The growing use of mobility is a new threat vector in the extended network. It’s particularly complex to secure and manage when tablets and smartphones are used for both personal and business needs. The Ponemon 2014 Security Impact of Mobile Device Use by Employees study notes that 66 percent of users download mobile apps without their company’s permission. This downloading behavior increases the attack surface by introducing unapproved or personal mobile applications.
As highlighted in the Cisco Annual Security Report for 2015, mobile applications are a new threat vector that could include malware. The potential for this user-appropriated malware to access corporate resources introduces a lot of new risks that need to be addressed by IT security personnel. At Cisco, we’ve just completed a new integration with Samsung to enable workers to be productive while locking down this expanded attack surface.
Read More »
Tags: cisco annual security report, Cisco Annual Security Report 2015, Cisco AnyConnect Secure Mobility Client, mobile security, mobility, security
This post was authored by Nick Biasini
On January 27th, Talos researchers began observing a new Angler Exploit Kit (EK) campaign using new variants associated with (CVE-2015-0311). Based on our telemetry data the campaign lasted from January 26th until January 30th with the majority of the events occurring on January 28th & 29th.
Read More »
Tags: 0-day, angler, exploit kit, flash, Talos
As recently as 2013, vulnerabilities involving Java appeared to be a favored tool of adversaries: Java was easy to exploit and, and exploits involving the programming language were difficult to detect. However, as reported in the Cisco 2015 Annual Security Report, Java is losing its front-runner position as a favored tool of bad actors looking to breach network security.
The decline in Java’s high profile as an attack vector in 2014 was recorded by Cisco Security Research. Only one of the top 10 most commonly exploited vulnerabilities in 2014 was related to Java (see chart below). In 2013, Cisco tracked 54 urgent new Java vulnerabilities; in 2014, the number of tracked vulnerabilities fell to just 19. We saw a corresponding decline in reports from the National Vulnerability Database (NVD), which includes all reported vulnerabilities: from 309 Java vulnerabilities in 2013, down to 253 in 2014.
Read More »
Tags: 2015 annual security report, attack vector, java, JRE, security, vulnerability
For security strategies to succeed, security needs a seat at the table. In my work as an investigations manager for Cisco, I’ve seen first-hand how much more passion and enthusiasm enterprise leaders will put into security efforts when there is support all the way to the top of the organization.
The Cisco Security Capabilities Benchmark Study, as detailed in the Cisco 2015 Annual Security Report, shows that when there is executive-level responsibility for security, organizations are in a better position to tackle security challenges. As part of the survey, Cisco asked chief information security (CISO) and security operations managers about their views on security readiness. The good news, from my standpoint, is that 91 percent of the security professionals surveyed said their organization has an executive with direct responsibility for security – usually a CISO or CSO. It’s an encouraging finding, because security leaders help define and enforce policies.
Read More »
Tags: 2015 annual security report, CISO, CSO, day-to-day security, Security Capabilities, security challenges
If you read the recently released Cisco Annual Security Report, you will have learned how spammers have adopted a “Snowshoe” strategy, using a large number of IP addresses with a low message volume per IP address, to send spam, preventing some spam systems from sinking the spam. This yielded a 250 percent increase in spam from January 2014 to November 2014. Or, perhaps the fact that malicious actors are using malvertising (malicious advertising) from web browser add-ons as a medium for distributing malware and unwanted applications caught your eye in the report. In order to protect against these types of emerging threats, Cisco showcases its continued thought leadership in email security to offer even greater protection and control across the attack continuum, while also providing additional flexibility for centralized management. Read More »
Tags: 2015 annual security report, AMP, Cisco Advanced Malware Protection, email, email security, esa, ESAV, malvertising, phishing, SMA, Snowshoe, WSAV