Cisco Blogs


Cisco Blog > Security

Cisco Security Launches New Security-Focused Community

Have threat-centric security questions and don’t know where to turn? Wish you could engage with Cisco Security experts and your peers?  Good news! … (drumroll please)…. introducing the Cisco Security Community!

The Cisco Security Community is expressly designed to connect you with Cisco Security experts and your peers for all your security questions. Further, the Community is focused on helping you discover what’s new in threat-centric security alongside other leading security professionals. Plus, you can browse the latest videos, product information, on-demand webinars, and blog posts in a single location! There are subsections that allow you to subscribe to just the content you want to see – Cisco products and services, and security discipline focused “sub-communities” are just few of the options. Cisco Communities are set up to allow you to personalize your experience.

Take a moment to cruise around and get to know your new community better, bookmark the site, turn on those RSS feeds, and start engaging!

To get you warmed up:

We look forward to working with you to build a great community of members from experts to newer practitioners and high-quality content (with some community-only exclusives). Make sure to connect with me in the community and message any questions you may have!

Tags: , , , , ,

Security Compliance is Necessary for Real-Time Mobile Data Access

August 21, 2014 at 9:00 am PST

As a business or technical leader, you know you need to protect your company in a rapidly evolving mobile ecosystem. However, threats are not always obvious. As malware and attacks become more sophisticated over time, business decision makers must work with technical decision makers to navigate security threats in a mobile world.

This blog series, authored by Kathy Trahan, explores the topic of enterprise mobility security from a situational level and provides insight into what leaders can do now to mitigate risk. To read the first post focused on securing device freedom, click here. The second post, available here, focused on the risks that come with mobile connections. Kathy’s third post explored how to secure mobile data. – Bret Hartman, Chief Technology Officer (CTO) for Cisco’s Security Technology Group

In today’s mobile and cloud-centric landscape, the ability for employees to access data, account information, real-time statistics, and other pertinent information on their personal devices is what it takes to remain competitive in the business marketplace.

And while the rush has been on to empower employees to be able to connect from anywhere, security concerns are topping the “must address” list of enterprises everywhere.

One key concern is the increasing use of mobile devices to access relevant business information. In fact, according to the Cisco Connected World International Mobile Security survey, 63% of users downloaded sensitive data on such devices.

So, in a scenario where a team of sales representatives are updating account profiles by accessing data on their personal devices, IT and business leaders must ask: How secure is the network the team is using to access sensitive company information? Is it possible malware on their mobile devices can gain entry from a public or private cloud to compromise or steal data? Should mobile security policies prohibit certain employees from downloading certain information when they are off-site?

These questions must be answered. Especially since over the next four years, there will be nearly 21 billion networked devices and connections globally. Business Decision Makers (BDMs) and Technical Decision Makers (TDMs), must team up and determine the best mobile security policies that balance productivity and security of sensitive data, notably understanding security threats and establishing access requirements.
Read More »

Tags: , , , , , , , , ,

Cisco 2014 Midyear Security Report: Brush Your Teeth, Change Your Passwords, Update Your Software

Listening to the radio on the way to work recently, I heard that hackers had stolen some 1.2 billion usernames and passwords, affecting as many as 420,000 websites. When asked what listeners could do to protect themselves, the security expert speaking recommended changing passwords.

He did not mention which ones. Indeed, the names of the compromised sites have not even been publicly named for fear of making the problem worse, so there is no way of knowing how to prioritize which passwords to change. Adding to my irritation, I had just changed several passwords in the wake of the Heartbleed/OpenSSL compromise a few months ago. Perhaps like you, I have more than 100 passwords. Changing them all is not really an option. Read More »

Tags: , , , , , , ,

Snowshoe Spam Attack Comes and Goes in a Flurry

This post is co-authored by Jaeson Schultz and Craig Williams.

Every so often, we observe certain spam campaigns that catch our interest. On August 15, we observed a particular spam campaign that caught our attention because it was using “snowshoe” spam techniques combined with PDF exploitation. While neither of these techniques are new, we have seen a growing trend involving snowshoe spam and we wanted to explain why the bad guys seem to be moving in that direction with a real world example. As you can see from the chart below, we’ve seen the amount of snowshoe spam double since November of 2013.

Snowshoe Spam Chart

Snowshoe spam can be a challenge for some anti-spam detection techniques because it typically uses multiple IP addresses with very low spam volume per IP address. Depending on how an anti-spam technology works, this can cause severe problems with detection. Typically technologies that use multiple defensive layers of protection, like Cisco’s ESA, are much more successful at combating snowshoe spam. We’ve previously discussed these tactics in a previous blog post.

Read More »

Tags: , , ,

NSS Labs Report on Cyber Resilience Highlights the Need for a New Approach to Security

A few years ago, a point-product security vendor proudly declared their technology was the silver bullet that stopped ALL security threats from penetrating the corporate network. Many of us in the industry raised our collective eyebrows in surprise at such a bold claim.

While the naive or inexperienced might have believed such an outrageous claim, we all knew there is no such thing as a silver bullet in security and that no matter how cutting edge or sophisticated your security is, attacks will get through and it is onlya matter of time before any organisation is compromised. Read More »

Tags: , , , ,