“There is no silver bullet.” That’s one of our favorite sayings at Cisco Security. We use it to convey the point that malware prevention is not 100%. As new attack vectors emerge and the threat landscape evolves, some malware will get through – regardless of which security vendor you choose.
In fact, our recently released 2014 Annual Security Report found that “100 percent of business networks analyzed by Cisco have traffic going to websites that host malware.” Basically, everyone will be compromised to one degree or another.
There are two factors at play. First, as modern networks have expanded and extend beyond the traditional perimeter to include endpoints, mobile devices, virtual desktops, data centers, and the cloud, new attack vectors have emerged. Attackers don’t discriminate and will take advantage of any gap in protection to accomplish their mission.
Second, attackers are focused on understanding security technologies, how they work, where they are deployed, and how to exploit their weaknesses. For example, they outsmart point-in-time defenses – like sandbox technologies that only scan files once – by creating targeted, context-aware malware that can modify its behavior to evade detection and infiltrate the extended network where it is difficult to locate, let alone eradicate.
So what can you do about it? Well, at Cisco we advocate for continuous protection across the entire attack continuum – before, during, and after an attack. We believe security strategies that focus solely on perimeter-based defenses and preventive techniques will only leave attackers free to act as they please, once inside your network.
Read More »
Tags: 2014 annual security report, Cisco Cloud Web Security, Cognitive Threat Analytics, malware
Malware is everywhere and it’s incredibly challenging to combat, using whatever unprotected path exists to reach its target and accomplish its mission.
Malware has become the weapon of choice for hackers. According to the 2013 Verizon Data Breach Investigation Report, of the top 20 types of threat actions last year, malware is the most common method used, followed by hacking and social engineering. Increasingly, blended threats that combine several methods – for example, phishing, malware and hacking – are being used to introduce malware, embed the malware in networks, remain undetected for long periods of time and steal data or disrupt critical systems. More specifically on blended threats, the report tells us that more than 95 percent of all attacks intended for conduct espionage employed phishing. What is more, a prominent recent retail breach began with a targeted email phishing attack that ultimately led to access to payment system data via malware uploaded to PoS systems.
Read More »
Tags: 2014 annual security report, Advanced Malware Protection, Cisco Cloud Web Security, Cognitive Threat Analytics, malware, Sourcefire
In the next few years, there will be more mobile users and more mobile connections than ever:
- By 2018, there will be 4.9 billion mobile users, up from 4.1 billion in 2013, according to the newly released Cisco VNI forecast
- In addition, there will be 10 billion mobile-ready devices and connections, which includes 8 billion mobile devices and 2 billion machine-to-machine (M2M) connections
Are the networks that are in place today able to handle the influx and sophistication of devices and data, or is this wave of technology going to usher in a need for a different kind of network?
I don’t think I’m alone in saying that organizations need a flexible, programmable infrastructure that can expand and contract more readily to their needs, especially in terms of security. A security-centric, programmable infrastructure that detects and responds to emerging threat vectors is essential for organizations to thrive in our hyper-connected era.
However, many business and IT leaders are unsure of what that looks like. How can a programmable infrastructure examine security holistically and gain visibility across the entire cybercrime continuum—before, during, and after an attack?
Read More »
Tags: 2014 annual security report, Cyber Attacks, Fast IT, Future of IT, IoT, Ponemon Institute, programmable infrastructure, security, vni, Watering Hole
Last week, following the release of the 2014 Cisco Annual Security Report, my colleague Levi Gundert and I took questions from you, our partners and customers, about the report and its most interesting findings.
This year’s report highlighted a number of new trends and found unprecedented growth of threat alerts, which reached the highest level we’ve seen in more than a decade of monitoring.
Although the report paints a grim picture of the current state of cybersecurity, we are optimistic that there is hope for restoring trust in people, institutions, and technologies. This must start with empowering defenders with real-world knowledge about expanding attack surfaces. To truly protect against all of these possible attacks, defenders must understand the attackers, their motivations and their methods – before, during, and after an attack.
