A couple weeks ago, we spoke about the mobility journey and the phases that organizations take as they embrace the widely accepted mode of mobility—Beyond BYOD to Workspace Mobility (device-focus, application-focus and experience-focus). Whatever phase your organization is in, security is a top priority. These phases can help determine your secure mobility approach but your risk aversion level will also define it. Whatever your risk tolerance, the mobile threat landscape is extremely active and clever—do not underestimate it.
The dynamic nature of mobile threats does not stop by simply entering from your mobile device but it can further propagate and manifest across the network, wired devices, virtual, cloud and data center environments. So your secure mobility approach must be non-stop, continuous and pervasive—end to end. To hinder the chance of threat damage or inappropriate access whether intentional or not, one must offer comprehensive secure mobile access controls at the access layer across each phase of an attack, before, during and after.
Read More »
Tags: ATP, Black Hat, data protection, enforcement, MDM, secure mobility, SIEM, threats
Let me tell you a little about a country I’d not been to before until recently: Chile. Beyond its abundant natural resources and terrific terroir for wine grapes, Chile has become a hub for banking and retail companies with operations that span Latin America. Through the continued growth of business and the Chilean public sector and government leadership going through a period of change, Chile continues to adopt cutting edge technology to become more connected. In short, Chile is quite amazing.
Read More »
Tags: cybersecurity, globalization
Takedowns of prolific spam botnets, such as Rustock in 2011 and Grum in 2012, had a substantial effect on reducing overall global spam volumes. This, combined with diminishing returns for spammers sending via bots, had left many email recipients basking in the comfort of (mostly) clean inboxes. No doubt this downward trend in global spam volumes also saved countless dollars that would have otherwise been frittered away on phony university degrees, suspect weight loss products, and erectile dysfunction medication.
Unfortunately, however, the good times seem to be coming to an end. Spam volumes have increased to the point that spam is now at its highest level since late 2010. Below is the graph of global spam volume as reported by Cisco SenderBase. From June 2013 to January 2014, spam was averaging between 50-100 billion messages per month, but as of March 2014 volumes were peaking above 200 billion messages per month–more than a 2X increase above normal.
Read More »
Tags: CBL, SenderBase, spam
The Insider Lifecycle
Traditional security is designed to keep outsiders from getting in. What happens when the enemy is an insider? A new paradigm must be explored, where the focus needs to shift inward and how data is going outbound.
Identifying anomalies in data exfiltration is critical to how to spot the insider. The insider has a typical lifecycle:
1. Identify places where sensitive data is store
2. Retrieve the data from the location
3. Move the data within the organization to prepare for exfiltration
4. Transfer the data outside the organization
Arguably, the weak points of this chain of events occur in steps 1, 2, and 4, where the insider must go through funnel points—near the data and at a public outbound connection.
Things to Look For
In almost all cases of data theft, the insider had access to the data, but in many cases, the insider’s role would have been suspect when considering the data they were accessing. Consequently, role should be examined for the end user in the context of data they are accessing.
Read More »
Tags: compromise, espionage, exfiltration, insider, insider threat, intellectual property, security, Sensitive data, threat
Interested in learning more about the Cisco IoT Security Grand Challenge? Plan to attend a free one-hour webinar at 12 p.m. EDT Wednesday, May 7. Cisco Futurist Dave Evans and Dr. Tao Zhang, Chief Scientist for Smart Connected Vehicles at Cisco, will talk about why the Challenge is so important to the future of IoT, and answer any questions you may have.
Read the full blog for more information.
Tags: cyber security, Internet of Everything, internet of things, IoE, IoT, IoT Security, network security, security