It’s no secret that network threats have grown significantly over the past several years – in number, as well as complexity. This growth continues to place an overwhelming burden on IT resources, who have to combat these threats on a daily basis. These guys already have a rough job of just keeping up with the sheer volume and variety of threats … but also making them go through multiple hoops and internal approvals to procure and piece together the solution from different vendors is enough to push a lot of folks over the proverbial edge!
Several of us recently had the pleasure of working with Ann Bednarz from Network World on her feature article, “Inside Cisco Security Intelligence Operations” (SIO). We were all very pleased with the resulting article and her ability to capture and convey the intricacies of Cisco SIO. Considering the size, complexity, diversity, and distribution of the teams and technologies that make up our security operations, we knew that capturing these details and understanding Cisco SIO could have its challenges.
The axiom “Quality, not quantity” has been adopted by everyone from stock pickers to those trying to successfully navigate the online dating scene. Now cybercriminals are also putting this philosophy to practice.
The fundamental shift away from mass spam attacks to more targeted threats with potentially bigger payoffs is top of mind to me. This trend is detailed in a new report by Cisco’s Security Intelligence Operation (SIO).
Specifically on the issue of spam, Cisco’s research reveals that mass spam volumes dropped from 300 billion daily spam messages to 40 billion between June 2010 and June 2011. Although 40 billion is still a huge number, signifying that spam is still an issue, the trend that’s most alarming is the threefold increase in spearphishing and the fourfold increase in personalized scams and malicious attacks such as malware.
Virtualization provides extraordinary benefits to organizations of all sizes. By moving multiple workloads into one physical server, companies have been able to optimize the usage of their data center infrastructure, minimize procurement and operational costs, and increase the overall efficiency of their operations. The growing number of organizations migrating mission-critical workloads to virtual environments has created a critical need to evolve infrastructure security to include these hybrid environments.
The hacker group Anonymous has been in the news recently for a variety of reasons, including WikiLeaks, the HBGary breach, and other things. One recent item was a relatively high-profile defection from the organization, the departure of SparkyBlaze for a variety of reasons, including being “fed up with anon putting people’s data online and then claiming to be the big heroes.”
I run the @CiscoSecurity Twitter feed, so I spend a lot of time on Twitter, and saw that @SparkyBlaze was an active user, so I pinged him with a DM in an effort to get his side of the story. I also wanted to get a glimpse into things on the other side – it is probably in the best interest of everyone in the security industry to have a better understanding of Anonymous and others in the underground hacker community. While the human factors were of some interest, I was also really curious about his take on the state of corporate security and wanted to see what he had in the way of concrete recommendations for organizations wanting to prevent breaches and break-ins.
Some might ask, are we giving an illegal hacker a platform? I would say, no. Sparky himself says it very clearly: “Stay away from black hat hacking. White hat hacking is a lot more fun, you get paid for it, it is legal. A conviction for hacking and leaking a database will affect you for the rest of your life.”