Cisco Blogs

Cisco Blog > Security

OpenDNS Introduces IP-Layer Enforcement for Umbrella

Cisco announced on Tuesday that OpenDNS was updating its cloud-delivered network security and threat intelligence solutions, as part of the company’s strategy to provide Security Everywhere across the extended network. Acquired in August, OpenDNS handles nearly 80 billion daily DNS requests and uses its unique view of the Internet to extend security for an increasingly mobile and off-network workforce.

Umbrella, OpenDNS’s cloud-delivered network security solution, already provides advanced threat protection for any device, anywhere, anytime. Umbrella encrypts DNS requests from endpoints and ensures the laptops and mobile devices employees use are not contacting malicious domains. But not all attacks rely solely on domains to communicate and deliver malware over the Internet. That’s why, with this latest announcement, the security service now protects direct IP connections.

Read More »

Tags: ,

Reverse Social Engineering Tech Support Scammers

This post is authored by Jaime Filson and Dave Liebenberg.


A mosaic made up of 1-800 tech support scam websites

The amount of fraudulent actors masquerading as legitimate tech support has been on the rise since 2008. According to David Finn, executive director at the Microsoft Cybercrime Center, tech support scammers have made nearly $1.5 billion off of 3.3 million unwitting victims just this year. These scammers typically convince the victim into allowing them access to his/her computer through remote control applications such as TeamViewer. They then present benign processes as malicious, or at times even spread malware themselves. Afterwards, they charge hundreds of dollars for the service.

There are several avenues through which these scammers reach their victims. One of the most insidious are pop-ups and websites asserting that the user’s computer is riddled with viruses, and that the only way to fix the problem is to call a provided tech support number.

Talos has been monitoring the incessant creation of these fake tech support websites in order to better understand the way in which these scams operate. We decided to call a company ourselves for some reverse social engineering. Our experiment provided some interesting insights into the methods these scammers use to fool their victims as well as the infrastructure supporting their operations. In addition, we discovered a broad New Delhi-based scamming network employing multiple websites and VOIP phone numbers to carry out their duplicitous activities.


Tags: , , , , , ,

ISE 2.0 Extends Greater Visibility, Usability and Control

More employees need access to more enterprise resources from more devices than ever, and attacker ingenuity and persistence have reached new heights. As a result, organizations are losing sight of who and what is accessing the network – and the threats that may take hold. And the problem is only going to grow as 500 billion new devices are expected to be connected to the network by 2030.

How can you protect what you can’t see?

In the face of an ever-increasing number of attack vectors and advanced threats, Cisco is committed to helping organizations extend security everywhere – in effect, to wherever employees are and wherever data is – without sacrificing operational efficiency. Cisco ISE 2.0 extends security further into the network with new capabilities that help you see and control what’s on your network like never before and accelerate threat mitigation.

Introducing Cisco ISE 2.0

The newly redesigned Cisco ISE security management platform provides greater visibility, usability, and control.

Deeper Visibility Provides Superior Network Insight and Control

Expanding ISE’s Reach and Scope within Diverse Network Environments. Customers can now deploy ISE services such as Profiling, Posture, Guest, and BYOD with 802.1x NADs manufactured by non-Cisco vendors. This extends the reach and scope of advanced authorization capabilities in ISE to ensure endpoint compliance across a more varied range of networks.

Access Policy become geo-location driven! Create and enforce access policy controls based on specific geo-location information thanks to the integration with the Cisco Mobility Services Engine (MSE). For example, a healthcare organization can control a doctor’s access to patient records only while in the hospital, a corporation can grant executives’ access to confidential information for a board meeting while only in the board room, a school can control a student’s ability to stream content only when physically inside the classroom.

Read More »

Save money with branch security

Trends like bring-your-own-device, mobility, and cloud computing are creating a surge in the number and types of devices connecting to the network and driving demand for WAN bandwidth. Remote and branch office employees expect fast, secure connectivity but most enterprises don’t have spare operational budget to increase their WAN bandwidth to backhaul all traffic to headquarters in order to keep it secure.

Enter Intelligent WAN, or IWAN. With IWAN, the Internet becomes a reliable, cost-effective way to supplement the WAN. Cisco’s IWAN also enables secure direct Internet access (DIA). Instead of backhauling branch office Internet traffic across the WAN, traffic is redirected to the Cisco Cloud Web Security (CWS) proxy, located in one of our data centers around the world, for inspection.

Now Cisco CWS is available on even more Integrated Services Routers (ISRs) for improved IWAN capabilities and additional deployment flexibility. Enterprises can use Cisco’s newest branch routing platform, the ISR 4000 Series, to redirect traffic to a CWS proxy using Generic Routing Encapsulation (GRE) over IPsec.

Read More »

Tags: , , ,

Extending Security Everywhere

Just a few months ago at Cisco Live U.S., we announced both our strategy and several new offerings for Security Everywhere Across the Extended Network. We believe that our vision of delivering Security Everywhere – from the cloud to the network to the endpoint – is essential to reduce risk, gain competitive advantage and make security a growth engine for organizations. Today we are extending Security Everywhere with new capabilities and services that deliver greater visibility, context and control from the cloud to the network to the endpoint, for organizations of all sizes.

Extending Security Deeper into the Network and Endpoints

Employees need access to more enterprise resources from more devices than ever and attacker ingenuity and persistence has reached new heights. As a result, organizations are losing sight of who and what is accessing the network – and the threats that may take hold. Controlling and detecting lateral movement of these threats inside a network is a major challenge most organizations face. Cisco is further improving its market leading capabilities to meet this challenge by simplifying the deployment of software based segmentation, leveraging more of the network’s intelligence, and extending flow based visibility for detecting insider and advanced persistent threats beyond the network to one of the most commonly deployed endpoint agents in the world.

  • Cisco Identity Service Engine (“ISE”) 2.0 provides several new capabilities that extend the visibility and control of the network for security. The new integration with the Cisco Mobility Services Engine (MSE) provides geo-location for access control. For example, it can grant specific access to top secret resources required for confidential conversations in the boardroom, but then change that level of access as soon as participants leave the meeting to prevent ongoing access. A new work center for TrustSEC deployments dramatically simplifies the deployment of software based segmentation across the network along with new expanded support for third party network access devices. ISE is also an amazingly valuable source of contextual information for security systems that can help any system execute its role better. With ISE 2.0, we are further expanding our industry leading partner community to include several new vendors including Check Point, Infoblox, and Invincea while expanding partners ability to take real time action in the network with new adaptive network control capabilities to augment the rapid threat containment integrations with Lancope Stealthwatch and FireSIGHT Management Center.
  • Cisco AnyConnect, our world-class VPN for secure mobility that is deployed by organizations across the globe, now delivers deep endpoint visibility into application flows, allowing security administrators to extend visibility down to the device and track behavior off and on premise and quickly spot and scope internal threats arising from compromised systems or inappropriate insider behavior.

Extending Security Further with the Cloud

Enterprises of all sizes are adopting the cloud. From productivity to line-of-business to vertical applications, SaaS and public cloud are enabling the Digital Economy. At the same, more than half the employees in the enterprise today are working outside of the network perimeter. To accelerate this transformation, Cisco is extending security further into the cloud with the following new offerings:

Read More »

Tags: , , , , , , , ,