all sub-signatures).
- Sub-signatures /3 and /4 are set at a severity of Informational and Low, respectively, and will not drop traffic by default. If after monitoring the sensor alerts, you are comfortable dropping traffic inline based on those alerts, you will need to add an action of “deny-packet” to each signature.
Further detail regarding the released signatures:
Read More »
Tags: heartbeat, Heartbleed, IPS, IPS signatures, security
Despite the many benefits of IoT, the billions of connected sensors, devices, and other smart objects it comprises will also dramatically increase the diversity of threats we will face. As a result, ensuring that we can reap the overwhelming benefits of IoT without undermining security will take strong leadership and a great deal of teamwork throughout the industry. That’s why I’m proud that Chris Young, Senior Vice President, Cisco Security Group, recently made the list as one of the top 100 thought leaders for IoT!
Read the full blog post to learn more.
Tags: Cisco, Cisco Security, cybersecurity, Internet of Everything, internet of things, IoE, IoT, IoT Security, network security, security
Last week I published a brief blog about the OpenSSL heartbeat extension vulnerability, also known as the Heartbleed bug.
One commenter asked, “What about the Cisco.com website? Is it safe to change our passwords on the site?” We received a handful of similar questions from customers today, so I would like to offer our formal advice.
The Cisco Security Incident Response Team (CSIRT) has not found any Cisco.com infrastructure that was vulnerable to the Heartbleed vulnerability. There is also no evidence to suggest a compromise of Cisco.com user accounts.
You are safe to change your password by visiting the Cisco.com profile management page – in fact regular password changes are something we actively recommend.
Regardless of the website you are visiting, use of a strong password and regular password changes are an important part of online safety. If you are looking for more password advice, we recommend the following US-CERT security tip: Choosing and Protecting Passwords.
Tags: cisco.com, Heartbleed, password, security
A recent Bloor Research Market Update on Advanced Threat Protection reminds us of something that many security vendors have long been loath to acknowledge: traditional, point-in-time technologies, like anti-virus or sandboxes, are not entirely effective when defending against complex, sophisticated attacks.
This is due to something we have said before and we will say again: malware is “the weapon of choice” for malicious actors. We know blended threats introduce malware. Our 2014 Annual Security Report notes that every Fortune 500 company that was spoken to for the report had traffic going to websites that host malware. Bloor tells us all, once again, that attack methods are becoming more complex.
To put it plainly, when it comes to networks being breached, it is not a case of if, but when.
Read More »
Tags: Advanced Malware Protection, Advanced Threat Detection, AMP, analyst, Cisco, malware, research, security, Sourcefire
Editor’s Note: This is the third part of a four-part series featuring an in-depth overview of Infosec’s (Information Security) Unified Security Metrics Program (USM). In this installment, we discuss the effectiveness of the USM program at Cisco.
Information security is all about risk reduction, and risks are notoriously difficult to measure -- ask any insurance salesman or actuary. So how do we handle this conundrum for a security metrics program that hasn’t even reached its second anniversary yet?
Peter Drucker, noted business management author, once said, “Efficiency is doing the thing right. Effectiveness is doing the right thing.” Even at this early stage of the USM program, we can see four clear indicators demonstrating we’re doing the right things to improve Cisco’s security posture across the IT organization and Cisco. They include the creation of newly defined partnerships, leveraging existing IT risk management frameworks, developing well-defined feedback mechanisms, and gaining increased support and visibility at the CIO level.
Read More »
Tags: information security, infosec, metrics, security, unified security metrics program, usm