Cisco Blogs


Cisco Blog > Security

March 2014 Threat Metrics

The median rate of web malware encounters in March 2014 was 1:260, compared to a median rate of 1:341 requests in February. At least some of this increased risk appears to have been a result of interest in the NCAA tournaments (aka March Madness), which kicked off during the second week of March in the United States.

Mar2014rate

In February 2014, web malware encounters from sports and video sites were in the 18 and 28 spot, respectively. During March 2014, web malware from sports- and video-related sites jumped to the number 7 and 8 spots, respectively. The presumed longer time spent viewing sports-related content may have been a factor in a 1% decrease in the total volume of web requests in March coupled with a corresponding 18% increase in terabytes received.

Mar2014catall

The ratio of unique non-malicious hosts to unique malware hosts decreased by 1%, at 1:4841 in March 2014 compared to 1:4775 in February. The ratio of unique non-malicious IP addresses to malicious unique IP addresses also dropped from 1:1351 in February 2014 to 1:1388 in March. There was also far less volatility in the rate of unique malicious IP addresses throughout March compared to February.

Mar2014hosts

Java encounters dropped from 9% of all web malware encounters in February 2014 to 6% in March. At 43% of all Java encounters, Java version 7 exploits were the most frequently encountered, with 26% targeting Java version 6, and 32% targeting other versions of Java.

 

Mar2014java

Web malware encounters from mobile devices decreased 24% from February to March 2014. In March 3.6% of all Web malware encounters resulted from mobile device browsing, compared to 4.7% in February. Conversely, web malware encounters from non-Android and non-iOS devices doubled for the period, from 0.1% in February to 0.2% in March. The cause of this increase was not due to any specific device, but rather an across-the-board increase affecting all non-Android and non-iOS devices.

Mar2014mobile

At 18%, advertising was the most common vector of mobile device encounters, followed by business-related sites at 13% and video-related sites at 11% of mobile device encounters. For comparison purposes, in February 2014, sites in the business category were the most common vector of mobile device encounters (20%), followed by advertising (13%) and personal sites (8%). Video came in fourth in February, at 7%.

Mar2014catmob

Pharmaceutical & Chemical remained at 1100% of median risk for web malware encounters in March 2014, the same rate experienced in February. Companies in the Entertainment vertical experienced an increase from 321% in February to 643% in March. The Energy, Oil & Gas vertical increased from a rate of 276% in February to 397% in March.

To assess vertical risk, we first calculate the median encounter rate for all enterprises, and then calculate the median encounter rate for all enterprises in a particular vertical, then compare the two. A rate higher than 100% is considered an increased risk.

 

Mar2014vert

Following a 73% increase from January to February, spam volumes increased another 45% in March to an average of 207 billion spam messages per day.

Mar2014spamvol

The top five global spam senders in February 2014 were the United States at 8%, followed by the Republic of Korea at 5%, Russian Federation at 3%, China at 2%, and Ukraine at 1%.

Tags: , , , , ,

Security Metrics Starting Point: Where to Begin?

Editor’s Note: This is the second part of a four-part series featuring an in-depth overview of Infosec’s (Information Security) Unified Security Metrics Program. In this second installment, we discuss where to begin measuring.

H. James Harrington, noted author of Business Process Improvement, once said “Measurement is the first step that leads to control and eventually to improvement. If you can’t measure something, you can’t understand it. If you can’t understand it, you can’t control it. If you can’t control it, you can’t improve it.” Good piece of wisdom, but where do you start? How do you mine data through the use of metrics in order to provide greater insight into your organization’s security posture, while simultaneously using it as a vehicle to protect your most critical assets?

For Infosec’s Unified Security Metrics (USM) team, there’s plenty of statistical data sources available to mine information from, particularly from IT system logs and dashboards. In fact, early research conducted by the team identified 30 different types of meaningful data to track. Comprehensive, yes, but not realistically feasible, nor sustainable to implement long-term across Cisco. The USM team’s solution centered on the primary outcomes they were trying to achieve, namely, driving security process improvement behaviors and actions within IT. Subsequently, the list was narrowed down to five key measurements:

  • Stack compliance: measures vulnerabilities found on the TCP/IP stack (i.e. network devices, operating systems, application servers, middleware, etc.)
  • Anti-malware compliance: quantifies whether malware protection software has been properly installed and is up-to-date
  • Baseline application vulnerability assessment: computes whether automatic vulnerability system scans have been performed in accordance with Cisco policy and, if post-scan, any open security weaknesses remain
  • Deep application vulnerability assessment: computes whether penetration testing has been performed on our most business-critical applications in accordance with Cisco policy and, if post-testing, any open security weaknesses remain
  • Design exceptions: measures the total number of open security exceptions, based on deviations from established security standards and best practices

Read More »

Tags: , ,

No Curve Ball Here, Unified Security Metrics Deliver Meaningful Results

Editor’s Note:  This is the first part of a four-part series featuring an in-depth overview of Infosec’s (Information Security) Unified Security Metrics Program. In this first installment, we discuss the value of security metrics at Cisco.

