Cisco Blogs


Cisco Blog > Security

Endpoint Visibility is Key to Combatting Attacks

As an IT security practitioner, you have a lot on your plate. Malware attacks are ever present. Hackers are smarter than ever and have the resources and persistence to compromise your organization. The malware being created today is more sophisticated. And the number and types of devices being used in the workplace are expanding, which is increasing the attack surface for malware delivery. With all of these new endpoints being used in the workplace, it’s no surprise that more than 70% of respondents in the 2014 State of Endpoint Risk study by Ponemon say that endpoint security risk is more difficult than ever to manage. Without visibility into potential malicious activity on the endpoints, how are you expected to effectively defend against an attack launched from an endpoint?

Let’s face it: endpoints are everywhere now. The definition of an endpoint has expanded vastly from its first iteration as a tethered desktop computer. We have Windows and Mac laptops; tablets and smartphones; virtual environments; and now even smart watches. We rely on these devices every day. Furthermore, with the advent of the Internet of Everything (IoE), the number and variety of connected devices are set to explode. Cisco estimates that as many as 50 billion devices will be connected to the network by the end of the decade.[1]

The number of attacks targeting these devices is on the rise. In the same Ponemon study, 68% of respondents reported that their mobile endpoints have been the target of malware in the last 12 months. Examples are plentiful. A user with a personal Android phone that has been infected with malware plugs the phone into the office computer to charge it and the malware infiltrates the corporate network. An employee connects their work laptop to their home wi-fi connection and malware lying dormant seizes the opportunity to launch an attack through the back door. Someone surfing the web visits a legitimate website and clicks on an ad that is actually infected. Third-party applications downloaded from seemingly reputable sites can also introduce security risks.

Attackers understand how to exploit these gaps in protection that a proliferation of endpoints can create and work relentlessly to drive their attacks home. Their attacks are dynamic and multidimensional and require continuous scrutiny. As an IT security practitioner, you can’t protect what you can’t see. You need security solutions on the endpoint that couple continuous visibility and control so that you can not only see what’s happening on all of the endpoints on your extended network, but have the power to stop an outbreak quickly if an attack gets through.

Cisco Advanced Malware Protection (AMP) for Endpoints gives you unmatched visibility and control on endpoints, including PCs, Macs, mobile devices, and virtual environments. AMP is continuously monitoring activity on your endpoints, recording everything that it sees, which gives you the ability to roll back time on would-be attackers. When a file starts behaving badly, AMP is there to catch it, and gives you detailed information on how the malware got there in the first place, where it has gone, what other systems have been affected, and what exactly the malware is doing. With this information on root cause and point-of-entry, the complete ancestry and lifecycle of the file, and detailed analysis on the malware’s activity, you can surgically remediate malware from all of the affected areas on your endpoints and extended network. Whether you’re dealing with endpoints connected to a protected network or roaming on public or personal in-home wi-fi, AMP provides you with continuous and integrated detection, response, and remediation capabilities. Download this whitepaper to learn more about a new model to protect the endpoint.

To learn more about AMP for Endpoints, visit www.cisco.com/go/amp

[1] Cisco Internet of Things: http://www.cisco.com/web/solutions/trends/iot/indepth.html

Tags: , ,

Weaponized Powerpoint in the Wild

This post was written by Jaeson Schultz.

On October 14th information related to a new Windows vulnerability, CVE-2014-4114, was published. This new vulnerability affects all supported versions of Microsoft Windows. Windows XP, however, is not affected by this vulnerability. The problem lies in Windows’ OLE package manager. When triggered it allows for remote code execution.

Read More »

Tags: , ,

New Security White Paper: Unified Computing System (UCS) Hardening Guide

Check out the new Cisco UCS Hardening Guide white paper which is now released  and available on the Cisco Security Portal. The paper outlines and highlights security best practices for Cisco UCS.

This paper provides information to help users secure Cisco Unified Computing System (Cisco UCS) platform and provides guidance on how to harden Cisco UCS Software features.  The paper provides references to lots of related documentation.

