Cisco Blogs


Cisco Blog > Security

Active Threat Analytics: Easing the Burden of Threat Management

In Greek mythology, Sisyphus was a trickster king cursed with the eternal torment of fruitless labor. As punishment for his hubris and wile, Zeus condemned this hapless figure to the unending task of pushing a boulder up a mountain. Once he reached the top, the boulder would fall back down. And he would begin again. And again. Every day. Forever.

I suspect that it will not be a great imaginative leap for those of you in the in the information security industry to empathize with this unfortunate soul. Cyberattacks are continuously growing in frequency and sophistication. Threats are ever-present. New technologies and changing business models are always forcing you to change your tactics. Protecting your organization’s sensitive information seems like a Sisyphean undertaking: constant and unceasing.

I hear this from our customers all the time. IT security feels like an uphill battle, and the struggle to guard against ever-evolving threats seems interminable. As innovative social, mobile, analytics, cloud, robotics, and Internet of Everything (IoE) technologies transform every organization into a digital organization, the prospect of maintaining a strong security posture amid such rapid and widespread change can be daunting. We hear you, we get it, and we are ready to help. Just as Cisco is helping organizations become digital, we are also deeply committed to ensuring that security is the bedrock upon which the successful digital enterprises of the future will stand. For that to happen, organizations will need security solutions designed for the world of tomorrow. To help organizations transform securely, we have created Cisco Active Threat Analytics – a suite of next-generation managed security services that will help customers to detect threats in their environments with great speed, accuracy, and focus.

Read More »

Tags: , , , , , , , , , ,

Cisco Identifies Multiple Vulnerabilities in Network Time Protocol daemon (ntpd)

Cisco is committed to improving the overall security of the products and services our customers rely on. As part of this commitment, Cisco assesses the security of software components used in our products. Open source software plays a key role in many Cisco products and as a result, ensuring the security of open source software components is vital, especially in the wake of major vulnerabilities such as Heartbleed and Shellshock.

In April 2014, the Linux Foundation spearheaded the creation of the Core Infrastructure Initiative in response to the disclosure of Heartbleed with the goal of securing open source projects that are widely used on the internet. As a member of the Linux Foundation Core Infrastructure Initiative (CII) Steering Group, Cisco is contributing to the CII effort by evaluating the Network Time Protocol daemon (ntpd) for security defects. ntpd is a widely deployed software package used to synchronize time between hosts. ntpd ships with a wide variety of network and embedded devices as well as desktop and server operating systems, including Mac OS X, major Linux distributions, and BSDs.

Today, in coordination with the NTP Project, Cisco is releasing 8 advisories for vulnerabilities that have been identified by the Talos Group and the Advanced Security Initiatives Group (ASIG) within Cisco. These vulnerabilities have been reported to the NTP Project in accordance with Cisco vulnerability reporting and disclosure guidelines. The NTP Project has responded by issuing a Security Advisory along with releasing a patched version of ntpd. The following serves as a summary for all the advisories being released. For the full advisories, readers should visit the Vulnerability Reports page on the Talos website.

 

Read more >>

Tags: , , , ,

Dangerous Clipboard: Analysis of the MS15-072 Patch

This post was authored by Marcin Noga with contributions from Jaeson Schultz.

Have you ever thought about how security researchers take a patch that has been released, and then reverse it to find the underlying security issue? Well, back In July Microsoft released security bulletin MS15-072, titled: “Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392)”. According to Microsoft, this vulnerability “could allow elevation of privilege if the Windows graphics component fails to properly process bitmap conversions.” Talos decided to have a deeper look at this vulnerability in order to better understand it, and this post describes the details of this process so that our readers may gain a better understanding of how this is done.

To read the full post, please visit the talosintel.com blog by clicking here.

 

Tags: , , ,

Cisco Next Generation Encryption and Postquantum Cryptography

Cisco developed Next Generation Encryption (NGE) in 2011. NGE was created to define a widely accepted and consistent set of cryptographic algorithms that provide strong security and good performance for our customers. These are the best standards that can be implemented today to meet the security and scalability requirements for network security in the years to come; or to interoperate with the cryptography that will be deployed in that time frame. Most importantly, all of the NGE algorithms, parameters, and key-sizes are widely believed to be secure. No attacks against these algorithms have been demonstrated.

Recently there has been attention on Quantum-Computers (QC) and their potential impact on current cryptography standards. Quantum-computers and quantum algorithms is an area of active research and growing interest. Even though practical quantum-computers have not been demonstrated until now, if quantum-computers became a reality they would pose a threat to crypto standards for PKI (RSA, ECDSA), key exchange (DH, ECDH) and encryption (AES-128). These standards are also used in Cisco NGE.

An algorithm that would be secure even after a quantum-computer is built is said to have postquantum security or be quantum-computer resistant (QCR). AES-256, SHA-384 and SHA-512 are believed to be postquantum secure.

Read More »

Tags: , , ,

What’s in Your Network? Verifying Trust with Integrity Verification Service

As we continue to observe National Cyber Security Awareness Month, it’s time this week to think about integrity verification and what it means for your network and your organization.

As today’s network threats increase in sophistication, the resulting risks to a business’s or government agency’s network may go undetected for days, months or even years. According to the Ponemon Institute’s 2015 Cost of Data Breach Study, malicious attacks take an average of 256 days to identify.

The same network that is also at the heart of nearly every business today is also the critical foothold for IT teams to deal with those threats before, during and after the attack. Ensuring the integrity of network hardware and software is a critical first step in ensuring that IT systems are built with a foundation of trust. Non-genuine or suspect networking hardware and software are serious threats to network robustness, its role as a critical piece of the security of your organization and ultimately, your business.

The realities of today show that the network infrastructure itself is also a target of the increased sophistication of threat actors. We’ve talked about both the evolution of those threats and the important role modern technologies have in providing robust defenses to the infrastructure itself. The ability to confirm the trustworthiness of the backbone of your business – the network – is a critical component to verifying the trust you place in it, and is based on explicit facts.

Read More »

Tags: , ,