Cisco Blogs


Cisco Blog > Security > Threat Research

Another Major Vulnerability Bashes Systems

Vulnerabilities that permit remote network attacks against ubiquitous software components are the nightmares of security professionals. On 24 September the presence of a new vulnerability, CVE-2014-6271 in Bash shell allowing remote code execution was disclosed.
Read More »

Tags: , , , , , ,

Announcing the Cisco IOS Software Security Advisory Bundled Publication

Today, we released the final Cisco IOS Software Security Advisory Bundled Publication of 2014. Six years ago, Cisco committed to disclosing IOS vulnerabilities on a predictable schedule (on the fourth Wednesday of March and September each calendar year) in direct response to your feedback. We know this timeline allows your organization to plan and help ensure resources are available to analyze, test, and remediate vulnerabilities in your environments.

Today’s edition of the Cisco IOS Software Security Advisory Bundled Publication includes six advisories that affect the following technologies:

  • Resource Reservation Protocol (RSVP)
  • Metadata
  • Multicast Domain Name System (mDNS)
  • Session Initiation Protocol (SIP)
  • DHCP version 6 (DHCPv6)
  • Network Address Translation (NAT)

Read More »

Tags: , , , , , ,

Continuing Our Legacy: Cisco Leads in Security Effectiveness

Last week we announced the availability of Cisco ASA with FirePOWER Services, which represents the industry’s first threat-focused next-generation firewall (NGFW). This offering addresses threats across the full attack continuum anytime and anywhere a threat may manifest.

Today NSS Labs released the final reports from its 2014 comparative NGFW testing, focusing on security effectiveness, total cost of ownership (TCO), performance and management. Classic FirePOWER appliances, such as the FirePOWER 8350 and the new Cisco ASA with FirePOWER Services, were included and scored equally well in testing, specifically in security efficacy.

If you have been following the Cisco security strategy then our results will not be a huge surprise to you. And, if you haven’t been following, then these results are going to be of great interest. In less than one year after the acquisition closed we have integrated leading next-generation IPS (NGIPS) and Advanced Malware Protection (AMP) into the Cisco ASA product line, and achieved this integration without compromising performance and continuing to innovate and focus on what matters: stopping threats. The below NSS Labs Security Value Map (SVM) visually depicts the results of this testing and includes Cisco ASA with FirePOWER Services and the classic FirePOWER 8350 appliance. All achieve top marks for security – the same position that FirePOWER appliances have always enjoyed.

NSS NGFW SVM Edition 3 Graphic

Since the inception of Sourcefire, the focus has always been on providing the most effective security in the market. Cisco continues this focus on improving coverage, decreasing customer exposure, providing unmatched visibility, and empowering customers to protect your networks and customize that protection to match your infrastructure, applications, and risks. We go further in creating the best management capabilities available and deliver the combination through our purpose-built solutions designed for enterprise networks. We believe the combined platforms provide the best overall flexibility, coverage, value, and reliability there is.

We are proud to have our products lead the SVM for security effectiveness and we’ll continue to commit to maintaining our leadership by providing our customers the best protection possible in as many ways as possible. If you have not seen them already you can download copies of the reports for the Cisco ASA with FirePOWER Services and the FirePOWER 8350.

Tags: , , , ,

Part 1: Why Is Enabling Only Authorized Users So Complex?

In the past, a critical component of preventing threats was understanding and controlling network access and access to network resources based on role, while also denying access for unauthorized users and devices.

However, assuring this secure network access has been increasingly difficult due to:

  • Complexity in understanding more than just who, but how, by what, when and from where users and devices attempt to access network resources
  • Complexity in connecting authorized users to needed services with the explosion of both on premise and remote devices used by a single user
  • Complexity in evolving network architectures where networks have become more “flat” and difficult to manage from a security standpoint
  • Complexity in unifying the number of disparate security systems that need to be configured, managed and visualized

These various aspects of security complexity challenge security practitioners with delivering the right services and purchasing the right solutions to not just handle the complexity, but also reduce it. However, when we take a look at IT security spending, where does the majority of investment go and where do most vendors siphon their money to and why?

If you look across the entire attack continuum, there are three phases that people need to focus on when dealing with threats and attacks: before an attack happens, during the time it is in progress, and even after the damage is done. To properly protect against threats in all stages, organizations need to reinvestigate their security to gain visibility and control across these three phases in order to truly reduce risk.

Read More »

Tags: , ,

Threat Spotlight: “Kyle and Stan” Malvertising Network 9 Times Larger Than Expected

This post was authored by Armin Pelkmann.

On September 8th, Cisco’s Talos Security Intelligence & Research Group unveiled the existence of the “Kyle and Stan” Malvertisement Network. The network was responsible for placing malicious advertisements on big websites like amazon.com, ads.yahoo.com, www.winrar.com, youtube.com and 70 other domains. As it turns out, this was just the tip of the iceberg. Ongoing research now reveals the real size of the attackers’ network is 9 times larger than reported in our first blog. For more details, read the Kyle and Stan Blog.

The infographic below illustrates how much more of the malvertisement network was uncovered in comparison to our first assessment. We have now isolated 6491 domains sharing the same infrastructure. This is over 9 times the previously mentioned 703 domains.  We have observed and analyzed 31151 connections made to these domains. This equals over 3 times the amount of connections previously observed. The increase in connections is most likely not proportional to the domains due to the fact that a long time that has passed since the initial attacks.

img_new_numbers

The discovery difference from the previous blog to this one in raw numbers. With more than 3-times the now observed connections and over 9-times the revealed malicious domains, this malvertising network is of unusually massive proportions.

Read More »

Tags: , , , , , , , , , , , , , , , , , ,