Ponemon Institute called 2014 the year of the “Mega Breaches,” which will be remembered for its series of mega security breaches and attacks. These “Mega Breaches” are perfect examples of what is commonly known as Advanced Persistent Threats (APTs). The Ponemon Institute survey asked, among many questions, “When was the breach discovered?” Surprisingly, the results revealed that ONLY 2% of the respondents in the survey discovered their breach within one week of after the incident and a staggering 90% were six months or longer, if at all.
Read More »
Tags: data breach, design guide, Lancope, NGIPS, threat defense
Organizations today have no shortage of challenges when it comes to cyber security and their growing IT infrastructure. Not only is the frequency and sophistication of malware attacks on the rise, but with the proliferation of mobility, BYOD, IoT, and cloud services; the number of entry points an attacker has into the network grows exponentially with them.
Given this landscape we know the most effective way to address these threats is with security offering continuous analysis and retrospective protection that extends across all attack vectors in the extended network. With AMP Everywhere, security is just as pervasive as today’s advanced threats, and thanks to continuous analysis and retrospective protection, our customers gain reduced time to detection.
For the second year in a row, we have third-party validation from NSS Labs that we provide the most effective security available in the market today. Cisco Advanced Malware Protection (AMP) was tested along with seven other vendors and achieved a 99.2% security effectiveness score – the highest of all vendors tested in the 2015 NSS Labs Security Value Map (SVM) for Breach Detection Systems. What I find most interesting and rather disappointing in these results is that Cisco is the only vendor in the test to successfully handle all evasion attempts.
Read More »
Tags: Advanced Malware Protection, AMP, breach detection test, malware, nss labs, Product Analysis Report, Security Value Map, SVM
The well-known Quarry Worker’s Creed, called out in prefaces to books such as “The Pragmatic Programmer” and “Ship While you Sleep”, posits the notion of IT done right as more than simple engineering discipline – good software development, for example, should not “preclude individual craftsmanship”. Drawing parallels to the construction of large cathedrals built in Europe during the Middle Ages, the quarry worker’s creed points out that while generations of builders advanced the state of structural engineering from one decade to the next, the “…carpenters, stonecutters, carvers, and glass workers were all craftspeople, interpreting the engineering requirements to produce a whole that transcended the purely mechanical side of the construction”.
We who cut mere stones must always be envisioning cathedrals, says the Quarry Worker’s Creed, and as companies, cities and countries lean on their IT teams to enable the transformation to digital business, the talented men and women that work in technology are not just builders: they are increasingly artisans and craftsmen – experts in the tools of the trade and also nuanced in navigating the vicissitudes that present themselves in the quest to build and secure the technology that powers the next wave of innovation and growth.
Cybersecurity teams in particular have their hands full today. On one hand there are all the new advances that we often can’t get fast enough: crowd-funded financial services, online education, virtual booking for work spaces, driverless cars – to name just a few. All of these need security be conceptualized and built-in from the beginning (or not, to our peril). On the other hand, their adversaries, the often-elusive hackers are increasingly sophisticated actors, who design malware, tweak code and inject vulnerabilities with the same flair and passion of a renaissance architect. Read More »
Tags: 2015 midyear security report, Cisco Midyear Security Report, MSR, security, services
After several months leading the managed security services portfolio at Cisco, I sat down with the social media team to discuss my path to Cisco, the evolution of the security market, and the future of security. [Note: This is an abridged version of the full interview.]
Q: After nearly 20 years at Symantec, why did you decide to move to Cisco?
TP: Cisco has all of the pieces necessary to solve the biggest security problems facing businesses today and into the future. Cisco’s position in the network, its broad security product portfolio, its strong and continued investment in security, and its pivot toward driving business outcomes and solving customer problems place this company in a unique position to lead the charge toward the next generation of security. As a part of a company that builds the cloud, mobility, collaboration, and Internet of Everything technologies driving change in the security market, we have a unique opportunity to proactively build security services that enable the secure adoption of these innovations. Our ability to integrate with networking technologies and all types of connected devices allows us to feed huge amounts of data from across an entire customer network into our big data platform for detecting, investigating, and analyzing threats. I’m eager to take what I’ve learned throughout 19 years in security and put that knowledge and experience to work in building up Cisco’s resources into a next-level suite of solutions. Read More »
Tags: analytics, Big Data, Cisco Security Solutions, managed security, network security, security, SIEM
This post was authored by Nick Biasini with contributions from Craig Williams & Alex Chiu
Update 8/1: To see a video of this threat in action click here
Adversaries are always trying to take advantage of current events to lure users into executing their malicious payload. These campaigns are usually focussed around social events and are seen on a constant basis. Today, Talos discovered a spam campaign that was taking advantage of a different type of current event.
Microsoft released Windows 10 earlier this week (July 29) and it will be available as a free upgrade to users who are currently using Windows 7 or Windows 8. This threat actor is impersonating Microsoft in an attempt to exploit their user base for monetary gain. The fact that users have to virtually wait in line to receive this update, makes them even more likely to fall victim to this campaign.
Read More »
Tags: CTB-Locker, phishing, ransomware, scam, Talos, Threat Research, upgrade, Windows 10