Takedowns of prolific spam botnets, such as Rustock in 2011 and Grum in 2012, had a substantial effect on reducing overall global spam volumes. This, combined with diminishing returns for spammers sending via bots, had left many email recipients basking in the comfort of (mostly) clean inboxes. No doubt this downward trend in global spam volumes also saved countless dollars that would have otherwise been frittered away on phony university degrees, suspect weight loss products, and erectile dysfunction medication.
Unfortunately, however, the good times seem to be coming to an end. Spam volumes have increased to the point that spam is now at its highest level since late 2010. Below is the graph of global spam volume as reported by Cisco SenderBase. From June 2013 to January 2014, spam was averaging between 50-100 billion messages per month, but as of March 2014 volumes were peaking above 200 billion messages per month--more than a 2X increase above normal.
Read More »
Tags: CBL, SenderBase, spam
The Insider Lifecycle
Traditional security is designed to keep outsiders from getting in. What happens when the enemy is an insider? A new paradigm must be explored, where the focus needs to shift inward and how data is going outbound.
Identifying anomalies in data exfiltration is critical to how to spot the insider. The insider has a typical lifecycle:
1. Identify places where sensitive data is store
2. Retrieve the data from the location
3. Move the data within the organization to prepare for exfiltration
4. Transfer the data outside the organization
Arguably, the weak points of this chain of events occur in steps 1, 2, and 4, where the insider must go through funnel points—near the data and at a public outbound connection.
Things to Look For
In almost all cases of data theft, the insider had access to the data, but in many cases, the insider’s role would have been suspect when considering the data they were accessing. Consequently, role should be examined for the end user in the context of data they are accessing.
Read More »
Tags: compromise, espionage, exfiltration, insider, insider threat, intellectual property, security, Sensitive data, threat
Interested in learning more about the Cisco IoT Security Grand Challenge? Plan to attend a free one-hour webinar at 12 p.m. EDT Wednesday, May 7. Cisco Futurist Dave Evans and Dr. Tao Zhang, Chief Scientist for Smart Connected Vehicles at Cisco, will talk about why the Challenge is so important to the future of IoT, and answer any questions you may have.
Read the full blog for more information.
Tags: cyber security, Internet of Everything, internet of things, IoE, IoT, IoT Security, network security, security
Enrollment over Secure Transport (EST) is a new standard (RFC7030) designed to improve the lifecycle management of digital certificates, a key element for secure communications. Cisco Engineer Max Pritikin coauthored the EST standard.
We’re very excited about the potential use cases of EST, which are, as we’ll discuss in a moment, pretty versatile.
To understand EST and how it works, let’s look at a basic use case: A controller, such as a Wi-Fi access point, manages an endpoint. To secure the management communication, both the controller and the endpoint authenticate each other using certificates. EST is a new way to obtain those certificates that is more secure and comprehensive than previous approaches, such as Secure Certificate Enrollment Protocol (SCEP). One area EST is superior to previous approaches is that it enables the use of Cisco’s Next Generation Encryption (NGE), which uses Elliptic Curve Cryptography (ECC) to get the job done as opposed to RSA encryption. That’s a lot of acronyms, so let’s take a step back to explore what this all means.
The next level of encryption
Today’s modern threats demand a new standard of encryption. Cisco’s move to NGE is paving the way for the next decade of cryptographic security. NGE provides a complete algorithm suite that is comprised of authenticated encryption, elliptic-curve based digital signatures and key establishment, and cryptographic hashing. These components provide high levels of security and scalability, aimed at protecting critical data and setting the standard for encrypting sensitive data in networks all over the world.
These cryptographic technologies meet the evolving needs of governments and enterprises by using innovative, battle-tested cryptographic algorithms and protocols, and are beginning to be used in place of legacy cryptographic approaches. EST drives the adoption of ECC, strengthening Cisco’s products and in turn strengthening the security posture of our customers.
EST can be used for a variety of purposes. Enterprises with a number of network endpoints require the “re-enrollment” (re-issuance) of certificates every period, potentially every year. This helps prevent servers going offline due to expired certificates, and the ensuing scramble to obtain and install updates. EST enables automatic re-enrollment to obtain a new certificate, making this a faster and less labor-intensive process. Additionally, EST supports automatic redistribution of CA certificates when they are updated. These improvements are immediately valuable and will be very important for future Internet of Everything (IoE) environments where the large numbers of endpoints will make certificate management highly complex.
Protecting against modern threats
For another example of how EST can help protect the modern network, look no further than your home page and the daily news. The recently discovered Heartbleed bug has thrown the industry into a panic, with enterprises, consumers, and organizations scrambling to assess the fallout and determine an appropriate remediation strategy. Many sites are recommending the replacement of certificates. If EST were in wide deployment, its re-enrollment capabilities would significantly reduce the impact of refreshing the server certificate, supporting much more rapid resolution of the security vulnerability.
As an open standard, EST will increase interoperability with other company’s offerings, including our CA partners. Cisco has taken steps to accelerate adoption and interoperability by providing EST software in the open source community, through Github. Even at this early stage, we’re seeing some positive feedback. Phil Gibson, chairman of the PSNGB, the Industry Trade Association for Public Services Networks (PSN) suppliers, said: “The Public Services Network is now the primary infrastructure for the majority of government communications in the UK and the encryption solutions it uses must continue to evolve. Due to the large and varied number of encryption devices in use, a scalable certificate provisioning protocol is critical to the migration to next generation encryption (CESG PRIME). Cisco’s release of its EST code into the open source community will facilitate rapid adoption by the PSN community. With the release of this code, other vendors will be able to accelerate their adoption of EST and this in turn expands the choice of encryption solutions available to public sector organizations.”
This is an overview of what we can do with EST, and we’re just getting started. We have started to build libraries to incorporate EST into Cisco products, which will likely begin later this year or early next. Stay tuned for additional updates over the coming months.
Tags: cybersecurity, ECC, encryption, EST, NGE, security
Editor’s Note: This is the final installment of a four-part series featuring an in-depth overview of InfoSec’s (Information Security) Unified Security Metrics Program (USM). In this blog entry, we discuss some of the lessons learned during the program’s first year.
Winter weather in the North Atlantic Ocean can be precarious at best. Anyone recall the ill-fated journey of the RMS Titanic? Icebergs pose significant risk because only 10 percent can be seen above the surface, while more than 90 percent remain hidden below. Similarly, metrics and numbers on a chart represent only the tip of an iceberg. Rich, meaningful, and actionable data exists below the surface and, when leveraged successfully, can drive great results and outcomes. During the past year, the USM program has embarked on some new, uncharted waters. The journey hasn’t always been easy, but we’ve learned some valuable lessons along the way.
Read More »
Tags: infosec, Partner Security Architects, security, Security Knowledge Empowerment, Service Security Primes, SKE, unified security metrics program, usm