Cisco Blogs


Cisco Blog > Security

A Model for Evaluating Breach Detection Readiness

Given that modern attacks are complex and sophisticated, there is not a single product or tool that will ever be 100% effective at detecting threats. Prevention eventually fails. Therefore, you need protection before, during, and after an attack.

Modern-day networks are large and complicated. It is a nightmare for incident response teams and security investigators because it often takes days and months to identify that their networks were compromised. A wide variety of tools, technologies and platforms are available, like big data platforms, machine learning algorithms, statistical techniques, threat intelligence platforms, reputation feeds etc. It is often confusing for the decision makers to identify what is needed for their environment.
Read More »

Tags: , , ,

Cisco to Provide Secure Ops Solution to Royal Dutch Shell

October 15, 2014 at 10:45 am PST

 

This week sees the IoT ( Internet of Things) World Forum (IoTWF) Research & Innovation Symposium that is showing IoT related subjects such as the current research, use cases, and customer experiences as part of  the Internet of Everything.  This time the symposium will focus on transportation and energy, key areas where IoT can change the life of every human being.

To complement the IoT relevance in Energy, you will have seen the press release today from Cisco highlighting the adoption of the Cisco Secure Ops Solution by Royal Dutch Shell, details of which were shared with delegates at the forum (and if not I’ve put a link at the bottom of this post).

Peter Granger “drills-down” on the new Secure Ops solution adopted by Royal Dutch Shell

We saw the collaboration between Cisco and Shell and Shell’s commitment to Cisco’s architectural approach at Cisco Live. If you haven’t read it you can here: High Energy at Cisco Live in San Francisco.  At the event Alan Matula (CIO and EVP, Shell) spelled out the changing IT and OT (Operational Technologies) environment in his industry, and how Shell had seen this all coming…

“About 3 or 4 years ago we saw the internet of everything coming and we decided to set up a unique differentiated technology outfit and we put it right next to research and development and that actually pushes the technology advances as close as possible to the business outcomes that we’re trying to drive.”

You also saw (if following my blog) that Cisco announced Secure Ops here: Unveiling Cisco Collaborative Operations and Secure Ops Solutions. So now we have the customer proof point: the important piece!

So, what’s new? well a lot actually. I think the first thing is how Cisco is changing to not only work with partners as we’ve always done, but to take the lead in providing a solution directly to our customers if that’s what they want. With this solution there are a number of partners, but Cisco provides leadership so everyone knows their role and we have a more holistic approach, guided by Cisco.

Now down to the business. Shell will deploy the Cisco Secure Ops Solution at upstream, downstream and lubricant sites. The Cisco Secure Ops Solution provides remote proactive monitoring and Service-Level-Agreement -(SLA)-driven management of security, applications and infrastructure.  At the IoTWF Shell shared that it has deployed the Cisco Secure Ops Solution to increase the security maturity level by improving its cyber security and risk management, while lowering costs of delivery and operations.

When you think about all the challenges that oil and gas industry companies face today, you’ll see that they operate in the world’s toughest conditions. Whether it’s traditional on-shore or off-shore or non-traditional methods (horizontal drilling and “fracking” for example), energy companies have to be aware of a variety of threats, including safety, environmental, and cyber threats, when making important decisions in real-time.

“Cisco’s solution is designed to help companies combat new and evolving cyber security threats to the energy industry, specifically in the industrial control system (ICS) domain. Working with Shell, Cisco has developed solutions that directly address security concerns for the types of  sometimes harsh environments in which Shell operates.”

“Cisco Secure Ops is a turn-key solution that implements and maintains security controls, risk management and compliance for industrial control system (ICS) environments using a combination of people, process and technology. Industrial control system delivery partners, like Rockwell and Yokogawa Electric, support the solution. Additional partners will be forthcoming.”

Here’s a quote from Greg Carter of Cisco (Director/GM, Internet of Everything Services Group, Cisco) that confirms the benefits:

“Cisco Secure Ops Solution was designed to provide a robust and secure solution to quickly address potential threats that come with the increase in connected people, processes and things with IoE. I’m thrilled that Shell is already seeing the benefits from these innovations on a global scale and look forward to continued success with this solution across other verticals in the months ahead.”

If you want to learn more about the Cisco Secure Ops solution, click here. To read a copy of the Press release, click here.

 

 

Tags: , , , , , , ,

Announcing the Cisco IOS Software Security Advisory Bundled Publication

Today, we released the final Cisco IOS Software Security Advisory Bundled Publication of 2014. Six years ago, Cisco committed to disclosing IOS vulnerabilities on a predictable schedule (on the fourth Wednesday of March and September each calendar year) in direct response to your feedback. We know this timeline allows your organization to plan and help ensure resources are available to analyze, test, and remediate vulnerabilities in your environments.

Today’s edition of the Cisco IOS Software Security Advisory Bundled Publication includes six advisories that affect the following technologies:

  • Resource Reservation Protocol (RSVP)
  • Metadata
  • Multicast Domain Name System (mDNS)
  • Session Initiation Protocol (SIP)
  • DHCP version 6 (DHCPv6)
  • Network Address Translation (NAT)

Read More »

Tags: , , , , , ,

Threat Spotlight: “Kyle and Stan” Malvertising Network 9 Times Larger Than Expected

This post was authored by Armin Pelkmann.

On September 8th, Cisco’s Talos Security Intelligence & Research Group unveiled the existence of the “Kyle and Stan” Malvertisement Network. The network was responsible for placing malicious advertisements on big websites like amazon.com, ads.yahoo.com, www.winrar.com, youtube.com and 70 other domains. As it turns out, this was just the tip of the iceberg. Ongoing research now reveals the real size of the attackers’ network is 9 times larger than reported in our first blog. For more details, read the Kyle and Stan Blog.

The infographic below illustrates how much more of the malvertisement network was uncovered in comparison to our first assessment. We have now isolated 6491 domains sharing the same infrastructure. This is over 9 times the previously mentioned 703 domains.  We have observed and analyzed 31151 connections made to these domains. This equals over 3 times the amount of connections previously observed. The increase in connections is most likely not proportional to the domains due to the fact that a long time that has passed since the initial attacks.

img_new_numbers

The discovery difference from the previous blog to this one in raw numbers. With more than 3-times the now observed connections and over 9-times the revealed malicious domains, this malvertising network is of unusually massive proportions.

Read More »

Tags: , , , , , , , , , , , , , , , , , ,

Threat Spotlight: “Kyle and Stan” Malvertising Network Threatens Windows and Mac Users With Mutating Malware

This post was authored by Shaun Hurley, David McDaniel and Armin Pelkmann.

Update 2014-09-22: Updates on this threat can be found here

img_MetricsHave you visited amazon.com, ads.yahoo.com, www.winrar.com, youtube.com, or any of the 74 domains listed below lately? If the answer is yes, then you may have been a victim to the “Kyle and Stan” Malvertising Network that distributes sophisticated, mutating malware for Windows and even Macs.

Table of contents

Attack in a Nutshell
Timeline
Technical Breakdown
Reversing of the Mac Malware
Reversing of the Windows Malware
IOCs
Conclusion
Protecting Users Against These Threats

Malvertising is a short form for “malicious advertising.” The idea is very simple: use online advertising to spread malware. Read More »

Tags: , , , , , , , , , , , , , , , , , ,