Innovation never stops in the mobile world, and that rule applies to security threats as well. Network attacks are becoming more sophisticated and even high-tech businesses with the most advanced security may find themselves in the crosshairs as we shift to more devices and anywhere access.

Just a few weeks ago, multiple leading social networking and large enterprises were hit with an attack when their employees visited a known and trusted website focused on mobile application development. Attackers used a method commonly referred to as “water-holing,” where they compromise a legitimate site commonly visited by employees of their target organizations. Using zero-day vulnerabilities and malicious code that change at a rapid rate, these attacks highlight the need to consistently enhance traditional defenses based on signatures or reputation with global and local context analysis.

This episode underscores how important security is in a more mobile, more connected world—attackers are paying attention, using these industry trends to create targeted and sophisticated attacks that can bypass traditional defenses. The Cisco 2013 Annual Security Report found that Android Malware grew 2,577 percent in 2012 alone. The Internet of Everything is taking shape and the number of online connections is soaring. According to Gartner’s Top 10 Strategic Technology Trends for 2013, 30 billion things will be connected by 2020.

Read More »

Tags: attackers, byod, Cisco Security, Cisco Security Intelligence Operations, Internet of Everything, IoE, malware, Mike Fuhrman, mobile, mobile malware, security, sio, zero-day vulnerability

There is still time to register for the upcoming FIRST Technical Colloquium April 2-3 2013. The event has a very exciting program covering, bitsquatting, webthreats, RPZ, Passive DNS, Real-world monitoring examples, Spamhaus, SIE, Cuckoo Sandbox, Malware Analysis and many more current issues facing the incident response community.

The event’s line-up includes notables from Cisco Security Intelligence Operations (SIO), Internet Systems Consortium, Shadowserver foundation, KPN-CERT, NATO, MyCert and ING amongst others. Program details can be found here.
Read More »

Tags: CSIRT, FIRST, Gavin Reid, KPN-CERT, malware, Malware Analysis, MyCert, NATO, security, security intelligence operations, sio, TRAC

This week, Juniper Networks announced a new cloud-based threat intelligence service focused on fingerprinting attackers’ individual devices. We’d like to officially welcome Juniper to the cloud-based security intelligence market—a space where Cisco has a proven track record of leadership through Security Intelligence Operations (SIO). Imitation is indeed the sincerest form of flattery, but in Juniper’s case, they entered the market years late and with limited visibility.

Let’s take a closer look at Juniper’s latest offering.

To start, here is what we know for certain: cyber threats take advantage of multiple attack vectors, striking quickly or lurking for days, months and even years inside your network. Not only this, but the Cisco 2013 Annual Security Report showcases how the web is an equal opportunity infector, with cyber threats crossing national, geographic and organizational boundaries as quickly and easily as users can click on a link. Security solutions must understand the attacks and infrastructure they are launched from, with tracking individual hackers doing far less for your defenses than blocking malicious activity being actively distributed over the network.

The Problem of Visibility

When a detective walks onto a crime scene, they don’t just focus on one thing. The only way to understand an event is to look at the entire scene: interview witnesses, check the neighborhood and look into the history of everyone involved; in other words, context—or the “who, what, where and how” information using every available piece of data.

Just as a skilled investigator builds a holistic picture, security solutions are only as reliable as the intelligence they receive, with Juniper’s being limited by the number of “honeypots” across their customer base. In network security, focusing on a single piece of information, a single attack vector, or one delivery mechanism misses the global visibility and context needed to stop advanced attacks. Cisco SIO powers our security solutions, receiving over 100 terabytes of network intelligence across 1.6 million deployed web, email, firewall and IPS devices. We correlate this data from physical, virtual and cloud-based solutions with a world-class threat research team, augmenting all of this with an ecosystem of third-party contributors. Fingerprinting is one small tool you should deploy in your arsenal, even though it has limited utility and perhaps even limited accuracy.

Read More »

Tags: attackers, attacks, cloud-based threat intelligence, cyber, cyber threats, malware, security intelligence, security intelligence operations, sio, targeted attacks, threat intelligence

Guest post from Steve Boutelle, VP, Business Development, Global Government Solutions, Cisco.

