That’s right folks, today is Patch Tuesday and Microsoft has published its monthly security bulletin for August 2013. The bulletins address a total of 23 vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, and Microsoft Exchange. These vulnerabilities could allow an attacker to execute arbitrary code, cause a denial of service condition, or gain elevated privileges.
The bulk of the August updates correct several vulnerabilities in Internet Explorer. Although little technical information is available currently, it’s likely that attackers may develop future exploits based on the vulnerabilities.
Multiple vulnerabilities correct vulnerabilities in Microsoft Windows. A few of the vulnerabilities involve improper processing of ICMP network packets and could allow for attacks that cause affected systems to stop responding to additional network traffic. Although service failures are a concern for production systems, an exploit would allow no system access. Read More »
Tags: Cisco Security, cisco sio, Microsoft, Microsoft bulletin, patch tuesday, vulnerabilities
Today’s threat landscape is more dynamic than ever before. Rapid changes in the world around us, driven by cloud, mobility and the Internet of Everything, are considerably affecting traditional security approaches. The notion of the “perimeter” no longer exists and threats are able to circumvent traditional, disparate security products.
The marketplace needs a pervasive, continuous security architecture that addresses each phase of the attack lifecycle. Today, we are excited to announce the acquisition of Sourcefire (NASDAQ: FIRE), which directly supports Cisco’s strategy to constantly defend, discover and remediate threats – with the ultimate goal of covering our customers before, during and after an attack.
Sourcefire, based in Columbia, MD, is a leader in intelligent cybersecurity solutions. Sourcefire delivers effective, highly automated security through continuous threat research, detection and protection across its portfolio of next-generation intrusion prevention systems (IPS), next-generation firewall, and advanced malware protection solutions.
Sourcefire couples its technology with automated, real-time visibility across the extended network that includes virtual, mobile and endpoints. These solutions work not only at a point-in-time, but also provide continuous threat protection and retrospective remediation across the network.
Having led security innovation for more than 12 years, Sourcefire has assembled a world-class team with deep security DNA that will help drive Cisco’s execution of its security strategy. Sourcefire was founded by Marty Roesch, who pioneered their success through open source, creating a community of security technologists working together to build an industry leading intrusion prevention system. Sourcefire also is home to the Vulnerability Research Team, a group of elite security experts who work around the clock to proactively discover, assess, and respond to the latest trends in hacking activities, intrusion attempts, malware and vulnerabilities.
Sourcefire’s open source model is expected to strengthen and accelerate Cisco’s ability to build a strong ecosystem of security partners who can bring real time threat intelligence and innovations to customers through integration with our technologies and platforms.
Security is a critical component to Cisco’s overall strategy to be the No. 1 IT company. Earlier this year, we acquired Cognitive Security, a security software company that applies artificial intelligence techniques to detect advanced cyber threats. Cognitive Security and Sourcefire are expected to help Cisco achieve our goal as we offer more best-in-class security services; more intelligence sources for continuous protection; and an open platform to enable a threat-aware network.
We believe that Cisco and Sourcefire customers will benefit from the combination of world-class products and technologies to provide continuous and pervasive advanced threat protection across the entire attack continuum and from any device to any cloud.
I am delighted to welcome the entire Sourcefire team to the Cisco family, and look forward to a prosperous future together.
In closing, I would simply like to remind you that this blog contains forward-looking statements which are subject to risks and uncertainties, including the risk factors discussed in Cisco’s most recent reports on Form 10-K and Form 10-Q filed with the SEC on September 12, 2012 and May 21, 2013, respectively, and in the press release announcing this transaction. Such risks could cause actual results to differ from those contained in the forward-looking statements. For further information, please consult such Form 10-K, Form 10-Q, and Cisco’s Form 8-K covering such press release, each available free of charge at the SEC’s website at www.sec.gov or by going to Cisco’s Investor Relations website at http://www.cisco.com/go/investors.
