Today, Cisco is celebrating a milestone in its commitment to helping you act on security intelligence—our 10th bundle of Cisco IOS Software Security Advisories. We’re proud of our commitment to these predictable disclosures (on the fourth Wednesday of March and September annually) because they originated as a direct response to your feedback. Bundled publications allow you to plan ahead and ensure resources are available to analyze, test, and remediate vulnerabilities in your environments. In an upcoming post, my colleague John Stuppi will share how the Cisco Product Security Incident Response Team (PSIRT) drove the evolution from a traditional disclosure model to the current semiannual bundled publication. John’s post will also provide another vehicle to share feedback with PSIRT, the organization that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks.
Make sure you take a look at the Cisco Event Response—our “go to” document that correlates the full array of Cisco Security Intelligence Operations (SIO) resources for this bundle (including links to the advisories, mitigations, Cisco IntelliShield Alerts, CVSS scores, and OVAL content). Remember, this collateral is not unique to Cisco IOS Software Security Advisories but is part of Cisco SIO’s response to current security events.
Today’s edition of the Cisco IOS Software Security Advisory Bundled Publication includes seven advisories that affect the following technologies:
- Network Address Translation
- Resource Reservation Protocol
- Internet Key Exchange
- Zone-Based Firewall Session Initiation Protocol Inspection
- Smart Install
- Protocol Translation
- IP Service Level Agreement Read More »
Tags: Cisco, cisco ios, Cisco PSIRT, Cisco Security, cisco sio, IOS, vulnerability
Innovation never stops in the mobile world, and that rule applies to security threats as well. Network attacks are becoming more sophisticated and even high-tech businesses with the most advanced security may find themselves in the crosshairs as we shift to more devices and anywhere access.
Just a few weeks ago, multiple leading social networking and large enterprises were hit with an attack when their employees visited a known and trusted website focused on mobile application development. Attackers used a method commonly referred to as “water-holing,” where they compromise a legitimate site commonly visited by employees of their target organizations. Using zero-day vulnerabilities and malicious code that change at a rapid rate, these attacks highlight the need to consistently enhance traditional defenses based on signatures or reputation with global and local context analysis.
This episode underscores how important security is in a more mobile, more connected world—attackers are paying attention, using these industry trends to create targeted and sophisticated attacks that can bypass traditional defenses. The Cisco 2013 Annual Security Report found that Android Malware grew 2,577 percent in 2012 alone. The Internet of Everything is taking shape and the number of online connections is soaring. According to Gartner’s Top 10 Strategic Technology Trends for 2013, 30 billion things will be connected by 2020.
Read More »
Tags: 2013 annual security report, attackers, byod, Cisco Security, Cisco Security Intelligence Operations, Internet of Everything, IoE, malware, Mike Fuhrman, mobile, mobile malware, security, sio, zero-day vulnerability
Anyone who has been involved with compliance knows that simplifying complexity is the key to maintaining a secure and compliant organization. It’s become quite apparent that sustaining compliance is a marathon, and the journey must be travelled with vigilance. This is not something that is an endpoint or a task, that once accomplished, can be shelved and forgotten; therefore, it is very helpful for merchants, who wish to become compliant or maintain compliance, to purchase solutions that are “certified.”
The fact that you are purchasing a product that’s already been validated as secure and “capable” of being compliant reduces the complexity and uncertainty associated with big-ticket items. Adding new credit card readers or a payment application in your stores is expensive, and knowing that these products are validated by the Payment Card Industry (PCI) Council gives merchants confidence that they’re making a wise and secure decision. Read More »
Tags: Cisco Security, cybertrust, pa-dss, PCI Compliance, pci-dss, qsa, qualified security assessor, security
Mobile workers accessing corporate applications and data from a range of personal and corporate devices is fast becoming the new normal. Month by month every survey confirms the inevitable—mixing personal and business data, devices, and apps. Companies are scrambling amidst a sea of new technologies to regain control of their IT infrastructure, and those thinking ahead are planning for more than just tolerance of personal data and scaling mobile access; they’re building the next evolution of application access, which is based on consistent policies for application and data across any access method or device. These architectures demand an integrated system that spans device, network, and application layers, and they demand policies for employee access based on much more than user name and password. Read More »
Tags: byod, Cisco Security, mobility, mobility security, mobility solutions, secure access, security
The RSA Conference is expected to be bigger and better than ever this year—more booths, more vendors, more technical sessions and keynotes.
But I have to ask the question: “Are we as IT practitioners better off now than we were 4 or 5 years ago?” There are a lot of people at the show who worry that the old approaches aren’t working and next generation solutions have not clearly come into focus. I do think, however, there are reasons to be cautiously optimistic.
Join me for a live broadcast from the RSA show floor on Wednesday, February 27 at 10:30 AM PT as I discuss what I’m seeing at the RSA conference and what it means for the IT Security industry. We’ll be taking your questions live via Twitter and Google Hangouts. Read More »
Tags: Cisco Security, CSO, cyber security, John N. Stewart, RSA 2013