Cisco Blogs


Cisco Blog > Security

Using Cisco ISE Data to Drive Enhanced Event Visibility in Splunk

Cisco Identity Services Engine (ISE) is commonly associated with use as a network access policy, BYOD and AAA platform. But to do its job in network policy, ISE collects a great breadth of telemetry about network users and devices. Whether a device is trying to access the network or is already connected, ISE knows specifics about:

  • What the device type is (e.g., iPad Air 2 running iOS 8.1.2)
  • How it is connected to the network (e.g., enterprise Wi-Fi)
  • From where (e.g., access point in “California/SanDiego/Building 2/Floor 3/South”)
  • Security and compliance posture of the device (e.g., Antimalware operating and up to date? PIN lock configured?)
  • Who the user is on the device…or if it even has a user (e.g., printer)
  • What policy and AD/LDAP group the user belongs to (e.g., “IT Admin” authorization group)
  • Related session IP address and MAC address

While ISE primarily uses all this telemetry to establish network policies, it also shares it for use by other IT platforms. By doing so, ISE helps these platforms become more identity and device aware and thus more effective in a variety of ways. And this is where Splunk comes in.

Read More »

Tags: , , , ,

Engaging All Layers of Defense: Incident Response in Action

The Cisco 2015 Annual Security Report highlights many creative techniques that attackers are exploiting to conceal malicious activity, often taking advantage of gaps in security programs. They are continually refining and developing new techniques to gain a foothold in environments and, increasingly, they are relying on users and IT teams as enablers of attacks to persistently infect and hide in plain sight on machines.

Given this complex and dynamic threat landscape, organizations need a mature and adaptable incident response process.

Read More »

Tags: , , , ,

All Hands on Deck: Announcing the 2015 Cisco Annual Security Report

To help kick off 2015 with new insights in the world of attackers, users, and defenders, we analyzed a significant amount of 2014 security data telemetry from our global customer footprint. We took this data and distilled it into a comprehensive report for you to leverage and are proud to announce that today, we released Cisco’s 2015 Annual Security Report.

Cisco released its first Annual Security Report back in 2007. More recently, to capitalize on our growing ability to view a greater volume of threats in real-time from a greater number of sources, we began to publish a Midyear Security Report as well. While the macro trends remain mostly constant, the data and research in each report highlights how rapidly attackers can innovate malicious activity to exploit new gaps in defenses. The new methods we see in the most recent report certainly show the continued trend of attackers growing smarter and using more nefarious methods to accomplish their goals and hide their tracks. Sometimes, innovative methods include simply bringing old methods back as defenders focus on other areas and as vulnerabilities still exist. In any case, no report is the same as the last and we continue to have our work cut out for us to improve the state of things. Cybersecurity in any organization, no matter what the purposes, needs everyone. “All hands on deck” should be the new corporate security mantra.

Some quick facts about the report: the Cisco 2015 Annual Security Report examines the latest threat intelligence gathered by Cisco security experts, providing industry insights and key findings that reveal cybersecurity trends for 2015. There is a special focus on attackers, users, and defenders and the gaps that lie in between. The report also highlights results from our Security Capabilities Benchmark Study that examines the security posture of enterprises and their perceptions of their preparedness to defend themselves against cyber attacks. Geopolitical trends, global developments around data localization, and the importance of making cybersecurity a boardroom topic are also discussed.

To help bring the key highlights to life and give depth of insight about the contents of the report, I participated in an interview session with Brian Remmel and spoke about the findings. Check it out, download the report and let us know what you think.

May 2015 be better than 2014.

Tags: ,

Geopolitical Trends in Cybersecurity for 2015

New year predictions generally take one of several forms: broad generalizations about multi-year trends, guesses about what might happen, or overviews of recent events disguised as predictions. The first is too easy, the second—going out on a limb—risks missing the mark so badly as to be useless. So I will go with the third choice in the hope that, by calling out some of the common threads running through major stories of 2014, we can take some cues for the future.

Read More »

Tags: , , ,

Microsoft Update Tuesday January 2015: Another Light Month, No IE Bulletins, More Changes to Reporting

This post was written by Yves Younan.

Microsoft’s first Update Tuesday of 2015 is pretty light, there’s a total of eight bulletins, all covering a single vulnerability. Seven of these bulletins are rated as important and just one is rated critical. No bulletin for IE is being released this month. Two of the vulnerabilities were publicly disclosed prior to today, while another one was being actively exploited by attackers.

Microsoft made a number of changes to Update Tuesday last month, such as dropping deployment priority in favor of their exploitability index (XI). This month more changes were made to the program: Microsoft is no longer providing their Advance Notification Service (ANS) to the general public, but is instead only providing it to premier customers.

Read More »

Tags: , , , , ,