Tags: Cisco Security, cloud, cyber security, Internet of Everything, mobility, security, Sourcefire
I see and hear a variety of acronyms being used on a daily basis. I recently heard one tossed around with good humor that makes a point: TMA or Too Many Acronyms. Every once in a while, when I think I’ve embedded the definition and use of an acronym into my long-term memory (anything beyond an extended weekend), it seems as if either a new acronym was spawned, or it has been overloaded with a different meaning. My goal in this blog post is offer both a refresher on some topical acronyms that appear to be quite commonly circulated in security technology circles and media outlets. It is challenging to be a subject matter expert in every aspect of cyber security. Whether you are reading an article, joining a conversation or preparing for a presentation or certification in the realm of cyber security, you may not be completely perplexed by these acronyms when you come across them and become more familiar with them. For situational purposes, I organized the acronyms into categories where I have seen them used frequently and included related links for each of them.
AAA: Authentication, Authorization, and Accounting. This is a set of actions that enable you to control over who is allowed access to the network, what services they are allowed to use once they have access, and track the services and network resources being accessed.
ACL/tACL/iACL/VACL/PACL: Access Control List. ACLs are used to filter traffic based upon a set of rules that you define. For ACLs listed with a prefix (for example, t=transit, i=infrastructure, V=VLAN (Virtual Local Area Network), P=Port)), these ACLs have special purposes to address a particular need within the network.
FW/NGFW/FWSM/ASASM: Firewall/Next Generation Firewall/Firewall Service Module/Adaptive Security Appliance Services Module. These products provide a set of security features designed to govern the communications via the network. Cisco provides firewall features as a dedicated appliance or hardware module that can be added to a network device such as a router.
IPS: Intrusion Prevention System. Typically, this is a network appliance that is used to examine network traffic for the purposes of protecting against targeted attacks, malware, and application and operating system vulnerabilities. In order to ensure the effectiveness of a Cisco IPS device, it should be maintained using Cisco’s IPS subscription service.
DNSSEC: Domain Name System (DNS) Security Extensions. That’s right, we have an acronym within an acronym. These are the specifications for security characteristics that make it possible to verify the authenticity of information stored in DNS. This validation makes it possible to provide assurances to resolvers that when they request a particular piece of information from the DNS, that they receive the correct information published by the authoritative source. Read More »
Tags: byod security, Cisco Security, cybersecurity, HIPAA Compliance, incident response, MDM, PCI Compliance, pci-dss, security, vulnerability
Having just returned home to New Jersey from Cisco Live US in Orlando, Florida, I thought I’d share my experiences as a Network Security Engineer both attending and presenting at this year’s conference.
There were approximately 20,000 attendees at this year’s conference, which I believe set a new Cisco Live attendance record! Considering the huge size of the conference, which rivals game day attendance at some small market Major League Baseball teams, I was amazed at the efficiency and organization of the conference—from the session logistics to the World of Solutions “happy hours” and the Customer Appreciation Event held at Universal Studios!
While listening to the various keynote speeches, most notably those from John Chambers, Padmasree Warrior, Rob Lloyd, and Edzard Overbeek, it’s clear that Security, is “Top of Mind” for the Cisco Leadership Team.
Out of the roughly 625 sessions, there were approximately 100 sessions and labs focused on security, including a few below, which were presented by some of my fantastic and extremely bright peers within the Security organization. Sessions and labs included relevant topics such as network threat defense, IPv6, threat mitigation, and intrusion prevent and signature development. Read More »
Tags: Black Hat USA, cisco live, Cisco Live 2013, Cisco Security, cisco sio, DDoS, IPv6, security
It is not new that people are referring to Bring Your Own Device (BYOD) as Bring Your Own Malware (BYOM). In 2012 alone, Android malware encounters grew 2,577 percent (for details, see Cisco’s Annual Security Report). Many organizations are struggling to keep up with the BYOD trend by allowing employees to bring their favorite gadgets to the office to increase productivity and employee satisfaction. However, they are also struggling when trying to protect critical corporate assets, user’s data, and intellectual property in their employees’ mobile devices. Read More »
Tags: byod, Cisco Live 2013, Cisco Live Orlando, Cisco Security, cisco sio, malware, mobility