Cisco Blogs


Cisco Blog > Security

Secure Access for the Real World, Really?

Yes, really. I just got back from Cisco Live! Milan where Chris Young, Senior VP at Cisco, spoke to the Cisco security story, Intelligent Cybersecurity for the Real World. The Cisco security strategy addresses many security challenges across a range of attack vectors (network, endpoint, mobile devices, cloud, or virtual). It covers the entire attack continuum with point-time solutions and dynamic analysis of real-time security intelligence. This reduces the security gaps and minimizes the complexity. Not many network providers or pure security players can make this claim. Ask your secure access provider, how do you address the access to the broad range of threat vectors? And when a threat comes in how do you manage it? Read More »

Tags: , , , , ,

Cisco Hosting Amsterdam 2014 FIRST Technical Colloquium

The registration is now open and there is still time left to respond to the call for papers for the upcoming FIRST Technical Colloquium April 7-8, 2014. Please contact us at amsterdam-tc@first.org for speaker engagements. The event already has an exciting preliminary program covering:

  • Savvy Attribution in the DNS – Using DNS to Geo-locate Malicious Actors
  • Beyond Zone File Access: Discovering interesting Domain Names Using Passive DNS
  • DNStap: High speed DNS logging without packet capture
  • CVSS v3 – This One Goes to 11
  • Securing the Internet Against DDoS Attacks
  • Threat Actor Techniques
  • Mitigating Attacks Targeting Administrator Credentials in the Enterprise
  • Hardware: The root of trust in the cloud
  • Targeted attack case study
  • What does an enterprise monitor for targeted attacks? – CSIRT Playbook II
  • Security uses for hadoop & big data
  • OpenSOC
  • Using HBASE for Packet capture

And many more current issues facing the incident response community. Learn how organizations operationalize intelligence to mitigate and detect advanced threats.

The event’s line-up includes so far already notables from Cisco Security Intelligence Operations (SIO), Symantec, Vrije Universiteit Amsterdam and Farsight. Looking forward to A great TC!

Tags: , , , , , ,

Email Attackers Tune Pitch for Wide Appeal

In recent weeks, the volume of malicious email carrying attachments has increased substantially. To entice recipients into opening those attachments, attackers are employing pitches across a wide range of subjects.  In doing so, they are defeating the often doled out advice to not open attachments in email received unexpectedly.

One of the more striking examples of this is malicious email exploiting bad economic conditions, job loss, and potential loss of home. The combined legal and job categories comprised 33% of malicious email attachments over the past two weeks, with pitches ranging from bogus employment opportunities to court summons for evictions due to overdue payments.

MalEmlCatAll

Other legal-oriented email includes warnings of illegal use of software, copyright infringement, and criminal complaints for alleged non-payment of accounts.

LegalTypes

Assuming you were in dire financial straits, it’s not difficult to imagine you would react to an eviction notice such as the following:

Read More »

Tags: , , ,

Safety first, business second, security none?

Based on 25 years of professional experience in various businesses around the globe, I can say that many industry verticals have a pretty good state of safety culture as it relates to the health and safety of their employees.  This is especially true for companies involved in high-risk businesses such as oil and gas, (nuclear) energy, manufacturing, chemicals, food processing, and so on.  In such industries, it is pretty clear that there is a risk that something may blow up, hurt, or even kill people.

However, it seems that the next big driver for them is business alone, and they are not as focused on information or IT security when it comes to the logic side of security like bits and bytes, document handling of confidential information, and similar subjects.  This is in stark contrast to their keen attention to physical safety and security issues.

It would seem intuitive that any organization with  a commitment to safety by counting (and incentivizing) the hours (days, weeks, months, …) of safety-incident-free time should also be easy to convince that taking a similar approach to information security would be a good thing. But it is not that easy.  Operations in these businesses are very physical, so it is not really in the mind-set of a rig guy or gal, a welder, a component mixer, machine operator, or similar, that another devastating incident (attack) could happen from “within” the system(s), by a human adversary committed to do harm in the interest of their nation state or paying agent.  All those systems in the above mentioned industries that are working at the process level (sensors/actuators, process control, SCADA (supervisory control and data acquisition) are designed for efficient and effective, good performing, and reliable operation, but they were not really designed and built to resist logic attacks from a human smart guy who can outsmart almost every defense.

In industrial networks, spanning the areas of instrumentation, control bus, operations, business, or enterprise, the often cited Purdue reference model that provides for several “levels” or “zones” of abstraction and segregation can be used.  A really good introduction can be found in the Secure Data Transfer Guidance for Industrial Control and SCADA Systems.

The main security points to address are:

Tags: , , , , , ,

Cisco Live! Milan Session Videos and Documents Now Available!

Cisco-Live_resizeIf you were unable to attend Cisco Live! Milan, or weren’t able to attend all the sessions that interested you, Cisco has made the session videos and PDFs available on the Cisco Live! website. More videos are being added daily and all should be available by February 22, 2014.

The Cisco Live! website maintains a large on-demand library with presentations and video recordings from Cisco Live! events hosted from 2011 to present. After registering, anyone can view the presentations and embedded videos at their leisure. Your Cisco Live! account is not tied to your Cisco.com account, so those credentials will not work!

Exciting new announcements are made regularly at Cisco Live! In Milan, Chris Young, Senior Vice President of Cisco Security, took the opportunity to share that Cisco was opening up it’s TrustSec capabilities to other vendors. In his blog post, Kevin Regan highlights what this means to the community. Read More »

Tags: , , , , ,