Cisco Blogs


Cisco Blog > Security

Security Insights with British Telecom

The explosive growth of video, mobility, Internet-of-Things, and cloud services has brought about enormous business opportunities. Service Providers are adopting open and programmable network architectures that increase business agility and lower costs. However, adversaries are increasingly exploiting the growing attack surface presented by these new services and expanded network connections.

British Telecom, the largest service provider in the UK, has recently announced a partnership with Cisco to deliver threat-centric security solutions based on our joint expertise and leadership. By partnering with Cisco, BT will strengthen network and advanced threat protection capabilities and automate its threat intelligence to detect, analyze and remediate attacks, while providing the same security capabilities in offerings to their customers, with BT Assure Cyber, BT’s Managed Security Portfolio.

I recently had the opportunity to sit down with Les Anderson, VP of BT Cyber, and ask him how BT manages security to protect their networks and their customers and to get his take on our new partnership.

Sam Rastogi – Cisco Security: What changes in the threat landscape are you observing?
Les Anderson: Over the last 13 months, BT has experienced a 1,000% increase in threats. We’ve seen our networks targeted in ways that we haven’t seen before. There is unprecedented speed in the innovation, resiliency and evasiveness of cyber attacks.

CS: How do you counter these threats?
LA: Partnership with Cisco for threat-centric security and consolidating where it makes sense for our business and our customers.

CS: What security technologies are top of mind for you?
LA: We need threat-centric technologies that are able to stop threats. We look to solutions, such as ASA with FirePOWER Services, Advanced Malware Protection (AMP), and Next-Generation IPS (NGIPS) – all, working together. They amount to a differentiated capability in the market – to see and stop more threats for us and our customers.

CS: How do you view security as a growth engine for organizations?
LA: BT doesn’t compromise when it comes to prioritizing our own cybersecurity; security can be a growth engine for business like BT to take full advantage of today’s opportunities to be more productive, make organizations more efficient and customers happier by keeping systems — both ours and our customers — secure.  By relying on threat-centric security, we’re thus able to focus on our core business goals, making security a differentiator. Investing in security in turn inspires further trust in doing business with us and with our customers.

CS: Why did you choose to partner with Cisco? And why now?
LA: Cisco has made smart security acquisitions and technology innovations that provide a significant differentiation in the market. I’m seeing that Cisco has the ability to deploy security products into SDN and virtualized environments to unlock additional value that is critical to security. Lastly our joint portfolio has allowed us to sell the largest cyber strategic security capability globally to a nation state. This is all possible with the strong partnership we have in place together.

Watch this video to learn how BT is taking advantage of security solutions from Cisco to protect its own environment and its customers:

Tags: , , ,

Advanced Malware Protection Can Help Keep Defense Agencies’ Networks Secure

It seems like these days, you can’t read the news without seeing something about a cyberattack or data breach. While the digital economy and the Internet of Everything (IoE) are creating huge opportunities for value creation in both the public and private sectors, they also create huge opportunities for security breaches. With an expanded attack surface created by the IoE, cybercriminals look to take advantage of the influx of new devices and increasing network complexity. While a large cyberattack on a private company might be painful financially, a hack on some of our nation’s defense agencies could hurt much more.

The Department of Defense (DoD) is a high-priority target for hackers of all types, but especially for advanced malware creators who are seeking to steal intellectual property, capabilities and strategies from the U.S. government.  These threats aren’t only isolated incidents from hacktivist groups; they often come from other advanced nation-states. The protection of military information and network assets is a part of national security and the DoD needs the tools to protect itself from cyberattacks.

One way the DoD and other agencies are looking to better protect their networks is by using advanced malware protection (AMP) tools. AMP helps detect “bad” files as they move across a sensor and flags the files for removal so that they don’t corrupt the rest of the network. Cisco’s AMP services are industry-leading; it was named a leader in Gartner Magic Quadrants for Intrusion Prevention Systems in 2014 and improved its position in 2015. It was also tested during NSS Labs’ rigorous next-generation firewall testing and received the highest effectiveness rating possible.

Figure1

Figure 1. Gartner’s 2015 Magic Quadrant for Intrusion Prevention Systems

Cisco AMP is unique from its competitors in that it can place sensors throughout the network. Unlike most companies’ sensors, which must be attached to the firewall, Cisco’s sensors are compatible with a large variety of devices and platforms, such as switches, virtual machines and the cloud. By allowing for sensors in other places in the network, Cisco AMP casts a wider and finer net to catch malware.

Additionally, Cisco AMP tracks files throughout the whole network. For most advanced malware systems, a file is only flagged as good or bad when it crosses a sensor. But with Cisco AMP, the file is tracked throughout and continually evaluated. That means if a file was initially tagged as good but more information appears, Cisco AMP can detect that anywhere in the network, flag it, and have the file removed. Continuously monitoring files enables security managers to get rid of corrupted files rapidly – which means the network can recover more quickly as well.

Figure2

Figure 2. Point-In-Time Detection vs. Cisco’s Continuous Detection

Another way that Cisco AMP sets itself apart from other security options is through its ability to trace a file’s path and remove other files it has potentially corrupted. The corrupted file is patient zero, but CiscoAMP can find every other patient it touched to ensure the threat is completed eradicated.

