Cisco Blogs


Cisco Blog > Security

Working Smarter with Cisco Cloud Web Security

We listen to our customers all the time, and what they have been telling us about cloud security over the past 18 months is intriguing. There was a time when IT security leaders were clearly uncomfortable about the idea of trusting remotely delivered security; discussions about cloud security would be met with skepticism. Over the last year and a half, this attitude has undergone a sea of change, and moved through increasing levels of interest to today, where our customers are actively leaning in and engaging in the discussion about moving security functions to the cloud. There are several reasons for this dramatic shift.

Overall, the enterprise network no longer sits comfortably within four secure walls. Extended networks and new business models related to mobility, cloud, the Internet of Things (IoT) and Everything (IoE) are complicating network management and security for companies of all sizes. IT professionals are being tasked with supporting and protecting this ever-evolving environment with fewer resources. Hampered by tighter budgets and the IT security industry’s growing skills shortage customers need to work smarter, not harder.

Read More »

Tags: , , , , , , ,

#IWANWed: Harness the Power of Web Within the Enterprise Branch

Cloud Web Security AAG ImageIn the ever-changing world of enterprise branch environments, a high number of businesses are planning to migrate their WAN to the Internet. To be exact, Nemertes Research (Benchmark 2012–13 Emerging WAN Trends) estimates that number to be close to 50%.  That’s 50% of businesses migrating to Internet for WAN.

And why is that happening? Enterprises are trying to optimize their WAN to increase ROI. Internet has become a much more stable platform, offering significant price-to-performance gains. Thus, the growth of new cloud traffic, high bandwidth applications, and video can be easily load balanced across multiple WAN lines, one of which or both can be Internet links. Some of the enterprises go even further and enable local Internet breakout from the branch. Not only does it eliminate the need to unnecessarily backhaul the traffic to the corporate HQ or data center, but also helps to free up the precious WAN bandwidth for critical business related applications. This enables enterprises to provide guest Internet access within the branch and then slowly offer the same services to corporate users, both for trusted public clouds applications and general Internet access. Read More »

Tags: , , , , , , , , ,

IWAN Wed: The Case for Direct Internet Breakout at Branch and IWAN

Simplify Branch Security with ISRCloud services and SaaS applications is enabling customers to accelerate their business processes and improve employee productivity while lowering their total IT spending. The Cisco IWAN solution is helping organizations adopt cloud applications with an improved user experience by enabling local internet breakout from the branch environment, thus helping eliminate the need to backhaul internet-bound traffic across the WAN link. This helps provide the user improved experience through lower latency for not only internet applications, but also free up bandwidth for application on the WAN link. The reduced WAN link usage also means lower IT spending those links.

However, a study commissioned by Cisco during Jan’14 from 641 customers from US and Europe on their MPLS usage and adoption of local internet breakout found that 68% of the customers responded that enabling direct internet access was an organizational focus for them.  However, 54% of the total respondents reported that lack of sufficient security at the branch environment hindered them from enabling local internet breakout at the branch. This was ranked as the #1 reason to not enable Direct Internet Access at branch sites.

Read More »

Tags: , , , , , , , , ,

Introducing Cisco Cognitive Threat Analytics

“There is no silver bullet.”  That’s one of our favorite sayings at Cisco Security. We use it to convey the point that malware prevention is not 100%. As new attack vectors emerge and the threat landscape evolves, some malware will get through – regardless of which security vendor you choose.

In fact, our recently released 2014 Annual Security Report found that “100 percent of business networks analyzed by Cisco have traffic going to websites that host malware.” Basically, everyone will be compromised to one degree or another.

There are two factors at play. First, as modern networks have expanded and extend beyond the traditional perimeter to include endpoints, mobile devices, virtual desktops, data centers, and the cloud, new attack vectors have emerged. Attackers don’t discriminate and will take advantage of any gap in protection to accomplish their mission.

Second, attackers are focused on understanding security technologies, how they work, where they are deployed, and how to exploit their weaknesses. For example, they outsmart point-in-time defenses – like sandbox technologies that only scan files once – by creating targeted, context-aware malware that can modify its behavior to evade detection and infiltrate the extended network where it is difficult to locate, let alone eradicate.

So what can you do about it? Well, at Cisco we advocate for continuous protection across the entire attack continuum – before, during, and after an attack. We believe security strategies that focus solely on perimeter-based defenses and preventive techniques will only leave attackers free to act as they please, once inside your network.
Read More »

Tags: , , ,

Malware is Everywhere. Now, so is Advanced Malware Protection from Cisco.

Malware is everywhere and it’s incredibly challenging to combat, using whatever unprotected path exists to reach its target and accomplish its mission.

Malware has become the weapon of choice for hackers. According to the 2013 Verizon Data Breach Investigation Report, of the top 20 types of threat actions last year, malware is the most common method used, followed by hacking and social engineering. Increasingly, blended threats that combine several methods – for example, phishing, malware and hacking – are being used to introduce malware, embed the malware in networks, remain undetected for long periods of time and steal data or disrupt critical systems. More specifically on blended threats, the report tells us that more than 95 percent of all attacks intended for conduct espionage employed phishing. What is more, a prominent recent retail breach began with a targeted email phishing attack that ultimately led to access to payment system data via malware uploaded to PoS systems.

Read More »

Tags: , , , , ,