Cisco Blogs

Cisco Blog > Security

Pushing Security from Edge to Endpoint

On November 3rd, Cisco announced that we are extending our Security Everywhere strategy with new solutions and services aimed at helping our customers gain greater visibility, context, and control from the cloud to the network to the endpoint. Providing organizations more visibility means being able to see all their systems, not just Windows but Mac, mobile, virtual machines, and now Linux!

AMP for Endpoints now has a dedicated Linux connector. Attacks against datacenters are on the rise. Given that these systems contain highly sensitive customer and corporate data, and more often than not custom applications that are central to the day to day business, organizations need to have deep visibility into these attack vectors in order to prevent, detect, scope, contain, and remediate targeted attacks faster and more efficiently. At the moment, the Linux connector will be available for RHEL 6.5 and 6.6 as well as CentOS 6.4, 6.5 and 6.6. It is available to all current AMP customers with existing accounts, and will also be available to ELA v4 customers.

Edge to Endpoint Malware Analysis

A critical component of this launch is the extension of our advanced malware analysis and threat intelligence solution, AMP Threat Grid.

We have integrated AMP Threat Grid into our ASA with FirePOWER Services models, FirePOWER NGIPS appliances and the AMP for Networks solution. These are three huge integrations that can now tap into the power of the Threat Grid malware analysis engine. Why is this so big? Well, we acquired ThreatGRID in the summer of 2014. By January 2015 we had it integrated into our AMP for Endpoints products. We reached another critical milestone in the summer of 2015 by adding the AMP Threat Grid sandboxing capability to Cisco’s Email and Web Security solutions. Now, just a few months later, we are realizing the vision of providing full edge-to-endpoint sandboxing on a single platform – AMP Threat Grid. This is immensely powerful for anyone using the solution.

Read More »

Tags: , , , ,

OpenDNS Introduces IP-Layer Enforcement for Umbrella

Cisco announced on Tuesday that OpenDNS was updating its cloud-delivered network security and threat intelligence solutions, as part of the company’s strategy to provide Security Everywhere across the extended network. Acquired in August, OpenDNS handles nearly 80 billion daily DNS requests and uses its unique view of the Internet to extend security for an increasingly mobile and off-network workforce.

Umbrella, OpenDNS’s cloud-delivered network security solution, already provides advanced threat protection for any device, anywhere, anytime. Umbrella encrypts DNS requests from endpoints and ensures the laptops and mobile devices employees use are not contacting malicious domains. But not all attacks rely solely on domains to communicate and deliver malware over the Internet. That’s why, with this latest announcement, the security service now protects direct IP connections.

Read More »

Tags: ,

Reverse Social Engineering Tech Support Scammers

This post is authored by Jaime Filson and Dave Liebenberg.


A mosaic made up of 1-800 tech support scam websites

The amount of fraudulent actors masquerading as legitimate tech support has been on the rise since 2008. According to David Finn, executive director at the Microsoft Cybercrime Center, tech support scammers have made nearly $1.5 billion off of 3.3 million unwitting victims just this year. These scammers typically convince the victim into allowing them access to his/her computer through remote control applications such as TeamViewer. They then present benign processes as malicious, or at times even spread malware themselves. Afterwards, they charge hundreds of dollars for the service.

There are several avenues through which these scammers reach their victims. One of the most insidious are pop-ups and websites asserting that the user’s computer is riddled with viruses, and that the only way to fix the problem is to call a provided tech support number.

Talos has been monitoring the incessant creation of these fake tech support websites in order to better understand the way in which these scams operate. We decided to call a company ourselves for some reverse social engineering. Our experiment provided some interesting insights into the methods these scammers use to fool their victims as well as the infrastructure supporting their operations. In addition, we discovered a broad New Delhi-based scamming network employing multiple websites and VOIP phone numbers to carry out their duplicitous activities.


Tags: , , , , , ,

ISE 2.0 Extends Greater Visibility, Usability and Control

More employees need access to more enterprise resources from more devices than ever, and attacker ingenuity and persistence have reached new heights. As a result, organizations are losing sight of who and what is accessing the network – and the threats that may take hold. And the problem is only going to grow as 500 billion new devices are expected to be connected to the network by 2030.

How can you protect what you can’t see?

In the face of an ever-increasing number of attack vectors and advanced threats, Cisco is committed to helping organizations extend security everywhere – in effect, to wherever employees are and wherever data is – without sacrificing operational efficiency. Cisco ISE 2.0 extends security further into the network with new capabilities that help you see and control what’s on your network like never before and accelerate threat mitigation.

Introducing Cisco ISE 2.0

The newly redesigned Cisco ISE security management platform provides greater visibility, usability, and control.

Deeper Visibility Provides Superior Network Insight and Control

Expanding ISE’s Reach and Scope within Diverse Network Environments. Customers can now deploy ISE services such as Profiling, Posture, Guest, and BYOD with 802.1x NADs manufactured by non-Cisco vendors. This extends the reach and scope of advanced authorization capabilities in ISE to ensure endpoint compliance across a more varied range of networks.

Access Policy become geo-location driven! Create and enforce access policy controls based on specific geo-location information thanks to the integration with the Cisco Mobility Services Engine (MSE). For example, a healthcare organization can control a doctor’s access to patient records only while in the hospital, a corporation can grant executives’ access to confidential information for a board meeting while only in the board room, a school can control a student’s ability to stream content only when physically inside the classroom.

Read More »

Save money with branch security

Trends like bring-your-own-device, mobility, and cloud computing are creating a surge in the number and types of devices connecting to the network and driving demand for WAN bandwidth. Remote and branch office employees expect fast, secure connectivity but most enterprises don’t have spare operational budget to increase their WAN bandwidth to backhaul all traffic to headquarters in order to keep it secure.

Enter Intelligent WAN, or IWAN. With IWAN, the Internet becomes a reliable, cost-effective way to supplement the WAN. Cisco’s IWAN also enables secure direct Internet access (DIA). Instead of backhauling branch office Internet traffic across the WAN, traffic is redirected to the Cisco Cloud Web Security (CWS) proxy, located in one of our data centers around the world, for inspection.

Now Cisco CWS is available on even more Integrated Services Routers (ISRs) for improved IWAN capabilities and additional deployment flexibility. Enterprises can use Cisco’s newest branch routing platform, the ISR 4000 Series, to redirect traffic to a CWS proxy using Generic Routing Encapsulation (GRE) over IPsec.

Read More »

Tags: , , ,