What does the film Moneyball have in common with security metrics? Turns out—plenty. In Moneyball, the storyline focuses on the Oakland A’s baseball team’s quest to assemble and field a competitive team.  Fiscally constrained, their general manager uses a new approach towards scouting, analyzing and securing players through the use of metrics.

The general manager’s hypothesis was that player performance statistics, such as stolen bases and runs batted in (RBIs) focus on speed and contact.  But other metrics, such as on-base percentage and slugging percentage have a greater influence on the team’s main goal—scoring runs and winning games.

Skeptics scoffed at the data’s reliability as a consistent performance indicator but, much to everyone’s surprise, the data held its own and the A’s became a viable competitor.  By keeping their eyes squarely focused on the real problem—protecting and safeguarding their franchise’s future—the A’s used simple, meaningful metrics to manage risk, guide their operating and decision-making practices, and strengthen their brand. Read More »

Tags: , ,

Our Unofficial Top Ten Cyber Trends for 2014

(I pulled this list together with the help of my colleague Martin Chorich. Or maybe it was the other way around. )

Every year, publications ranging from supermarket tabloids to serious academic journals issue forecasts for the coming year. Those with foresight hold on to these articles and read them again the following December for a good laugh, as we all know how accurate they can be. With that in mind, and following a long week of staring into a well and inhaling the fumes, we offer the following unofficial 2014 guide to trends for cyber security practitioners. These should not be construed in any way as representing Cisco expectations of future market or business conditions. As for their true value, this article and about $4.50 will get you a double mocha latté at a national coffee chain.

1. Changes in the Global Framework Governing the Internet – It is no secret that government policies around the world have had trouble keeping pace with the cultural and economic changes enabled by the Internet. At the same time, the Internet would not be the juggernaut it is without its borderless and unregulated nature. The Internet has developed around a multi-stakeholder model led by the Internet Corporation for Assigned Names and Numbers (ICANN). In recent years, some stakeholders have called for a more government-centric model of Internet governance. In 2014, this conversation will intensify. Debate topics will include whether governance of the Internet should change, and what sort of new governing bodies might find consensus, as stakeholders consider the risks of Internet balkanization and the potential stifling effects of mounting regulatory requirements.

Read More »

Tags: , , , , , , ,

Social Media Measurement Twitter Chat Recap

Can there ever be enough discussion around “social media measurement”? While I joke as part of the opening of this post, it is a topic that we’ll continue to explore in upcoming #Ciscosmt activities. And as a follow up to my recent “Decoding Social Media Measurement” post, last Thursday Charlie Treadwell, Manager, Digital and Social Media Marketing at Cisco, shared his insights through the monthly #Ciscosmt Series Twitter chat. Below is a transcript of the interesting conversation as well as a few key takeaways.

Social Media Measurement #Ciscosmt Twitter Chat Recap

Social Media Measurement #Ciscosmt Twitter Chat

I think this is a great start to the ongoing conversation we’ll explore further as we move forward. As it evolves,  it provides more and more critical data points for business impact. I’m interested to hear how you are using social media measurement to benefit your business and also what types of metrics are most important to you.

Key Takeaways

  • Social media measurement is a key element in showing business value…social media benefits are no longer taken at face value. Businesses must align metrics to overall goals and benchmark along the way.
  • Metrics will vary from company to company based on individual goals. However, some basic types of data to measure includes: cost and/or support savings, revenue, influencers, share of voice, engagement, and crowdsourcing.
  • Social media measurement can be implemented even on limited budgets. Use tools like Google Analytics, individual social channels, or other resources to gather data and make informed decisions.
    Pilot and test social media strategies on an ongoing basis and create measurement benchmarks throughout the initiatives to ensure efforts are maximized.
  • Quantity is an important part of the social media measurement equation. However, “quality” is an even more crucial element to consider. Take time to look deeper into the metrics to understand the types of engagement, influencers, or other data points that can be retrieved.
  • Measurement can and should be implemented across the organization when it comes to social media. HR, sales, support, marketing, and other areas can benefit from strong measurement best practices.

October Twitter Chat

And mark your calendars for next month’s Let’s Chat! #Ciscosmt Twitter chat, taking place on Thursday, October 24th from 9-10 a.m. PT. More details will follow shortly on this blog and through the @CiscoSocial handle on Twitter. Stay tuned for more details by following the Cisco Digital and Social Blog and the #Ciscosmt hashtag!

Let’s Chat! #Ciscosmt Series: Engaging Employees in Social Media Twitter Chat Transcript

Cisco Social Media Training Program Opportunity:

If you have any questions or are interested in other types of social media training, check out our complimentary Cisco Social Media Training Program and follow the #ciscosmt hashtag.  To request  customized one-on-one team training sessions, email ciscosmtraining@external.cisco.com.

Tags: , , , , , , , , , , , , , , , , , ,