Organizations are quickly discovering that a “one size fits all” approach to security across the network falls short of addressing the unique trends in the Data Center. So what’s really that unique about the Data Center (DC)? This is a multi-part blog to highlight various trends related to securing the DC, with Part One focusing on traffic trends.
April kicked off with a 1:292 rate of malware encounters and closed with a rate of 1:315. Highest peak day was April 20 when the rate reached 1:177. Lowest was April 4 at 1:338. The median rate of web malware encounters in April 2014 was 1:292, representing a slight improvement over the median of 1:260 requests in March but still worse than the median of 1:341 requests in February.
This blog will suggest a change of strategy in how we address the threat of cyber espionage. One which leverages traditional tactics of counter-intelligence and uses a new approach different than the Lockheed Martin Cyber Kill Chain approach to security, which seeks to disrupt the chain of attack as quickly as possible. Rather than simply cut off an attack, a method of intelligence gathering before stopping the event is proposed, without leaking sensitive information. Often these same approaches can discover yet unknown activities.
The city in the forest—Atlanta, Georgia—extended a double dose of Southern charm to Cisco in April by awarding two prestigious information security industry awards at the 2nd Annual CSO40 Awards. The awards program recognizes projects and initiatives demonstrating innovative use of security in delivering outstanding business value.
Top honors went to the teams representing Cisco’s Enterprise ACL Management (EACLM) and Unified Security Metrics (USM) projects. Team members included: EACLM – Mark Sullivan, Network Engineer and Oisin MacAlasdair, Technical Staff and Security Prime for networking; USM – Gerwin Tijink, Information Security (InfoSec) Architect, Hessel Heerebout, USM Program Manager, and Ranjan Jain, IT Architect and Security Prime.
This post is co-authored by Andrew Tsonchev, Jaeson Schultz, Alex Chiu, Seth Hanford, Craig Williams, Steven Poulson, and Joel Esler. Special thanks to co-author Brandon Stultz for the exploit reverse engineering.
Silverlight exploits are the drive-by flavor of the month. Exploit Kit (EK) owners are adding Silverlight to their update releases, and since April 23rd we have observed substantial traffic (often from Malvertising) being driven to Angler instances partially using Silverlight exploits. In fact in this particular Angler campaign, the attack is more specifically targeted at Flash and Silverlight vulnerabilities and though Java is available and an included reference in the original attack landing pages, it’s never triggered.