Cisco Blogs


Cisco Blog > Security

Part 1: Why Is Enabling Only Authorized Users So Complex?

In the past, a critical component of preventing threats was understanding and controlling network access and access to network resources based on role, while also denying access for unauthorized users and devices.

However, assuring this secure network access has been increasingly difficult due to:

  • Complexity in understanding more than just who, but how, by what, when and from where users and devices attempt to access network resources
  • Complexity in connecting authorized users to needed services with the explosion of both on premise and remote devices used by a single user
  • Complexity in evolving network architectures where networks have become more “flat” and difficult to manage from a security standpoint
  • Complexity in unifying the number of disparate security systems that need to be configured, managed and visualized

These various aspects of security complexity challenge security practitioners with delivering the right services and purchasing the right solutions to not just handle the complexity, but also reduce it. However, when we take a look at IT security spending, where does the majority of investment go and where do most vendors siphon their money to and why?

If you look across the entire attack continuum, there are three phases that people need to focus on when dealing with threats and attacks: before an attack happens, during the time it is in progress, and even after the damage is done. To properly protect against threats in all stages, organizations need to reinvestigate their security to gain visibility and control across these three phases in order to truly reduce risk.

Read More »

Tags: , ,

Threat Spotlight: “Kyle and Stan” Malvertising Network 9 Times Larger Than Expected

This post was authored by Armin Pelkmann.

On September 8th, Cisco’s Talos Security Intelligence & Research Group unveiled the existence of the “Kyle and Stan” Malvertisement Network. The network was responsible for placing malicious advertisements on big websites like amazon.com, ads.yahoo.com, www.winrar.com, youtube.com and 70 other domains. As it turns out, this was just the tip of the iceberg. Ongoing research now reveals the real size of the attackers’ network is 9 times larger than reported in our first blog. For more details, read the Kyle and Stan Blog.

The infographic below illustrates how much more of the malvertisement network was uncovered in comparison to our first assessment. We have now isolated 6491 domains sharing the same infrastructure. This is over 9 times the previously mentioned 703 domains.  We have observed and analyzed 31151 connections made to these domains. This equals over 3 times the amount of connections previously observed. The increase in connections is most likely not proportional to the domains due to the fact that a long time that has passed since the initial attacks.

img_new_numbers

The discovery difference from the previous blog to this one in raw numbers. With more than 3-times the now observed connections and over 9-times the revealed malicious domains, this malvertising network is of unusually massive proportions.

Read More »

Tags: , , , , , , , , , , , , , , , , , ,

Evolving the Next-Generation Firewall: The Importance of Being Platform-Based

Why is platform-based a key imperative for next-generation firewalls (NGFWs)? In our previous blog posts, we outlined what it means to be threat-centric, integrating best-in-class security layers with shared intelligence across all layers to combat advanced multi-vector threats.

Multiple point products create considerable management complexity and cost for IT staff who are under tremendous pressure to efficiently manage IT environments, keep operational costs low, and maintain the best defenses to keep pace with the dynamic threat landscape.

To protect extended networks, the idea of being platform-based entails delivering a more effective yet simplified architecture with fewer security devices to manage and deploy. Unifying security layers in a single device not only closes gaps that attackers exploit but this architecture also reduces cost and complexity in a number of ways.

Read More »

Tags: , , , ,

Mobile Cloud Security: What CXOs Need to Know

As organizations seek ways to maintain real-time connections with their workforce and customers in an increasingly digital and mobile-centered world, the growth of mobile cloud will be a major force in shaping the business landscape and future tech decisions. The first blog post in this series, by Padmasree Warrior, explores how the convergence of mobility and cloud will deliver unprecedented transformation for all organizations. The second blog post in this series, by Sujai Hajela, answers the question of what mobile cloud really is and how it continues to provide new business opportunities. In the third post, Joe Cozzolino looks at what mobile cloud means for service providers and enterprises. And finally, this post will discuss the need for end-to-end security in a mobile cloud environment.

Mobile cloud services are growing exponentially in both number and scope. According to a report from Smith’s Point Analytics released late last year, mobile cloud services platforms are projected to grow over the next four years from US$579 million to a staggering US$4.4 billion in 2017.

Read More »

Tags: , , , ,

Step Up to a New Standard in Threat Defense

The 135 Spanish Steps are perhaps one of the most popular tourist attractions in Rome—and this in a city where your alternatives include stunning options like visiting the Vatican, the Colosseum or the Trevi Fountain. And yet, a visitor to the Spanish Steps today is first—and ahead of any chance to delve into the rich history or architectural heritage of this monumental stairway—forewarned of the dangers of the omnipresent pickpockets that frequent the area! I bring this up because while European vacations may not always be part of our quotidian routine, our daily lives do involve shopping online, visiting our neighborhood retailer or posting updates on social media. And none of these places post enough warning signs urging us to be wary of the virtual pickpockets, waiting to steal and profit from personal, financial and business information that traverses across thousands of transactions at places we visit in person or on our browsers every single day.

As consumers we may even squeeze by with a bit of a lax attitude, but businesses are only painfully aware of the speed, ferocity and variety with which attackers move to try and gain access to critical business data. Our customers tell us that their cybersecurity teams work tirelessly—but often in reactive mode—to fight against breaches and constantly assess ways to eliminate vulnerable links. Today, we are thrilled to share that we’re stepping up to provide our customers and partners with enhanced capabilities to combat the changing nature of threats. Cisco ASA with FirePOWER Services integrates the proven Cisco ASA 5500 Series firewall with application control, and the industry-leading Next-Generation Intrusion Prevention Systems (NGIPS) and Advanced Malware Protection (AMP) from Sourcefire in a single device, providing integrated threat defense across the entire attack continuum—before, during and after an attack. Read More »

Tags: , , , , , , ,