As IT organizations look to the cloud to become more efficient and achieve the agility their business demands, one of the biggest security challenges they typically face is right at the heart of any enterprise – the data center. In cloud environments, where applications have to be location-independent and mobile, it can be overwhelming to manage traffic that needs to go to specific security services when you have applications that are mobile, but physical security that’s not. To secure these virtual and mobile applications, a new security framework must be deployed – one that works equally well within the physical and virtualization layer of the data center, and addresses additional requirements of scalable, multitenant environments. Read More »
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release sees a total of 8 bulletins being released which address 45 CVE. Two of the bulletins are listed as Critical and address vulnerabilities in Internet Explorer and Windows Media Player. The remaining six bulletins are marked as Important and address vulnerabilities in Microsoft Office, Windows Kernel, Active Directory, Microsoft Exchange Server, and Microsoft Common Controls.
The rapid expansion of connected devices is a double-edged sword for businesses. On one hand, mobility, cloud, and BYOD innovations enable unprecedented flexibility, collaboration, and ease of access for employees. Fifty percent of employers will adopt BYOD policies by 2017, and 90 percent of American workers are already using their own smartphones for work. But this flexibility comes with a cost: as endpoints multiply, controlling network access becomes increasingly difficult. The vast majority – 90 percent – of organizations lack full awareness of all of the devices accessing their network. At the same time, insiders perpetrate 34 percent of all cybercrimes highlighting the key role of identity access management in maintaining a strong cybersecurity posture.
The digital economy and the Internet of Everything (IoE) are creating a host of new opportunities. With as many as 50 billion connected devices by 2020, this wave of digitization will spell new opportunities for organizations and governments and the consumers and citizens they serve.
Yet, the more things become connected, the more opportunities exist for malicious actors as well. We are now dealing with a new world where more and more devices are creating a broader and more diverse attack surface that can be exploited.
Attackers are becoming stealthier, better organized, collaborating extensively, and are well resourced. According to the Cisco 2015 Annual Security Report, malware is becoming increasingly sophisticated and elusive. Since 2009, we have seen a 66 percent compound annual growth rate of detected security incidents.
In order to respond faster to threats and achieve better outcomes requires a tightly integrated security architecture that is as pervasive as the devices and services we are protecting. For this reason, we believe that the most effective way to confront these challenges is to evolve to an approach that extends security everywhere – both embedded into the intelligent network infrastructure and pervasive across the extended network – from the service provider to the enterprise network infrastructure, data center, IoT, cloud and endpoint. This is essential to protect today’s wide array of attack vectors while positioning security to act as a growth engine to enable companies to seize new business opportunities.
The topic of cybersecurity has become so ubiquitous that it’s almost a daily occurrence to read or hear about security breaches in the news. Cisco understands this paradigm shift within the nature of computing, that the Digital Economy and the Internet of Everything now requires what we are calling Security Everywhere. Security has to span the extended network in order to protect against an ever growing array of attack vectors. Scott Harrell, Vice President Product Management has written a more detailed blog about this specific topic here .
The key point to note about Security Everywhere is that organizations are under unrelenting attack and breaches are happening every day. Attackers have also created sophisticated malware that can be launched into the network, gather information to intelligently understand exactly what, when and how to attack and then launch an extremely surgical and devastating attack against the network. Our Cisco 2015 Annual Security Report is an excellent resource for detailed research about the nature and frequency of attacks against the enterprise.