To help kick off 2015 with new insights in the world of attackers, users, and defenders, we analyzed a significant amount of 2014 security data telemetry from our global customer footprint. We took this data and distilled it into a comprehensive report for you to leverage and are proud to announce that today, we released Cisco’s 2015 Annual Security Report.
Cisco released its first Annual Security Report back in 2007. More recently, to capitalize on our growing ability to view a greater volume of threats in real-time from a greater number of sources, we began to publish a Midyear Security Report as well. While the macro trends remain mostly constant, the data and research in each report highlights how rapidly attackers can innovate malicious activity to exploit new gaps in defenses. The new methods we see in the most recent report certainly show the continued trend of attackers growing smarter and using more nefarious methods to accomplish their goals and hide their tracks. Sometimes, innovative methods include simply bringing old methods back as defenders focus on other areas and as vulnerabilities still exist. In any case, no report is the same as the last and we continue to have our work cut out for us to improve the state of things. Cybersecurity in any organization, no matter what the purposes, needs everyone. “All hands on deck” should be the new corporate security mantra.
Some quick facts about the report: the Cisco 2015 Annual Security Report examines the latest threat intelligence gathered by Cisco security experts, providing industry insights and key findings that reveal cybersecurity trends for 2015. There is a special focus on attackers, users, and defenders and the gaps that lie in between. The report also highlights results from our Security Capabilities Benchmark Study that examines the security posture of enterprises and their perceptions of their preparedness to defend themselves against cyber attacks. Geopolitical trends, global developments around data localization, and the importance of making cybersecurity a boardroom topic are also discussed.
To help bring the key highlights to life and give depth of insight about the contents of the report, I participated in an interview session with Brian Remmel and spoke about the findings. Check it out, download the report and let us know what you think.
May 2015 be better than 2014.
Tags: 2015 annual security report, CASR
Enterprises use Cisco ISE for securely granting access to visitors and on-boarding employee-owned devices over Wi-Fi. Portals for users to gain access are becoming more advanced and the next step is for most customers to create a richer customized experience to:
Promote your brand to guests:
Provide fresh information to employees:
Advertise special events, promotions and offers:
While, the latest Guest capabilities in ISE, including a brand new portal design tool, provide a simple way to add a customized portal in minutes, a lot of companies want more advanced customization like changing banners or adding “revolving” announcement updates on the fly. The problem is that most IT personnel are often overloaded with other projects or don’t have the expertise in advanced web design that includes knowledge of HTML, JAVA, CSS expertise to create and refresh these portals. Wouldn’t it be nice to have a way to create more professional looking and customized pages, but with a simple drag-and drop interface that bridges the gap between spending thousands of dollars in development and very basic portal building? Why hasn’t anyone come up with a way to address that middle-ground between complicated and expensive web design tools and/or contractors to go beyond simple portal building for guest access and onboarding mobile devices? Stay Tuned!
Tags: ISE, secure mobility
New year predictions generally take one of several forms: broad generalizations about multi-year trends, guesses about what might happen, or overviews of recent events disguised as predictions. The first is too easy, the second—going out on a limb—risks missing the mark so badly as to be useless. So I will go with the third choice in the hope that, by calling out some of the common threads running through major stories of 2014, we can take some cues for the future.
Read More »
Tags: cybersecurity, geopolitical, security, trends
This post was written by Yves Younan.
Microsoft’s first Update Tuesday of 2015 is pretty light, there’s a total of eight bulletins, all covering a single vulnerability. Seven of these bulletins are rated as important and just one is rated critical. No bulletin for IE is being released this month. Two of the vulnerabilities were publicly disclosed prior to today, while another one was being actively exploited by attackers.
Microsoft made a number of changes to Update Tuesday last month, such as dropping deployment priority in favor of their exploitability index (XI). This month more changes were made to the program: Microsoft is no longer providing their Advance Notification Service (ANS) to the general public, but is instead only providing it to premier customers.
Read More »
Tags: 0-day, coverage, ms tuesday, rules, security, Talos
IT-Harvest, founded by renowned security expert and industry analyst Richard Stiennon, provides reports, analysis, and advisory services on trends in emerging threats and the technology to counter them. Richard Stiennon is one of the most followed and well-respected IT security analysts and authors in the world. His recent white paper discusses why network segmentation is becoming increasingly critical to protecting networks. Further, it argues that Cisco TrustSec provides the right technology for leveraging the network to provide better security. Read More »
Tags: Cisco TrustSec, security