Here is a link to view the recording of the broadcast. If you have any questions that didn’t get answered, please leave them in the comments, and Levi or I will get back to you.
Tags: 2014 annual security report, asr, cisco annual security report, CSO, cybersecurity, John Stewart, Levi Gundert, Live Social Broadcast, security, skills gap
I spent a good deal of time last week supporting the launch of the Cisco 2014 Annual Security Report. I’m one of the Cisco executive sponsors for the report, which means that while I cannot take credit for writing it, I am significantly involved in setting course, providing advice, and reviewing its findings. The report represents months of collaboration among threat researchers and other cybersecurity experts at Cisco and Sourcefire. Much of the data comes from both our own experience and what we have learned from willing customers. As promised, it provides a “warts-and-all analysis” of security news from 2013 and our perspective for the year. I also commend the writers, editors, and document producers for their hard work, clear thinking, and ability to lead a very complex project over the finish line in good order.
Our report that the cyberthreat and risk landscape has only grown stronger and more complex over the past year is not exactly a revelation, perhaps, but we can perceive some clear trends in the evolution. We now can see that because the cybercrime network has become so mature, far-reaching, well-funded, and highly effective as a business operation that very little in the cybersecurity world can—or should—be trusted without verification.
We also expect adversaries to continue designing campaigns that take advantage of users’ trust in systems, applications, and the people and businesses they know. It’s an effective strategy. How do we know? Because 100 percent of the networks analyzed by Cisco, despite the best efforts of their IT and Security teams, have traffic going to known malware threat sites. Not all traffic going to bad sites means bad things are happening, but as the old saying goes, where there’s smoke there’s usually fire.
The Cisco 2014 Annual Security Report highlights three key challenges organizations will face in the year ahead. These issues are:
- A growing attack surface area: New ways of doing business—such as cloud computing, mobility, and rapid growth in the number of connected devices—are rapidly expanding the attack surface available to cybersecurity adversaries. Adversaries have myriad inroads to bits and pieces of useful information that pave the way to big time pay dirt. Quite often, they have a very easy path from there to the ultimate destination: the data center, where high-value information resides that can be exploited and monetized.
- The proliferation and sophistication of the attack model: Companies have become the focus of targeted attacks that are hard to detect, remain in networks for long periods, and exploit network resources to launch attacks elsewhere. Even basic Internet infrastructure services—including web hosting servers, nameservers, and data centers—have become key targets for hackers who want to launch increasingly larger campaigns.
- Complexity of threats and solutions: Monitoring and managing information security has never been more difficult for security teams. Solutions countering well-understood types of attacks—viruses, worms, data leaks, denial of service, etc.—long relied upon by organizations for cybersecurity, are simply inadequate in today’s complex threat environment where many attacks are not only stealthy, but also relentless.
Just to make things even more difficult, we’ve learned that counterfeit and tampered IT products are a growing security problem. The problem is more serious than phony gear masquerading as premium brand gear. Tampered and bogus goods often include hacker-friendly backdoors and other exploitable weaknesses. Like water pressing against a poorly engineered dam, bad actors will seek out and exploit any security weakness—known vulnerabilities and intentional backdoors—in the technology supply chain.
I’ve written a lot in the past year about what it takes to develop trustworthy systems: building security from the ground up, from the beginning to the end of a product’s life cycle. I’ve also explained how Cisco has invested considerable time, effort, and money in the effort to make our products robust enough for deployment as trustworthy systems. When I talk about trust, my concern goes beyond a narrow focus on our ability to trust technology. Society now depends on information technology to deliver essential services. When that technology ceases to work, or when we can’t trust the services delivered through technology, our social, economic, and cultural fabric unravels.
I wouldn’t be in the security business, however, if I thought the security situation was irrevocably hopeless. As we learn more about how our adversaries work and what they seek to achieve, we improve our ability to limit damage to socially tenable levels. While the Cisco Annual Security Report is a sobering read, it fills me with added determination to contain today’s threats and preempt tomorrow’s traps and pitfalls. I certainly hope it has the same effect on you.
Tags: 2014 annual security report, Annual Security Report, CASR, Cisco, security