Cisco Blogs


Cisco Blog > Security

IE Zero Day and VGX.dll

Update 5-1-2014: We can confirm Cisco customers have been targets of this attack. For the latest coverage information and additional details see our new post on the VRT blog.

 The recent discovery of a new Internet Explorer zero-day exploit underlines how exposed web browsers are to vulnerabilities for which a patch is yet to be released. Cisco is aware of the issue and is releasing IPS signature 4256-0 and Snort signatures 30794, 30803 to detect the exploitation of this vulnerability. You can read more details from Cisco here.

Read More »

Tags: , ,

Manage Your Security As Threats Evolve – Continuous Solutions Help Midsize Organizations Adapt to Changing Security Threats

At the recent RSA Conference, I heard an MIT professor quip, “is it safe to keep passwords written on a piece of paper in your wallet?” Kidding aside, most of the mid-market customers I interacted with at RSA—in retail, healthcare, and manufacturing—understood the point. They all had similar security requirements. It was common to hear “we want a security solution that protects our customers, employees, and businesses. Something that’s simple, easy to use, and will protect our intellectual property.”

That’s often easier said than done. Your mid-market company’s security isn’t simply a matter of choosing the right solution. The experience of your IT staff and the way they set your security strategy also has an impact, as we’ve discussed in #ciscomidsize.

Read More »

Tags: , , , ,

Cisco, Linux Foundation, and OpenSSL

The recent OpenSSL Heartbleed vulnerability has shown that technology leaders must work together to secure the Internet’s critical infrastructure. That’s why Cisco is proud to be a founding supporter of the Linux Foundation initiative announced yesterday (April 24th).

The initiative will fund open source projects that are critical to core computing and Internet functions, and Cisco sees security technologies as a fundamental infrastructure component. The first project being considered for funding is OpenSSL. As a longtime contributor to open source and user, we’ve offered code and intellectual property to enhance OpenSSL. We’ve also provided patches and testing results to help address vulnerabilities. Today’s announcement takes that commitment a step further.

We are pleased to help form a critical mass of governance, funding, and focus that will support the output of open source communities like OpenSSL. By working together as an industry, we can expect greater security, stability, and robustness for components that are critical to the Internet.

For more Cisco-specific information on the Heartbleed vulnerability, please visit our event response page and Security Advisory. You may also be interested in our April 23 webinar titled, Heartbleed: Assessing and Mitigating Your Risk.

Tags: , , , , , ,

Mobile Security: Actions Speak Louder than Words

Mobile security is a top concern for IT and business leaders. This guest authored blog series with Dimension Data explores how organizational leaders can work together to mitigate concern and implement clearly defined policies to achieve mobility goals. We are pleased to introduce our guest author Darryl Wilson, Director, Enterprise Mobility for Dimension Data Americas, as the first in this series – Darryl will address how a balanced approach to security can yield better business results. 

didata

 

 

dwilson

By Guest Contributor Darryl Wilson

Director, Enterprise Mobility for Dimension Data Americas

Darryl Wilson has more than 15 years of experience overseeing large scale network communications projects both from a technical delivery and pre-sales perspective. Wilson’s areas of expertise include unified communications, network performance, troubleshooting and optimization.

 

The evolution to a mobile-centric workforce has been relatively short, thanks to an explosion of innovation and emerging mobile and cloud technologies. Just a few years ago, BYOD was a hot topic of conversation and mobile device management (MDM) solutions offered a simple way to secure an influx of devices and users.

However, today we are seeing that the tactical implementation of MDM solutions is not enough to control a multi-device, multi-vendor, and multi-OS mobility landscape. In fact, most of the companies I work with are using solutions that have not been optimized or customized for today’s ever-changing mobile world. In addition, security concerns have left many organizations feeling like they need to choose between control and truly reaping the business value mobility offers.

Cisco_DimensionData#1_4.9.14

For example, in a recent Dimension Data Secure Mobility Survey Report, 79% say mobility is a top priority for their organization. However, the report indicates that a much smaller segment of those IT leaders’ actions back it up. Seventy-seven percent of those surveyed believe data is the greatest concern pertaining to mobility, yet only 55% have a mobility roadmap in place. If securing company data and successfully implementing a mobile policy is of such importance, why aren’t more IT leaders taking strategic action?

Read More »

Tags: , , , , , ,

Summary: The Extended Network Requires Security That’s the Same, Only Different

April 23, 2014 at 6:40 am PST

Information Technology (IT) and Operational Technology (OT) networks have historically been completely separate, with users of each living in blissful isolation. But the Internet of Things (IoT) is changing all of that! In the IoT paradigm, IT and OT professionals will need to work together to drive pervasive security across the extended network. The same security tools will need to be applied consistently across the extended network, but with differentiated policy enforcement to account for differences between the two environments.

Read the full blog post to learn more.

Tags: , ,