As DoD networks become increasingly complex, with more devices requiring access from remote areas, the capabilities Cisco AMP solutions provide will be even more important to ensure these critical networks are secure. No matter how it is utilized, Cisco AMP can help the Department of Defense and other public sector agencies defend their sensitive information from cyberattacks. Click here to learn more about Cisco AMP solutions.

Tags: , , , , , ,

Expanding Security Everywhere and Creating New Opportunities for Partners

As you remember, we launched Security Everywhere last June during Cisco Live, San Diego.  Since that time we have received tremendous response from our mutual customers and you, our partners.

To further decrease the risk of security threats, on November 3rd, we announced additional investments and enhancements to our Security Everywhere portfolio and strategy.

We have expanded our security solutions to reach further into the cloud, network and endpoints. In addition, we launched a new threat awareness service for businesses of all sizes. The new solutions provide value to our mutual customers as well as, provide you with additional revenue opportunities that will increase your profitability.

Here are a few of the solutions I’d like to highlight.

Cisco Cloud Access Security (CAS) provides visibility and data security for cloud-based applications. The exciting news for you is that with CAS you can assist your customers address the sprawl of Shadow IT.  It is reported that 90 percent of organizations are not “fully aware” of devices accessing their network.  There are 5-10 times MORE cloud services being used in enterprises than are known by IT.

New additions to CAS offering allow organizations to address this complexity as well as increase visibility and control over data in cloud applications. Four new applications – Audit, Detect, Protect and Investigate – are designed to assess and act on non-sanctioned cloud applications, aimed at preventing cloud data loss.

Partnering with Elastica, CAS delivers increased visibility into “hidden” applications, those that employees might bring onto the network; detection of malicious behavior; and the ability to set security policies that tailor application usage and user behavior to align with corporate policies. To protect cloud-based applications, such as Dropbox and Salesforce.com, CAS prevents the uploading of sensitive information and inappropriate sharing of data in the applications, to limit data exposure breaches.

New Identity Services Engine (ISE) enhancements extend visibility and control for network and endpoints with new hyper-location access controls. Cisco ISE 2.0 extends security further into the network with new capabilities that help you see and control what’s on your network like never before and accelerate threat mitigation. Now you can deploy ISE services such as Profiling, Posture, Guest, and BYOD with 802.1x Network Access Devices (NADs) manufactured by Cisco Ecosystem partners.

You also have a simplified AAA device management and administration capabilities with the new work center for TACACS+ protocol support. Lastly, ISE 2.0 enhances the user experience for ISE administrators by leveraging workflow-focused work centers for centralized management and administration.

Read More »

Tags: , , , , , , ,

Cognitive Research: Fake Blogs Generating Real Money

Summary

In the past several months Cisco Cognitive Threat Analytics (CTA) researchers have observed a number of blog sites using either fake content or content stolen from other sites to drive traffic to click on ad-loaded web sites. We have observed traffic volume up to 10,000 requests per hour, targeting hundreds of sites. The estimated lifetime of this campaign is at least 9 months. With a single click worth anywhere from $0.01 and $1, these scams can yield substantial returns for their owners.

Fake blogs are not new, but these actors are operating with a slightly different MO. Effort has been made to evade web reputation based blocks and hide from the eyes of investigators. First, we observe a large number of similar sites with word-based and topic-based generated domain names. These sites look like benign travel-related blogs full of content at first sight. Secondly, most of the intermediate infrastructure will redirect a random request away towards Google, making the investigation more difficult.

The general traffic pattern was observed as follows:

  1. Large numbers of requests arrive from infected clients to the fake blog sites. To look less suspicious, the requests look like search queries – for example: cruiserly.net/search/q/greyhounds.
  2. There is a series of redirects via intermediate sites, which are already associated with click-frauds – for example: findreek.com.
  3. These redirects bring the clients towards another set of fake sites, with travel related names (e.g. tourxperia.com), this time these sites have no content.
  4. Finally, clients are sent to browse arbitrary web sites to generate clicks and/or revenue.

Details of the analysis follow: Read More »

Tags: , , ,

Continuous Analysis Yields Continuous Leadership Against Advanced Threats

Organizations today have no shortage of challenges when it comes to cyber security and their growing IT infrastructure. Not only is the frequency and sophistication of malware attacks on the rise, but with the proliferation of mobility, BYOD, IoT, and cloud services; the number of entry points an attacker has into the network grows exponentially with them.

Given this landscape we know the most effective way to address these threats is with security offering continuous analysis and retrospective protection that extends across all attack vectors in the extended network. With AMP Everywhere, security is just as pervasive as today’s advanced threats, and thanks to continuous analysis and retrospective protection, our customers gain reduced time to detection.

For the second year in a row, we have third-party validation from NSS Labs that we provide the most effective security available in the market today. Cisco Advanced Malware Protection (AMP) was tested along with seven other vendors and achieved a 99.2% security effectiveness score – the highest of all vendors tested in the 2015 NSS Labs Security Value Map (SVM) for Breach Detection Systems. What I find most interesting and rather disappointing in these results is that Cisco is the only vendor in the test to successfully handle all evasion attempts.

nss-bds-svm Read More »

Tags: , , , , , , ,