We’ve been talking for a while about Cisco ACI’s leadership in SDN security features (like here), and in the design of our fine-grained security policy enforcement between individual workloads, sometimes called microsegmentation. Today, here at Interop, Las Vegas, Cisco is reaffirming its thought leadership in data center security and SDN automation with a couple of announcements, including the integration of Cisco FirePOWER next generation intrusion prevention system (NGIPS) into the ACI security framework. In other news, another ACI ecosystem security partner was announced last week at the RSA Security Conference: Fortinet, who will be integrating their Fortigate firewall platform with ACI.
The Cisco ACI + FirePOWER solution enables real-time detection, mitigation and remediation for advanced security threats inside the data center by combining granular application visibility and control, threat detection, advanced malware protection (AMP) capabilities of FirePOWER NGIPS with ACI microsegmentation, advanced security service insertion, and L4-7 policy automation. To quickly summarize how this all comes together and a sample use case for ACI security, we created the following video:
Available in June, 2015, new ACI advanced security works to protect data centers before, during, and after attacks, dynamically detecting threats and automating incident responses. The Cisco FirePOWER family of security appliances consists of industry-leading NGFW, NGIPS appliances offering best-in-class threat effectiveness, superior visibility and global threat intelligence.
FirePOWER + ACI = Automated Security with Advanced Protection Across Attack Continuum for Physical and Virtual
Read More »
Tags: ACI, Advanced Malware Protection, FirePOWER, Fortinet, interop, pci, security
Security is hot topic on everyone’s mind and for IT it is a constant challenge to stay ahead of the latest threats and vulnerabilities that their organizations face on a daily basis. Take a quick look at the news and it won’t take you long to find an article talking about the latest cyber attack that resulted in the leak of personal data. So what can organizations and more specifically IT teams do to protect themselves from threats and vulnerabilities. Personally I don’t think you can protect yourselves from all threats and vulnerabilities. Cyber threats will continue to exist and cyber criminals will continue to develop increasingly sophisticated attacks to evade even the most robust security barriers. Even if you were to isolate your network from the internet an intruder could overcome your physical security and launch an attack from within your organization.
So what can you do to protect yourself? I view security as a way to reduce your exposure to threats and you should at a minimum make sure you have the appropriate security measures in place to reduce your exposure to threats and vulnerabilities. While you may never be able to stay one step ahead of cyber attacks you should be in a position to detects threats and be able to mitigate them as fast as possible to reduce your exposure.
Read More »
Tags: Advanced Malware Protection, AMP, Cloud web security, CWS, DMVPN, firewall, IDS, IPS, ISR 4000, ISR4k, IWAN, routers, security
Advanced malware is dynamic, elusive, and evasive. Once it slithers into the organization’s extended network, it can very quickly proliferate, cause problems, and remain undetected by traditional point-in-time security tools. These tools poll or scan endpoints for malware or indicators of compromise at a moment in time, and then do not evaluate again until the next big scan is triggered.
To prevent a malware intrusion from becoming a full-fledged and costly breach, it is important to catch that malware as quickly as possible. To do that, you need to go beyond point-in-time tools, and instead continuously watch and analyze all file and program activity throughout your extended network, so that at the first glimpse of malicious behavior you can contain and remediate immediately.
Read More »
Tags: Advanced Malware Protection, AMP, APT, Breach, intrusion, malware, security
Today the web is a favorite vector for threat actors to launch their attacks. According to the Cisco 2014 Midyear Security Report, More than 90 percent of customer networks observed in the first half of 2014 were identified as having traffic going to websites that host malware. More recently, Talos uncovered a massive malvertising network known as Kyle and Stan. Some 31,151 connections were observed to the network’s 6,491 domains.
In an effort to continue offering the most comprehensive protection to our customers, today we are announcing several important new features and expanded threat protection for the Cisco Web Security Appliance (WSA).
Read More »
Tags: Advanced Malware Protection, Cisco Advanced Malware Protection, Cisco Identity Service Engine (ISE), Cisco ISE, cisco web security appliance, cisco wsa, security, virtual security management application, web security appliance, wsa
As an IT security practitioner, you have a lot on your plate. Malware attacks are ever present. Hackers are smarter than ever and have the resources and persistence to compromise your organization. The malware being created today is more sophisticated. And the number and types of devices being used in the workplace are expanding, which is increasing the attack surface for malware delivery. With all of these new endpoints being used in the workplace, it’s no surprise that more than 70% of respondents in the 2014 State of Endpoint Risk study by Ponemon say that endpoint security risk is more difficult than ever to manage. Without visibility into potential malicious activity on the endpoints, how are you expected to effectively defend against an attack launched from an endpoint?
Let’s face it: endpoints are everywhere now. The definition of an endpoint has expanded vastly from its first iteration as a tethered desktop computer. We have Windows and Mac laptops; tablets and smartphones; virtual environments; and now even smart watches. We rely on these devices every day. Furthermore, with the advent of the Internet of Everything (IoE), the number and variety of connected devices are set to explode. Cisco estimates that as many as 50 billion devices will be connected to the network by the end of the decade.
The number of attacks targeting these devices is on the rise. In the same Ponemon study, 68% of respondents reported that their mobile endpoints have been the target of malware in the last 12 months. Examples are plentiful. A user with a personal Android phone that has been infected with malware plugs the phone into the office computer to charge it and the malware infiltrates the corporate network. An employee connects their work laptop to their home wi-fi connection and malware lying dormant seizes the opportunity to launch an attack through the back door. Someone surfing the web visits a legitimate website and clicks on an ad that is actually infected. Third-party applications downloaded from seemingly reputable sites can also introduce security risks.
Attackers understand how to exploit these gaps in protection that a proliferation of endpoints can create and work relentlessly to drive their attacks home. Their attacks are dynamic and multidimensional and require continuous scrutiny. As an IT security practitioner, you can’t protect what you can’t see. You need security solutions on the endpoint that couple continuous visibility and control so that you can not only see what’s happening on all of the endpoints on your extended network, but have the power to stop an outbreak quickly if an attack gets through.
Cisco Advanced Malware Protection (AMP) for Endpoints gives you unmatched visibility and control on endpoints, including PCs, Macs, mobile devices, and virtual environments. AMP is continuously monitoring activity on your endpoints, recording everything that it sees, which gives you the ability to roll back time on would-be attackers. When a file starts behaving badly, AMP is there to catch it, and gives you detailed information on how the malware got there in the first place, where it has gone, what other systems have been affected, and what exactly the malware is doing. With this information on root cause and point-of-entry, the complete ancestry and lifecycle of the file, and detailed analysis on the malware’s activity, you can surgically remediate malware from all of the affected areas on your endpoints and extended network. Whether you’re dealing with endpoints connected to a protected network or roaming on public or personal in-home wi-fi, AMP provides you with continuous and integrated detection, response, and remediation capabilities. Download this whitepaper to learn more about a new model to protect the endpoint.
To learn more about AMP for Endpoints, visit www.cisco.com/go/amp
 Cisco Internet of Things: http://www.cisco.com/web/solutions/trends/iot/indepth.html
Tags: Advanced Malware Protection, AMP, security