Cisco Blogs


Cisco Blog > Security

IE Zero Day – Managed Services Protection

As of May 1, 2014, we can confirm Cisco customers have been targets of this attack. For the latest coverage information and additional details see our new post on the VRT blog.

Protecting company critical assets is a continuing challenge under normal threat conditions. The disclosure of zero-day exploits only makes the job of IT security engineers that much harder. When a new zero-day vulnerability was announced on April 26, 2014 for Microsoft Internet Explorer, corporate security organizations sprang into action assessing the potential risk and exposure, drafting remediation plans, and launching change packages to protect corporate assets.

Some companies however, rely on Managed Security Services to protect those same IT assets. As a Cisco Managed Security services customer, the action was taken to deploy updated IPS signatures to detect and protect the companies critical IT assets. In more detail, the IPS Signature team, as a member of the Microsoft Active Protections Program (MAPP), developed and released Cisco IPS signature 4256/0 in update S791 and Snort rules 30794 & 30803 were available in the ruleset dated 4-28-2014. The Cisco Managed Security team, including Managed Threat Defense, received the update as soon as it became available April 28th. Generally, Cisco Managed Security customers have new IPS signature packs applied during regularly scheduled maintenance windows. In the event of a zero-day, the managed security team reached out to customers proactively to advise them of the exploit and immediately were able to apply signature pack updates to detect and protect customer networks.

While corporate security organizations must still assess ongoing risks and direct overall remediations to protect corporate data, Cisco can take the actions to provide security visibility into the targeted attacks, increase protection with fresh signatures, and reduce risk profile for the corporate InfoSec program.

For more detail on the vulnerability, please see Martin Lee’s blog post.

More details about this exploit and mitigation information can be found on the following links:

For additional information about Cisco Managed Security solutions please refer to the following links and contact your Cisco Services sales representative:

Tags: , , , , , , , , ,

Security Blog Story – Part 4: Lessons Learned

Editor’s Note: This is the final installment of a four-part series featuring an in-depth overview of InfoSec’s (Information Security) Unified Security Metrics Program (USM). In this blog entry, we discuss some of the lessons learned during the program’s first year.

Winter weather in the North Atlantic Ocean can be precarious at best. Anyone recall the ill-fated journey of the RMS Titanic? Icebergs pose significant risk because only 10 percent can be seen above the surface, while more than 90 percent remain hidden below. Similarly, metrics and numbers on a chart represent only the tip of an iceberg. Rich, meaningful, and actionable data exists below the surface and, when leveraged successfully, can drive great results and outcomes. During the past year, the USM program has embarked on some new, uncharted waters. The journey hasn’t always been easy, but we’ve learned some valuable lessons along the way.

Read More »

Tags: , , , , , , ,

Bring Your Own Service: Why It Needs to be on InfoSec’s Radar

Security concerns around cloud adoption can keep many IT and business leaders up at night. This blog series examines how organizations can take control of their cloud strategies. The first blog of this series discussing the role of data security in the cloud can be found here. The second blog of this series highlighting drivers for managed security and what to look for in a cloud provider can be found here.

In today’s workplace, employees are encouraged to find the most agile ways to accomplish business: this extends beyond using their own devices to work on from anywhere, anytime and at any place to now choosing which cloud services to use.

Why Bring Your Own Service Needs to be on Infosec's Radar

Why Bring Your Own Service Needs to be on Infosec’s Radar

In many instances, most of this happens with little IT engagement. In fact, according to a 2013 Fortinet Survey, Generation Y users are increasingly willing to skirt such policies to use their own devices and cloud services. Couple this user behavior with estimates from Cisco’s Global Cloud Index that by the year 2017, over two thirds of all data center traffic will be based in the cloud proves that cloud computing is undeniable and unstoppable.

With this information in mind, how should IT and InfoSec teams manage their company’s data when hundreds of instances of new cloud deployments happen each month without their knowledge?

Additionally, what provisions need to be in place to limit risks from data being stored, processed and managed by third parties?

Here are a few considerations for IT and InfoSec teams as they try to secure our world of many clouds:

Read More »

Tags: , , , , , , , , , , , , , ,

Making Your Metrics Program Effective Beyond Just Charts and Numbers

Editor’s Note: This is the third part of a four-part series featuring an in-depth overview of Infosec’s (Information Security) Unified Security Metrics Program (USM). In this installment, we discuss the effectiveness of the USM program at Cisco.

Information security is all about risk reduction, and risks are notoriously difficult to measure -- ask any insurance salesman or actuary. So how do we handle this conundrum for a security metrics program that hasn’t even reached its second anniversary yet?

Peter Drucker, noted business management author, once said, “Efficiency is doing the thing right. Effectiveness is doing the right thing.” Even at this early stage of the USM program, we can see four clear indicators demonstrating we’re doing the right things to improve Cisco’s security posture across the IT organization and Cisco. They include the creation of newly defined partnerships, leveraging existing IT risk management frameworks, developing well-defined feedback mechanisms, and gaining increased support and visibility at the CIO level.

Read More »

Tags: , , , , ,

Security Metrics Starting Point: Where to Begin?

Editor’s Note: This is the second part of a four-part series featuring an in-depth overview of Infosec’s (Information Security) Unified Security Metrics Program. In this second installment, we discuss where to begin measuring.

H. James Harrington, noted author of Business Process Improvement, once said “Measurement is the first step that leads to control and eventually to improvement. If you can’t measure something, you can’t understand it. If you can’t understand it, you can’t control it. If you can’t control it, you can’t improve it.” Good piece of wisdom, but where do you start? How do you mine data through the use of metrics in order to provide greater insight into your organization’s security posture, while simultaneously using it as a vehicle to protect your most critical assets?

For Infosec’s Unified Security Metrics (USM) team, there’s plenty of statistical data sources available to mine information from, particularly from IT system logs and dashboards. In fact, early research conducted by the team identified 30 different types of meaningful data to track. Comprehensive, yes, but not realistically feasible, nor sustainable to implement long-term across Cisco. The USM team’s solution centered on the primary outcomes they were trying to achieve, namely, driving security process improvement behaviors and actions within IT. Subsequently, the list was narrowed down to five key measurements:

  • Stack compliance: measures vulnerabilities found on the TCP/IP stack (i.e. network devices, operating systems, application servers, middleware, etc.)
  • Anti-malware compliance: quantifies whether malware protection software has been properly installed and is up-to-date
  • Baseline application vulnerability assessment: computes whether automatic vulnerability system scans have been performed in accordance with Cisco policy and, if post-scan, any open security weaknesses remain
  • Deep application vulnerability assessment: computes whether penetration testing has been performed on our most business-critical applications in accordance with Cisco policy and, if post-testing, any open security weaknesses remain
  • Design exceptions: measures the total number of open security exceptions, based on deviations from established security standards and best practices

Read More »

Tags: , ,