Cisco Blogs

Cisco Blog > Partner

Expanding Security Everywhere and Creating New Opportunities for Partners

As you remember, we launched Security Everywhere last June during Cisco Live, San Diego.  Since that time we have received tremendous response from our mutual customers and you, our partners.

To further decrease the risk of security threats, on November 3rd, we announced additional investments and enhancements to our Security Everywhere portfolio and strategy.

We have expanded our security solutions to reach further into the cloud, network and endpoints. In addition, we launched a new threat awareness service for businesses of all sizes. The new solutions provide value to our mutual customers as well as, provide you with additional revenue opportunities that will increase your profitability.

Here are a few of the solutions I’d like to highlight.

Cisco Cloud Access Security (CAS) provides visibility and data security for cloud-based applications. The exciting news for you is that with CAS you can assist your customers address the sprawl of Shadow IT.  It is reported that 90 percent of organizations are not “fully aware” of devices accessing their network.  There are 5-10 times MORE cloud services being used in enterprises than are known by IT.

New additions to CAS offering allow organizations to address this complexity as well as increase visibility and control over data in cloud applications. Four new applications – Audit, Detect, Protect and Investigate – are designed to assess and act on non-sanctioned cloud applications, aimed at preventing cloud data loss.

Partnering with Elastica, CAS delivers increased visibility into “hidden” applications, those that employees might bring onto the network; detection of malicious behavior; and the ability to set security policies that tailor application usage and user behavior to align with corporate policies. To protect cloud-based applications, such as Dropbox and, CAS prevents the uploading of sensitive information and inappropriate sharing of data in the applications, to limit data exposure breaches.

New Identity Services Engine (ISE) enhancements extend visibility and control for network and endpoints with new hyper-location access controls. Cisco ISE 2.0 extends security further into the network with new capabilities that help you see and control what’s on your network like never before and accelerate threat mitigation. Now you can deploy ISE services such as Profiling, Posture, Guest, and BYOD with 802.1x Network Access Devices (NADs) manufactured by Cisco Ecosystem partners.

You also have a simplified AAA device management and administration capabilities with the new work center for TACACS+ protocol support. Lastly, ISE 2.0 enhances the user experience for ISE administrators by leveraging workflow-focused work centers for centralized management and administration.

Read More »

Tags: , , , , , , ,

Cognitive Research: Fake Blogs Generating Real Money


In the past several months Cisco Cognitive Threat Analytics (CTA) researchers have observed a number of blog sites using either fake content or content stolen from other sites to drive traffic to click on ad-loaded web sites. We have observed traffic volume up to 10,000 requests per hour, targeting hundreds of sites. The estimated lifetime of this campaign is at least 9 months. With a single click worth anywhere from $0.01 and $1, these scams can yield substantial returns for their owners.

Fake blogs are not new, but these actors are operating with a slightly different MO. Effort has been made to evade web reputation based blocks and hide from the eyes of investigators. First, we observe a large number of similar sites with word-based and topic-based generated domain names. These sites look like benign travel-related blogs full of content at first sight. Secondly, most of the intermediate infrastructure will redirect a random request away towards Google, making the investigation more difficult.

The general traffic pattern was observed as follows:

  1. Large numbers of requests arrive from infected clients to the fake blog sites. To look less suspicious, the requests look like search queries – for example:
  2. There is a series of redirects via intermediate sites, which are already associated with click-frauds – for example:
  3. These redirects bring the clients towards another set of fake sites, with travel related names (e.g., this time these sites have no content.
  4. Finally, clients are sent to browse arbitrary web sites to generate clicks and/or revenue.

Details of the analysis follow: Read More »

Tags: , , ,

Continuous Analysis Yields Continuous Leadership Against Advanced Threats

Organizations today have no shortage of challenges when it comes to cyber security and their growing IT infrastructure. Not only is the frequency and sophistication of malware attacks on the rise, but with the proliferation of mobility, BYOD, IoT, and cloud services; the number of entry points an attacker has into the network grows exponentially with them.

Given this landscape we know the most effective way to address these threats is with security offering continuous analysis and retrospective protection that extends across all attack vectors in the extended network. With AMP Everywhere, security is just as pervasive as today’s advanced threats, and thanks to continuous analysis and retrospective protection, our customers gain reduced time to detection.

For the second year in a row, we have third-party validation from NSS Labs that we provide the most effective security available in the market today. Cisco Advanced Malware Protection (AMP) was tested along with seven other vendors and achieved a 99.2% security effectiveness score – the highest of all vendors tested in the 2015 NSS Labs Security Value Map (SVM) for Breach Detection Systems. What I find most interesting and rather disappointing in these results is that Cisco is the only vendor in the test to successfully handle all evasion attempts.

nss-bds-svm Read More »

Tags: , , , , , , ,

Creating an Intelligence-Led Security Organization

I recently had the opportunity to sit down with Roland Cloutier, Global Chief Security Officer at ADP and former CISO at EMC, to discuss how they integrate and leverage threat intelligence into their security operations centers as well as their greater security technology infrastructure. It’s pretty rare for the CISO of a F500 company to discuss what technologies they use in such an open way, but it was really a testament to the trust they have for the solutions they have chosen. To hear Roland discuss it himself, watch the video at the end of this post or read the case study.

ADP had created a much more proactive, and dare I say “predictive” security program than most. They are consuming threat intelligence from numerous sources including AMP Threat Grid to create what Roland dubbed ‘intelligence-led decision making.’ How is this different from today? Most security organizations, whether it’s analysts in the Security Operations Center (SOC) or the <<other group>> tend to be in a very reactive mode. They see an alert pop up on screen and start to scramble. It’s tough to get ahead of the game when the technology you’ve invested in is merely a reactive one. Roland and his team have spent the time to develop and execute on a strategy that has flipped this model and puts them in a very proactive situation. So how have they done this? A few key elements: Read More »

Tags: , ,

AMP Threat Grid Integrated with Email Security

We recently announced the release of AsyncOS 9.5 for Cisco Email Security that included the integration of AMP Threat Grid. Now if Threat Grid could talk it would sound a lot like Ron Burgundy and say “I’m not sure if you know this, but I’m kind of a big deal.” Email is consistently one of the top two threat vectors for malware because so many people out there still open an attachment that looks harmless from someone they don’t know. We all want to think we won a cruise, but that’s not how it works. It’s how malware establishes a foothold on your system. AMP Threat Grid is there to make sure this doesn’t happen.

Cisco acquired Threat Grid to not only bolster its suite of advanced threat solutions, but to also integrate the technology into its advanced malware protection (AMP) products. AMP Threat Grid goes far beyond traditional sandboxing, providing a host of analytical engines to evaluate potential malware. From static and dynamic analysis to various post-processing techniques, AMP Threat Grid evaluates malware to provide the most comprehensive report for even the most junior security analysts. This video provides a more comprehensive overview. Those familiar with Cisco’s Email Security know we already had a sandbox built in and may ask ‘Why change?’ and that’s exactly the question you want to ask. There are really three key reasons: Read More »

Tags: , , ,