Cisco Blogs

Cisco Blog > Security

How (not) to Sample Network Traffic

This post has been authored by Karel Bartos and Martin Rehak

The volume of the network traffic has been steadily increasing in the last years. In the same time, the delivery of critical services from cloud data centers has increased not only the volume of traffic, but also the complexity of transactions.

High volumes of network traffic allow the attackers to effectively hide their presence in the background. Moreover, attackers can shift or deceive the internal models of detection systems by creating large bursts of non-malicious network activity. Such activity typically draws an attention of statistical detection methods and is further reported as anomalous incident, while the important, yet much smaller malicious activity would remain unrecognized. To counter this, we need to deploy more sophisticated detection models and algorithms to detect such small and hidden attacks. The increase in volume of the transaction logs also brings computational problems for such algorithms, as they may easily become increasingly difficult to compute on the full traffic log.

Sampling reduces the amount of input network data that is further analyzed by the detection system, allowing the system of arbitrary complexity to operate on network links regardless of their size. However, the use of sampled data for CTA would be problematic, as it negatively impacts the efficacy. CTA algorithms are based on statistical traffic analysis and adaptive pattern recognition, and the distortion of traffic features can significantly increase the error rate of these underlying methods by breaking their assumptions about the traffic characteristics. The loss of information introduced by sampling methods also negatively impacts any forensics investigation.

Read More »

AnyConnect Makes Working From Anywhere Even More Secure

AnyConnect 4.2 adds deeper visibility and control over endpoints and network access

In our mobile, connected world more users are connecting to the corporate network with more devices from more places than ever before. In fact, analysts estimate that this year the average worker will use three personal devices for work purposes – that’s more than 15 billion mobile devices with access to enterprise networks. And the reality is that many of those devices have been compromised; 75 percent of organizations surveyed by Cisco said their mobile devices had been targeted by malware within the past 12 months.

Organizations need to provide secure access to systems and data over a mix of trusted and untrusted networks and personal and corporate-sanctioned devices. Cisco is committed to helping organizations extend security everywhere with an intelligent, seamless, and always-on connectivity experience across the proliferating scope of mobile devices.

Cisco AnyConnect Secure Mobility Client supports context-aware comprehensive security policy enforcement regardless of where the endpoint is physically located. The new Cisco AnyConnect extends security even deeper into endpoints and the network with new capabilities that provider greater visibility to protect what matters most – corporate digital assets.

Cisco AnyConnect, now version 4.2, delivers significant improvements and new features for greater endpoint visibility and control.

Read More »

Tags: , , ,

Gaining Productivity and Peace of Mind: Cisco Cloud Access Security

Cloud applications are revolutionizing the way your employees can do their work. They enable Bring-Your-Own-Device (BYOD), are inherently mobile, can be up and running in minutes, and allow users to collaborate with anyone from anywhere to get their jobs done. It’s no wonder that cloud app adoption is growing at unprecedented rates. According to Forrester, breakthrough productivity gains are expected to drive the cloud app market to reach over $130 billion by 2020. But along with these benefits, cloud apps also carry unseen dangers: data leakage, insider threats, and compliance failures. These risks stem from four challenges that IT administrators face as cloud apps become a standard tool to help employees get their jobs done.

1 – Cloud App Visibility. Because cloud apps are so fast, easy, and affordable to deploy, many IT administrators are facing a problem of Shadow IT – employees using unsanctioned apps and bypassing IT security controls. Even Line of Business heads can approve cloud apps for entire departments to use, rolling out a new tool without the IT team knowing anything about it. Shadow IT inhibits SaaS visibility; IT can’t see which apps are being used so they can’t identify risky apps and are powerless to set informed app controls.

Cisco Cloud Access Security (CAS) provides visibility by presenting a complete list of all cloud apps that employees are using. This is a major step toward solving the Shadow IT problem. But CAS goes even further, providing a risk score associated with each cloud app based on 60+ attributes that are weighted according to the risk profile of the business. A cloud app that is considered “enterprise quality” supports multiple enterprise security requirements. With a complete list of cloud apps and their associated scores, IT administrators can decide whether a cloud app should be sanctioned or should be blocked.

Read More »


Microsoft Patch Tuesday – November 2015

Microsoft’s Patch Tuesday has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 12 bulletins addressing 53 vulnerabilities. Four bulletins are rated critical and address vulnerabilities in Edge, Internet Explorer, Windows Journal, and Windows. The remaining eight bulletins are rated important and address vulnerabilities in .NET, IPsec, Kerberos, Lync/Skype for Business, NDIS, Office, SChannel, and Winsock.

Bulletins Rated Critical

Microsoft bulletins MS15-112 through MS15-115 are rated as critical in this month’s release.

MS15-112 and MS15-113 are this month’s Internet Explorer and Edge security bulletin respectively. In total, 25 vulnerabilities are addressed with four of them specifically affecting both IE and Edge. The remaining 21 vulnerabilities only affect Internet Explorer. The majority of the vulnerabilities that are resolved in this month’s release are memory corruption defects. In addition, an ASLR bypass, an information disclosure vulnerability, and a couple of scripting engine flaws are also addressed.


Tags: , , ,

Easy-to-Use Threat Intelligence for Organizations of All Sizes: Threat Awareness Service

From credit card numbers to medical records, small and midsize organizations hold the same sensitive information as large enterprises. We often think of multinational corporations and governments as the primary targets for cybersecurity breaches, but smaller companies face the same threats. As enterprises start to spend more on security, hackers are increasingly looking to pick lower-hanging fruit by targeting smaller organizations. In recent years, more than half of known breach victims have been organizations with less than 1,000 employees, and 66% have fewer than 10,000.[1]

Without the large security budget or dedicated cybersecurity expertise of a major enterprise, smaller organizations struggle to implement threat intelligence solutions that can help them see suspicious activity occurring in their networks. These solutions are generally hard to deploy, difficult to use, and costly to obtain.

To help organizations of all sizes gain continuous visibility into suspicious activity occurring on their networks, we are introducing Cisco Threat Awareness Service, a threat intelligence service that enhances threat visibility by making security information available 24 hours a day, 7 days a week. Accessed through a web portal, this cloud-based service provides visibility into inbound and outbound network activity from the outside and highlights potential threats requiring additional attention. Cisco Threat Awareness Service requires no configuration changes, network infrastructure, or new software, so you can deploy the service quickly, easily, and cost-effectively.

Read More »

Tags: , , , , , ,