Cisco Blogs


Cisco Blog > Security

Key Considerations for Threat-Based Security Programs

As we often say at Cisco, every business is a security business. That’s been true ever since widespread online presence led to widespread cyber threats. It became even more applicable as those threats became more sophisticated and less detectable. And now, with the Internet of Everything (IoE), that phrase is more relevant than ever before.

Cisco estimates that by 2020, 50 billion devices will be connected, whether you know it or not. Other advances in technology, such as mobility and cloud computing, will require a new way of thinking about network security. In today’s world of IoE, security must be top of mind as the number and type of attack vectors continues to increase, as does the amount of data that needs to be protected. Take a look at three key considerations for building your security program.

First, it’s essential to understand what kinds of threats are coming at you, as well the motivation behind them. You cannot protect against what you cannot see. Second, you need application visibility and control; a real-time, accurate picture of devices, data, and the relationships among them that helps make sense of billions of devices, applications, and their associated information. And third, you need an adaptable, flexible security posture supported by some of today’s biggest innovations and brightest minds.

The IoE is creating a host of new security challenges. A risk mitigation strategy based on these key tenets is essential to securing your information assets. Please let me know your thoughts, experiences and strategies regarding this complex issue in the comments section.

Steve Martino image

A Model for Evaluating Breach Detection Readiness

Given that modern attacks are complex and sophisticated, there is not a single product or tool that will ever be 100% effective at detecting threats. Prevention eventually fails. Therefore, you need protection before, during, and after an attack.

Modern-day networks are large and complicated. It is a nightmare for incident response teams and security investigators because it often takes days and months to identify that their networks were compromised. A wide variety of tools, technologies and platforms are available, like big data platforms, machine learning algorithms, statistical techniques, threat intelligence platforms, reputation feeds etc. It is often confusing for the decision makers to identify what is needed for their environment.
Read More »

Tags: , , ,

Reintroducing Snort 3.0

Snort 3.0

A little more than a year ago when Sourcefire became a part of Cisco, we reaffirmed our commitment to open source innovation and pledged to continue support for Snort and other open source projects. Our announcement of the OpenAppID initiative earlier this year was one of several ways we have delivered on this promise.

Today we are announcing the alpha release of a new Snort 3.0 architecture. This alpha release builds on several ideas that were part of the original 3.0 prototype developed several years ago and goes well beyond those initial concepts.

Snort 3.0 expands on the extensible architecture users have come to know and includes several new capabilities that make it easier for people to learn and run Snort. We encourage you check out it out at www.snort.org, give us your feedback and help us build a strong foundation for the future. As Joel mentions in his post, this is a very early release that is intended for community feedback more than anything else.

When I first began building Snort, I architected it so that we could continue to extend it over time. By working with the Snort community, it quickly evolved from the initial primitive idea of an easy-to-use intrusion detection engine to the powerful traffic analysis and control capabilities we have today. With millions of downloads and hundreds of thousands of registered users, Snort is the most widely deployed IPS technology in the world and has become the standard for intrusion detection and prevention. Snort is also the foundation of Cisco’s Next-Generation IPS and is one of the core technologies that cemented Sourcefire’s position as a leader in the security industry.

Cisco understands the power of open source and how it can help customers solve tough challenges. In the coming months you’ll hear more from us about Snort 3.0 and our continued efforts to deliver meaningful capabilities that underscore this commitment.

Tags: , ,

Insider Threats: Allow Employees to Conceal Network Traffic?

You can lock every window and bolt every door to keep out intruders, but it won’t be of much use if the attacker is already inside; if the attacker is an insider. Most security reports and headlines highlight stories of organizations that are attacked by an external party, but incident statistics highlight a growing number of attacks from insiders and partners. These incidents are real, and threaten your most sensitive information. How do you know when an insider is exfiltrating data from your organization? Cisco Managed Threat Defense (MTD) monitors for advanced network security intrusions using expert staff and OpenSOC, which Pablo Salazar introduced last month. Our staff has a decade of experience investigating security attacks and resolving benign anomalies. In my twelve years as an InfoSec professional, I’ve seen cases where employees conceal their activity for a variety of reasons. In one particularly interesting incident, it was discovered an employee was encrypting and obfuscating outbound traffic from his laptop over a period of several weeks, using for-purchase VPN software called Private Internet Access.

Banner image for Private Internet Access, which was used by the employee on the corporate network.

Banner image for Private Internet Access, which was used by the employee on the corporate network.

Read More »

Tags: , , , , ,

Dridex Is Back, then it’s gone again

This post was authored by Armin Pelkmann and Earl Carter.

Talos Security Intelligence and Research Group noticed a reappearance of several Dridex email campaigns, starting last week and continuing into this week as well. Dridex is in a nutshell, malware designed to steal your financial account information. The attack attempts to get the user to install the malicious software on their system through an until lately, rarely exploited attack vector: Microsoft Office Macros. Recently, we noticed a resurgence of macro abuse. If macros are not enabled, social engineering techniques are utilized to try to get the user to enable them. Once the malware is installed on the system, it is designed to steal your online banking credentials when you access your banking site from an infected system.

Talos analyzed three separate campaigns in the last days, all distinguishable from their subject lines. Read More »

Tags: , , , , , , , ,