Cisco Blogs


Cisco Blog > Security

Happy New Exploit Kits! (I mean Happy Belated New Year!)

January 22, 2013 at 7:44 am PST

It’s only been a few days since we said goodbye to 2012 and we are already seeing what many predicted for 2013: an increase in the creation, enhancement, and usage of numerous exploit kits by cyber criminals. Cyber criminals don’t take long vacations in December. On the contrary, they “work hard” and make lots of money during the holiday season! These criminals are continuously improving their tools to keep up with us (the good guys) and continue enhancing their “money-making machines.” A real-life example is how cyber criminals were able to quickly incorporate the exploits of the recently found Java vulnerability that I described in a post a few days ago.

Exploit kits make it easy for these criminals because they can easily spread malicious software that exploits well-known and new vulnerabilities. New exploit kits are loaded with some of the most dangerous zero-day exploits and other features that allow criminals to increase their profits.

Read More »

Tags: , , , , ,

Introducing Cisco Domain Ten(SM) – Cisco Services’ Blueprint for Simplifying Data Center and Cloud Transformation

December 5, 2012 at 10:07 am PST

This week at the Gartner Data  Center Conference in Las Vegas, Cisco Services is unveiling Cisco Domain Ten(SM) – Cisco’s Framework for Simplifying Data Center and Cloud Transformation.

Cisco Domain Ten can be applied to a diverse range of data center projects -- from cloud and desktop virtualization to application migration and is equally applicable whether your data center is in enterprise businesses, public sector organizations or service providers.  The video here describes how we apply the Cisco Domain Ten to the private cloud use case, as one example.  We’ll discuss additional use cases in future blogs and associated collateral that I’ll point you to.

Born from our extensive experience over the past years in helping customers transform their data centers, based upon the many cloud deployments -- private and public, enterprise, public sector and service provider -- that we’ve enabled over the past few years, we’ve formulated this comprehensive framework to help you transform your data center and guide new initiatives including cloud, virtual desktop, application migration, and data center consolidation.  The Cisco Domain Ten framework covers ten key areas -- domains -- that -- based upon our experience -- are critical to consider, plan for and address as part of your data center and cloud transformational journey, and is illustrated in the diagram below.  Relating this framework to other key components of Cisco’s data center strategy, you can  think of the Cisco Unified Data Center as the what of the data center, whereas Cisco Domain Ten complements this by guiding you on the how (to transform).

Cisco Domain Ten - Simplifying Data Center Transformation

Read More »

Tags: , , , , , , , , , , , , , , ,

Protection in the Cloud

Physical servers lend the comfort of knowing where your data is located and having control over access and protection of that data. But from a business perspective, there is a lot virtualization can offer. So what’s the compromise with security, and is it worth the switch to a cloud environment?

While the cloud is an “open environment,” with no physical equipment to hold data in a hard-and-fast location, there are security measures that can be taken. Understanding how your technology is being used and who would be interested in accessing stored information is an important step in protecting against security threats. It is also important to consider what type of cloud you are utilizing – public, private, or hybrid. When analyzed thoroughly, you can then integrate security controls into your architecture to view, manage, and control vulnerability and threats.

Finally, you must consider trust. How the technology is used depends on users, devices, applications, and data. Security policies and controls can be determined and installed after establishing how and why the data may be accessed. Vice President and Chief Information Security Officer at Intel explains in more detail the significance of trust and avoiding security breaches. Read what he has to say.

You  may want also to take advantage of our coming webcast to see how industry peers are doing to solve the very challenges Cloud adopters face. Tune in to a webcast on December 6 at 9:00 am PST  to hear from Cisco UCS customers Xerox and FICO Corporation, about how and why they used it in their Cloud environments.

 

Tags: , ,

Securing the Cloud with Common Criteria

Last week I attended the ICCC in Paris where Ashit Vora, Manager, Security Assurance, Cisco discussed the Cloud and how Common Criteria can be used to help mitigate threats.  The following is an excerpt from his presentation and food for thought on Cloud security.

More and more enterprises, including governments are moving their data “to the Cloud” in the hopes of saving infrastructure and maintenance costs.  But is this at the risk of security? As both private and public Clouds become pervasive, security is going to be a major concern.   Cloud infrastructure by definition has large amounts of information including proprietary information, competitive information, information of different classification levels, etc.  In addition, the types of mechanism available to access the information in the Cloud, such as B.Y.O.D. (Bring Your Own Device), are increasing day by day. If the proper security mechanisms are not in place and validated, it could prove to be damaging to all users of the Cloud.

Read More »

Tags: , , ,

ICCC 2012: Raising Awareness of Common Criteria, Promoting Security for Emerging Technologies

In this age of emerging technologies and increasingly complex cyber threats, government and enterprise organizations of all types need to ensure that products they use meet key security criteria, are standards based, perform as expected and interoperate reliably with existing technology.

As these organizations adopt new emerging technologies in hopes of saving on infrastructure and maintenance costs, is this at the risk of security? Without the proper security mechanisms in place and validated, the results could be catastrophic.

Common Criteria is an international standard for evaluating IT product security and reliability, recognized by more than 26 countries around the world. Common Criteria is considered a mandatory requirement for purchasing network security products by many governments.

The 13th International Common Criteria Conference, this year being held in Paris from September 18-20, will bring together leaders from governments and organizations of all types from around the world.

The ICCC Conference offers certification/validation schemes, evaluation laboratories, product developers, system integrators and product users to exchange expertise, experiences and skills on the application of the Common Criteria and security for Information and Communication Technology [ICT] solutions, such as Cloud Computing.

Cisco will participate in speaking sessions at the conference focused on topics including Supply Chain Security, Architectural approaches to Technical Communities and Collaborative Protection Profiles, Cloud Security and Innovation.

Details on the speaking sessions presented by and in collaboration with Cisco are below:

Progress Report from the Supply Chain Security Technical Workgroup
Sept. 19 at 11:30 CET
Track 1 – Room B/Chagall + Van Dongen
Michael Grimm, senior program manager, Microsoft and Terrie Diaz, product certification engineer, Cisco

An Architectural Framework Approach in the Development of Technical Communities and Collaborative Protection Profiles
Sept. 19 at 11:30 CET
Track 2 – Room C/Soutine & Utrillo
Axel Munde, BSI
Dirk Jan Out, Brightsight
Jen Gilbert, lead, global certifications strategy and policy, Cisco

Cloud Security and Common Criteria
Sept. 19 at 14:30 CET
Track 3 – Room D/Picasso
Ashit Vora, manager, security assurance – FIPS/Common Criteria, Cisco

Innovation and the Common Criteria
Sept. 19 at 15:00 CET
Track 3 – Room D/Picasso
Audrey Plonk, Intel
Jen Gilbert, lead, global certifications strategy and policy, Cisco

Visit ICCC and Cisco Global Government Certifications for more information.

Tags: , , , , , ,