On April 10, 2013, a collective of politically motivated hacktivists announced a round of planned attacks called #OPUSA. These attacks, slated to begin May 7, 2013, are to be launched against U.S.-based targets. #OPUSA is a follow-up to #OPISRAEL, which were a series of attacks carried out on April 7 against Israeli-based targets. Our goal here is to summarize and inform readers of resources, recommendations, network mitigations, and best practices that are available to prevent, mitigate, respond to, or dilute the effectiveness of these attacks. This blog was a collaborative effort between myself, Kevin Timm, Joseph Karpenko, Panos Kampanakis, and the Cisco TRAC team.
If the attackers follow the same patterns as previously witnessed during the #OPISRAEL attacks, then targets can expect a mixture of attacks. Major components of previous attacks consisted of denial of service attacks and web application exploits, ranging from advanced ad-hoc attempts to simple website defacements. In the past, attackers used such tools as LOIC, HOIC, and Slowloris.
Publicly announced attacks of this nature can have highly volatile credibility. In some cases, the announcements exist only for the purpose of gaining notoriety. In other cases, they are enhanced by increased publicity. Given the lack of specific details about participation or capabilities, the exact severity of the attack can’t be known until it (possibly) happens. Read More »
Tags: advisories, ASA, botnet, botnets, Cisco Security, Cloud Computing, cloud security, data center security, DDoS, exploits, firewall, incident response, IPS, IPS signatures, malware, mitigations, security, targeted attacks, TRAC, vulnerability
The Infosec London Conference is coming up this week, running April 23-25 at the Earl’s Court Exhibition Center. Cisco will be there of course, in a booth showing the latest Cisco security innovations and presenting four papers on:
• “Securely Accelerate Access to Data Center Applications” (Tuesday, April 23, 10:30)
• “The Changing Landscape of Identity: Is 802.1X Enough?” (Tuesday, April 23, 16:00)
• “Outbound Content Security” (Wednesday, April 24, 10:30)
• “BYOD Demo—Onboarding the iPad With Cisco Identity Services Engine” (Thursday, April 25, 10:30)
While taking in Cisco content at the show is definitely a must do item, I have a little insider travel tip to impart. Show goers should also check out the small and emerging companies usually found next to the walls in the convention hall. Read More »
Tags: byod, Cisco CSO, Cisco Security, CSO, data center security, infosec London, infosecurity europe
We were excited to read the Infonetics Data Center Security Strategies and Vendor Leadership: North American Enterprise Survey, which was released yesterday. It revealed Cisco’s continued leadership in a market that spans a multitude of vendors – application/database, client, data center integration and network. The report indicates that leaders need to offer the right mix of products across the data center security and cloud arenas as well as demonstrate security efficacy and integration into adjacent markets. Cisco has continued to execute on a unified security portfolio spanning firewalls, Intrusion Prevention System (IPS), gateways, and integrated threat intelligence further complemented by strategic partnerships. Seamless integration and shared security intelligence with routing and switching (Nexus and Catalyst) and converged infrastructure (Cisco UCS) enables our customers to benefit from optimized traffic links, the highest levels of security resilience, increased availability and scalability as well as lower costs of ownership. Per the report, “to say you’re the leader in the data center/cloud security is to say you are an innovator who can tackle the biggest problems in IT security for the biggest and most demanding customers.”
We’d like to highlight two areas that Cisco has continued to demonstrate an outright lead over other vendors. In the area of perception as the top data center security supplier, Cisco leads with 47 percent of votes compared to IBM with 38 percent and McAfee with 28 percent, who ranked second and third. Cisco scored between 40 to 60 percent of respondents’ votes (covering 10 criteria) for being the leading data center security supplier with McAfee scoring 15 points below Cisco, HP received around 20 percent of votes, and Juniper and Trend with 15 percent. Read More »
Tags: catalyst, Cisco UCS, data center security, firewalls, gateways, IPS, nexus, unified security portfolio
The data center is at the heart of promoting IT transformation. Mobility initiatives have created a need for increased connections; power initiatives have created a need for greater efficiency; and the increased need for real-time workload processing are driving that change. I see these as “signature” trends in 2013 and also highlighted these in my earlier post this year. Conventional IT security approaches often add complexity and usually impede efficiency gains. What’s needed is an approach that does not introduce latency or require the data center to be reconfigured to accommodate security. Neither should it introduce a myriad of new of tools, new reports, and new processes.
Very few vendors can claim to provide an end-to-end architecture where security is a key programmable element of the underlying data center fabric. This capability not only accelerates the adoption of virtualization and cloud technologies but also mitigates the complexity associated with disparate and siloed security technologies. The benefits are increased business agility backed by assured security posture, strong alignment of business function to security and reduced operational costs. In this paradigm, data center and IT executives will no longer be forced into making tradeoffs between business function and security to ensure newer and more capable services.
Read More »
Tags: data center security, end-to-end architecture, it security, Secure-X
At Cisco Live London, one of my data center theater presentations will focus on the benefits of a context-aware and adaptive security strategy. This approach helps accelerate the adoption of virtualization and cloud, which traditional static security models often inhibit. Context-based approaches factor in identity, application, location, device, and time along additional security intelligence such as real-time global threat feeds for more accurate security access decisions.
Neil MacDonald, vice president, distinguished analyst, and Gartner Fellow in Gartner Research has been advocating the benefits of a context-based approach now for some years as outlined in his Gartner blog. Not only does he say that by 2015, 90 percent of enterprise security solutions will be context-aware but in cloud computing environments where IT increasingly doesn’t own key IT stack elements, having additional context at the point of security decision leads to better decisions with risk prioritization and business factors accounted for. Neil MacDonald also co-authored a report, “Emerging Technology Analysis: Cloud-based Reputation Services,” which highlights the value of cloud-based threat intelligence in enabling secure cloud adoption.
Read More »
Tags: cisco live london 2013, Cisco Security, context-aware and adaptive security, data center security, network security, Secure-X, SecureX, security, security intelligence