Please access it using the following URL: http://www.cisco.com/web/about/security/intelligence/ucs_hardening.html

Tags: , ,

Announcing the IoT Security Grand Challenge Winners

The Internet of Things (IoT) is exponentially increasing the number and type of attack vectors, creating many new cybersecurity challenges for organizations and those responsible for defending the infrastructure. These new threats to data and physical security are a top concern for organizations as they seek ways to gain greater operational efficiencies and power new business models by expanding connections between people, process, data and things. Cisco understands that protecting all of the interactions of the IoT is crucial in enabling people and organizations to benefit from these advances.

The IoT requires new models for innovation, new architectures and new approaches to cybersecurity. With this in mind, earlier this year, we announced the Internet of Things Security Grand Challenge. As part of this industry-wide initiative, we invited the global community to propose practical security solutions to address the new security challenges the IoT and IoE presents. This initiative is one of several global efforts at Cisco to accelerate industry innovation and the adoption of breakthrough technologies that will contribute to the growth and evolution of the IoT.

Our outreach to the global community generated more than 100 entries from leading universities, businesses, industry start-ups and entrepreneurs worldwide with proposals for solutions in the following focus areas – Malware Defense, Security Credential Management and Privacy Protection.

After an extensive review process conducted by a team of experts, Cisco chose four innovative IoT security solutions as the winners of the Internet of Things Security Grand Challenge. These winners represent some of the most innovative approaches to enable people and organizations to benefit from IoT. Each winner selected was awarded $75,000 USD and is being showcased this week at the Internet of Things World Forum. The winning entries are:

  • Cornell Tech and Rice University: Physical Proof-of-Presence Protocols (P4) for Transient Connections in the IoT
  • Excalibur: Context-Aware Blockchain Naming / Discovery /Authentication
  • Carnegie Mellon University: Dynamically Controlling IoT Privacy Risks and Trade-offs with Fog Mediation
  • Aircloak and the Max Planck Institute for Software Systems: Anonymized Analytics through Cloaking

To learn more about the winners, visit https://ninesights.ninesigma.com/web/cisco-gc.

As more organizations adopt new business models related to the Internet of Everything (IoE) and IoT, their security solutions and processes must also adapt with this change. Now more than ever, organizations must be enabled to implement dynamic controls to manage the pace of change in their environments and address security incidents—before, during and after an attack.

Congratulations to the winners and for those of you who are at the IoT World Conference, be sure to check out the winning entries! www.ciscosecuritygrandchallenge.com

POODLE and The Curse of Backwards Compatibility

This post was written by Martin Lee

Old protocol versions are a fact of life. When a new improved protocol is released, products still need to support the old version for backwards compatibility. If previous versions contain weaknesses in security, yet their continued support is mandated, then security can become a major issue when a potential weakness is discovered to be a genuine vulnerability and an exploit is released.

The Transport Layer Security (TLS) protocol defines how systems can exchange data securely. The current version 1.2 dates from August 2008, however the protocol’s origins lie in the Secure Sockets Layer (SSL) standard first published in February 1995. As weaknesses in the cryptography and flaws in the protocol design were discovered, new versions of the protocol were released.

In order to maintain interoperability the most recent TLS standard requires that systems support previous versions down to SSL 3.0. The discovery of a cryptographic weakness in SSL 3.0 and the publication of an attack that can exploit this provide attackers with a means to attack TLS implementations by intercepting communications using the old SSL 3.0 protocol.

The vulnerability, assigned the Common Vulnerability and Exposure ID CVE-2014-3566, and referred to as POODLE, allows an attacker to modify the padding bytes that are inserted into SSL packets to ensure that they are of the correct length and replay modified packets to a system in order to identify the bytes within a message,  one by one. This allows an attacker to discover the values of cookies used to authenticate https secured web sessions. Nevertheless, the vulnerability potentially affects any application that secures traffic using TLS, not only https traffic. Read More »

Tags: , , , , ,