Just a few months ago at Cisco Live U.S., we announced both our strategy and several new offerings for Security Everywhere Across the Extended Network. We believe that our vision of delivering Security Everywhere – from the cloud to the network to the endpoint – is essential to reduce risk, gain competitive advantage and make security a growth engine for organizations. Today we are extending Security Everywhere with new capabilities and services that deliver greater visibility, context and control from the cloud to the network to the endpoint, for organizations of all sizes.
Extending Security Deeper into the Network and Endpoints
Employees need access to more enterprise resources from more devices than ever and attacker ingenuity and persistence has reached new heights. As a result, organizations are losing sight of who and what is accessing the network – and the threats that may take hold. Controlling and detecting lateral movement of these threats inside a network is a major challenge most organizations face. Cisco is further improving its market leading capabilities to meet this challenge by simplifying the deployment of software based segmentation, leveraging more of the network’s intelligence, and extending flow based visibility for detecting insider and advanced persistent threats beyond the network to one of the most commonly deployed endpoint agents in the world.
- Cisco Identity Service Engine (“ISE”) 2.0 provides several new capabilities that extend the visibility and control of the network for security. The new integration with the Cisco Mobility Services Engine (MSE) provides geo-location for access control. For example, it can grant specific access to top secret resources required for confidential conversations in the boardroom, but then change that level of access as soon as participants leave the meeting to prevent ongoing access. A new work center for TrustSEC deployments dramatically simplifies the deployment of software based segmentation across the network along with new expanded support for third party network access devices. ISE is also an amazingly valuable source of contextual information for security systems that can help any system execute its role better. With ISE 2.0, we are further expanding our industry leading partner community to include several new vendors including Check Point, Infoblox, and Invincea while expanding partners ability to take real time action in the network with new adaptive network control capabilities to augment the rapid threat containment integrations with Lancope Stealthwatch and FireSIGHT Management Center.
- Cisco AnyConnect, our world-class VPN for secure mobility that is deployed by organizations across the globe, now delivers deep endpoint visibility into application flows, allowing security administrators to extend visibility down to the device and track behavior off and on premise and quickly spot and scope internal threats arising from compromised systems or inappropriate insider behavior.
Extending Security Further with the Cloud
Enterprises of all sizes are adopting the cloud. From productivity to line-of-business to vertical applications, SaaS and public cloud are enabling the Digital Economy. At the same, more than half the employees in the enterprise today are working outside of the network perimeter. To accelerate this transformation, Cisco is extending security further into the cloud with the following new offerings:
Read More »
Tags: #SecurityEverywhere, AMP Threat Grid, Cisco AnyConnect, Cisco Cloud Web Security, Cisco Identity Service Engine (ISE), Cisco Threat Awareness Service, cloud access security, opendns, Security Everywhere
An often overused yarn of our day is that “we live in an increasingly more connected world.” While overused, I can’t think of any better way to describe what Cisco is doing in our security ecosystem with Cisco Platform Exchange Grid (pxGrid). And it has been quite an active first year since release of pxGrid for use in customer deployments, from building an ecosystem of 30 partners to work in multiple security standards groups in the IETF.
Cisco pxGrid is an information grid that security and other IT platforms can integrate with to share relevant contextual information with any other platform connected to it. Cisco platforms can exchange information with Cisco platforms. Partners can exchange information with Cisco platforms. Partners can exchange information with other partners. It is one of the main methods used by technology partners to create use-case focused product integrations within the Cisco Security Technical Alliance Ecosystem Program.
Read More »
Tags: Check Point, ietf, InfoBlox, LogRythm, pxGrid
In a recent post, “Evolution of attacks on Cisco IOS devices”, we discussed how threats against network devices have evolved. There was no evidence that a remote attack vector or vulnerability in Cisco IOS was related to these attacks. This reinforces the value of creating more hardened and resilient systems.
The strategy for creating more secure technology has an unending goal, yet it’s a journey worth sharing.
Much has been written about and shared on our secure development lifecycle and our efforts to ensure security in the supply chain. However, there are two lesser-known initiatives that have had significant impact on Cisco product security: 1) the use of Common Security Modules and 2) sophisticated attack-focused penetration testing.
Read More »
According to the Centers for Disease Control and Prevention (CDC), “If you’re ready for a zombie apocalypse, then you’re ready for any emergency.” While events haven’t yet risen to the level of “zombie apocalypse”, computer attackers are continuing to use their voodoo to zombify Internet domains, and repurpose them for their own heinous crimes.
Image from the CDC’s Zombie Apocalypse preparedness site
Read More >>
Those of us who work in security operations are well accustomed to blind spots. Depending on the size of the network, our security technologies can trigger thousands of security alerts daily. We know from experience that the vast majority of these alerts are false-positives – innocuous activity that behaves a bit funny. But we also know that real threats are hiding in plain sight among the throng, finding safety in numbers. If threats are wolves in sheep’s clothing, false-positives are the sheep masquerading as wolves. How can we know the difference?
We can eliminate a sizable proportion of false-positives with reasonable certainty through investigation, but we struggle to cut this list down to a small number of confirmed threats, and we waste a lot of time chasing wild geese in the process. To hone in on confirmed threats, we need a better sieve for sifting through alerts. Advanced analytics and granular forensic technologies enable overburdened security operations personnel to separate the wheat from the chaff through high-fidelity threat investigation. Using advanced data analytics methodologies enables Cisco Active Threat Analytics investigators to weed out a huge proportion of false-positive alerts with great accuracy, and applying data enrichment and deep packet inspection tools in the threat investigation process equips us to validate confirmed threats quickly. Read More »
Tags: Active Threat Analytics, ATA, full packet capture, pcap, threat detection, threat investigation, threat management