Cisco Blogs

Cisco Blog > Security

Introducing the Cisco Technology Verification Service

Building Trust and Transparency One Step at a Time

Like all successful companies, we listen to our customers and strive to exceed their expectations. Our customers expect us to be trustworthy, transparent and accountable. As a company, there are many ways we are doing just that.

We started this journey more than 10 years ago when, based on customer feedback, we centralized our approach to driving security and trust—not only into our products, but into the very fabric of how we do business. And, we’ve continued to build on these efforts to earn your trust one step at a time. The momentum we’re gaining this year is clear.

In April 2015, we launched the Cisco Trust and Transparency Center, which includes our Transparency Report on Government Requests for Customer Data, articulates our Trust Principles, and provides information about our Trustworthy Systems and processes.

Read More »

Tags: , , , , , ,

An introduction to the new Cisco Network Visibility Flow Protocol (nvzFlow)

As recently announced, Cisco AnyConnect 4.2 extends visibility to the endpoint with the Network Visibility Module (NVM).  Users are one of the most vulnerable parts of any security strategy, with 78% of organizations saying in a recent survey that a malicious or negligent employee had been the cause of a breach.  However, until now, IT Administrators had been blind to user behavior on their devices.  NVM allows you to monitor and analyze this rich data to help you defend against potential security threats like data exfiltration and shadow IT, as well as address network operations challenges like application capacity planning and troubleshooting.

AnyConnect NVM supports the Cisco Network Visibility Flow protocol or nvzFlow for short
(pronounced: en-vizzy-flow).  The protocol is designed to provide greater network visibility of endpoints in a lightweight manner by extending standard IPFIX with a small set of high-value endpoint context data.  Leading IPFIX vendors have begun implementing the new protocol to provide customers with an unprecedented level of visibility.

Read More »

Tags: , , , , , , , , , , , ,

How (not) to Sample Network Traffic

This post has been authored by Karel Bartos and Martin Rehak

The volume of the network traffic has been steadily increasing in the last years. In the same time, the delivery of critical services from cloud data centers has increased not only the volume of traffic, but also the complexity of transactions.

High volumes of network traffic allow the attackers to effectively hide their presence in the background. Moreover, attackers can shift or deceive the internal models of detection systems by creating large bursts of non-malicious network activity. Such activity typically draws an attention of statistical detection methods and is further reported as anomalous incident, while the important, yet much smaller malicious activity would remain unrecognized. To counter this, we need to deploy more sophisticated detection models and algorithms to detect such small and hidden attacks. The increase in volume of the transaction logs also brings computational problems for such algorithms, as they may easily become increasingly difficult to compute on the full traffic log.

Sampling reduces the amount of input network data that is further analyzed by the detection system, allowing the system of arbitrary complexity to operate on network links regardless of their size. However, the use of sampled data for CTA would be problematic, as it negatively impacts the efficacy. CTA algorithms are based on statistical traffic analysis and adaptive pattern recognition, and the distortion of traffic features can significantly increase the error rate of these underlying methods by breaking their assumptions about the traffic characteristics. The loss of information introduced by sampling methods also negatively impacts any forensics investigation.

Read More »

AnyConnect Makes Working From Anywhere Even More Secure

AnyConnect 4.2 adds deeper visibility and control over endpoints and network access

In our mobile, connected world more users are connecting to the corporate network with more devices from more places than ever before. In fact, analysts estimate that this year the average worker will use three personal devices for work purposes – that’s more than 15 billion mobile devices with access to enterprise networks. And the reality is that many of those devices have been compromised; 75 percent of organizations surveyed by Cisco said their mobile devices had been targeted by malware within the past 12 months.

Organizations need to provide secure access to systems and data over a mix of trusted and untrusted networks and personal and corporate-sanctioned devices. Cisco is committed to helping organizations extend security everywhere with an intelligent, seamless, and always-on connectivity experience across the proliferating scope of mobile devices.

Cisco AnyConnect Secure Mobility Client supports context-aware comprehensive security policy enforcement regardless of where the endpoint is physically located. The new Cisco AnyConnect extends security even deeper into endpoints and the network with new capabilities that provider greater visibility to protect what matters most – corporate digital assets.

Cisco AnyConnect, now version 4.2, delivers significant improvements and new features for greater endpoint visibility and control.

Read More »

Tags: , , ,

Gaining Productivity and Peace of Mind: Cisco Cloud Access Security

Cloud applications are revolutionizing the way your employees can do their work. They enable Bring-Your-Own-Device (BYOD), are inherently mobile, can be up and running in minutes, and allow users to collaborate with anyone from anywhere to get their jobs done. It’s no wonder that cloud app adoption is growing at unprecedented rates. According to Forrester, breakthrough productivity gains are expected to drive the cloud app market to reach over $130 billion by 2020. But along with these benefits, cloud apps also carry unseen dangers: data leakage, insider threats, and compliance failures. These risks stem from four challenges that IT administrators face as cloud apps become a standard tool to help employees get their jobs done.

1 – Cloud App Visibility. Because cloud apps are so fast, easy, and affordable to deploy, many IT administrators are facing a problem of Shadow IT – employees using unsanctioned apps and bypassing IT security controls. Even Line of Business heads can approve cloud apps for entire departments to use, rolling out a new tool without the IT team knowing anything about it. Shadow IT inhibits SaaS visibility; IT can’t see which apps are being used so they can’t identify risky apps and are powerless to set informed app controls.

Cisco Cloud Access Security (CAS) provides visibility by presenting a complete list of all cloud apps that employees are using. This is a major step toward solving the Shadow IT problem. But CAS goes even further, providing a risk score associated with each cloud app based on 60+ attributes that are weighted according to the risk profile of the business. A cloud app that is considered “enterprise quality” supports multiple enterprise security requirements. With a complete list of cloud apps and their associated scores, IT administrators can decide whether a cloud app should be sanctioned or should be blocked.

Read More »