Given that modern attacks are complex and sophisticated, there is not a single product or tool that will ever be 100% effective at detecting threats. Prevention eventually fails. Therefore, you need protection before, during, and after an attack.
Modern-day networks are large and complicated. It is a nightmare for incident response teams and security investigators because it often takes days and months to identify that their networks were compromised. A wide variety of tools, technologies and platforms are available, like big data platforms, machine learning algorithms, statistical techniques, threat intelligence platforms, reputation feeds etc. It is often confusing for the decision makers to identify what is needed for their environment. Read More »
This week sees the IoT ( Internet of Things) World Forum (IoTWF) Research & Innovation Symposium that is showing IoT related subjects such as the current research, use cases, and customer experiences as part of the Internet of Everything. This time the symposium will focus on transportation and energy, key areas where IoT can change the life of every human being.
To complement the IoT relevance in Energy, you will have seen the press release today from Cisco highlighting the adoption of the Cisco Secure Ops Solution by Royal Dutch Shell, details of which were shared with delegates at the forum (and if not I’ve put a link at the bottom of this post).
Peter Granger “drills-down” on the new Secure Ops solution adopted by Royal Dutch Shell
We saw the collaboration between Cisco and Shell and Shell’s commitment to Cisco’s architectural approach at Cisco Live. If you haven’t read it you can here: High Energy at Cisco Live in San Francisco. At the event Alan Matula (CIO and EVP, Shell) spelled out the changing IT and OT (Operational Technologies) environment in his industry, and how Shell had seen this all coming…
“About 3 or 4 years ago we saw the internet of everything coming and we decided to set up a unique differentiated technology outfit and we put it right next to research and development and that actually pushes the technology advances as close as possible to the business outcomes that we’re trying to drive.”
So, what’s new? well a lot actually. I think the first thing is how Cisco is changing to not only work with partners as we’ve always done, but to take the lead in providing a solution directly to our customers if that’s what they want. With this solution there are a number of partners, but Cisco provides leadership so everyone knows their role and we have a more holistic approach, guided by Cisco.
Now down to the business. Shell will deploy the Cisco Secure Ops Solution at upstream, downstream and lubricant sites. The Cisco Secure Ops Solution provides remote proactive monitoring and Service-Level-Agreement -(SLA)-driven management of security, applications and infrastructure. At the IoTWF Shell shared that it has deployed the Cisco Secure Ops Solution to increase the security maturity level by improving its cyber security and risk management, while lowering costs of delivery and operations.
When you think about all the challenges that oil and gas industry companies face today, you’ll see that they operate in the world’s toughest conditions. Whether it’s traditional on-shore or off-shore or non-traditional methods (horizontal drilling and “fracking” for example), energy companies have to be aware of a variety of threats, including safety, environmental, and cyber threats, when making important decisions in real-time.
“Cisco’s solution is designed to help companies combat new and evolving cyber security threats to the energy industry, specifically in the industrial control system (ICS) domain. Working with Shell, Cisco has developed solutions that directly address security concerns for the types of sometimes harsh environments in which Shell operates.”
“Cisco Secure Ops is a turn-key solution that implements and maintains security controls, risk management and compliance for industrial control system (ICS) environments using a combination of people, process and technology. Industrial control system delivery partners, like Rockwell and Yokogawa Electric, support the solution. Additional partners will be forthcoming.”
Here’s a quote from Greg Carter of Cisco (Director/GM, Internet of Everything Services Group, Cisco) that confirms the benefits:
“Cisco Secure Ops Solution was designed to provide a robust and secure solution to quickly address potential threats that come with the increase in connected people, processes and things with IoE. I’m thrilled that Shell is already seeing the benefits from these innovations on a global scale and look forward to continued success with this solution across other verticals in the months ahead.”
If you want to learn more about the Cisco Secure Ops solution, click here. To read a copy of the Press release, click here.
Today, we released the final Cisco IOS Software Security Advisory Bundled Publication of 2014. Six years ago, Cisco committed to disclosing IOS vulnerabilities on a predictable schedule (on the fourth Wednesday of March and September each calendar year) in direct response to your feedback. We know this timeline allows your organization to plan and help ensure resources are available to analyze, test, and remediate vulnerabilities in your environments.
Today’s edition of the Cisco IOS Software Security Advisory Bundled Publication includes six advisories that affect the following technologies:
On September 8th, Cisco’s Talos Security Intelligence & Research Group unveiled the existence of the “Kyle and Stan” Malvertisement Network. The network was responsible for placing malicious advertisements on big websites like amazon.com, ads.yahoo.com, www.winrar.com, youtube.com and 70 other domains. As it turns out, this was just the tip of the iceberg. Ongoing research now reveals the real size of the attackers’ network is 9 times larger than reported in our first blog. For more details, read the Kyle and Stan Blog.
The infographic below illustrates how much more of the malvertisement network was uncovered in comparison to our first assessment. We have now isolated 6491 domains sharing the same infrastructure. This is over 9 times the previously mentioned 703 domains. We have observed and analyzed 31151 connections made to these domains. This equals over 3 times the amount of connections previously observed. The increase in connections is most likely not proportional to the domains due to the fact that a long time that has passed since the initial attacks.
The discovery difference from the previous blog to this one in raw numbers. With more than 3-times the now observed connections and over 9-times the revealed malicious domains, this malvertising network is of unusually massive proportions.
This post was authored by Shaun Hurley, David McDaniel and Armin Pelkmann.
Update 2014-09-22: Updates on this threat can be found here
Have you visited amazon.com, ads.yahoo.com, www.winrar.com, youtube.com, or any of the 74 domains listed below lately? If the answer is yes, then you may have been a victim to the “Kyle and Stan” Malvertising Network that distributes sophisticated, mutating malware for Windows and even Macs.