Cybersecurity and innovative IT solutions play a central role in the National Defense Authorization Act (NDAA) for the 2013 fiscal year, highlighting the military’s increasing reliance on IT. In order to address new and evolving threats today and into the future, the DOD is challenged to develop a strategy to acquire next-generation host-based cyber-security tools and capabilities that go beyond current anti-malware and signature-based threat detection.

Government information systems today are more sophisticated and globally integrated than ever before, and attacks are growing in frequency and complexity. The challenge of data protection is constantly increasing in scope. While government organizations have always needed to secure confidential information, changes in information technology models have introduced new stakeholders, new threats and new regulations. As a result, government organizations need to think beyond the traditional models of securing the perimeter and locking down specific segments of IT infrastructure. For example, the risks of unauthorized access to data in the cloud can be mitigated through the use of next generation technologies.

This year’s AFCEA CYBERSPACE Symposium is themed, “Cyber -- The New Center of Gravity.” The event serves as a key opportunity for interaction between industry and government to explore this new domain that has become the center stage of national defense.

At the event, I will be moderating a panel, “Securing the Cloud,” featuring Bret Hartman, CTO, Security Office, Cisco and leaders from Lockheed Martin, ThreatMetrix and Terremark. The panel session will explore current and future technologies for addressing government concerns about new threats targeting the cloud.

By ensuring the integrity, confidentiality, and availability of critical information that flows through today’s cloud-based infrastructures, new and emerging technologies enable government organizations to reduce risk, demonstrate compliance, enhance agility and pursue strategic goals with greater confidence. This panel will be an opportunity for attendees to learn more about a wide variety of current and future technologies that address cloud security challenges.

More information about AFCEA Cyberspace Symposium and the panel is available here: http://www.afceacyberspace.com/

Tags: AFCEA Cyberspace Symposium, cloud security, cyber security, dod, Lockheed Martin Chief Technology Office, malware, Terremark, ThreatMetrix

Drawing from a recent read of “Case 1: The Seeds of Dysptopia” in the World Economic Forum 2012 Global Risks 2012 Seventh Edition, it’s now more than apparent than ever that the impact of crime and terrorism in the digital world is fast mirroring that of a physical world.  We’re living in an era where attempts to build a more secure world may have unintentionally gone astray  as evidenced in Ellen Messmer’s Worst Security Snafus of 2012  where such consequences were clearly not imagined or intended by security vendors and businesses alike.   We’re indeed dealing with the opposite of Utopia.

Our digital reality can be very fragile when one considers that how heavily we rely on mobile devices and cloud applications not only to conduct business but also in our personal lives.  And the data that is transmitted via these devices and to various cloud applications is increasingly a target for scammers, thieves and hactivists.

And, it’s not only government entities, critical infrastructure and key verticals that are the targets of such attacks; in today’s climate every organization is a prime target.  Take the very recent case of an Australian healthcare organization that is being held to ransom by hackers to the tune of AU$4,000 who recently hacked into their database and encrypted the data – it seems an extraordinary scenario for a small organization to be facing.   Not only has their data been compromised but it has been rendered inaccessible as the organization now has to find a way to decrypt that data, which is proving to be rather challenging.

So what should organizations do to shore up their defenses?  Start by treating data as the key asset to be protected versus fortifying your infrastructure.  In today’s world data takes on increased significance --  bank account statements, personal information, credit card numbers, trade secrets, government documents. Every one has data  they  need to ensure tight control off and aligning security controls to the  CIA (Confidentiality, Integrity and Availability ) triad can help ensure the right measures are taken.

When we talk about confidentiality of information, it’s about about protecting  information from disclosure to unauthorized parties. In addition to measures like encryption, look to beef up  access controls  by feeding security decisions and intelligence across various enforcement points in the network rather than only at a single choke point in the data stream. Integrity of information refers to protecting information from being modified by unauthorized parties. Leverage global correlation and threat intelligence with reputation-based feeds to protect against new threat vectors and emerging malware. Availability of information  means ensuring that authorized parties are able to access the information when needed. Think of the network as a data enforcement layer and link that to a strategy that identifies users based on contextual attributes (where, when, how and business need to know) when accessing critical of confidential information assets.  So, what I have outlined is a starting point towards moving one step at a time towards a Utopian Digital Future. What are your strategies?  We’d love to hear from you.

Tags: data center security, malware, security decisions and intelligence