Quick question for IT leaders -- can the switches on your network report 100% unsampled netflow? If they can’t, there may be elusive cybersecurity threats hiding within your network. Yes, inside your network.
Every week, I hear stories of intellectual property (IP) loss and personal identifying information (PII) being compromised. This is due in part to many agencies still approaching cybersecurity the way they always have -- guarding the edges to keep threats out. But that’s not enough anymore. With malware now being custom-written to bypass the perimeter, external drives plugged in, and the ever-present possibility of tricked or malicious insiders, monitoring inside the network is now one of the most effective ways to find and eliminate threats.
Cisco Security Intelligence Operations is tracking reports of ongoing exploitation of a vulnerability in the popular web application framework Ruby on Rails that creates a Linux-based botnet. The vulnerability dates back to January 2013 and affects Ruby on Rails versions prior to 3.2.11, 3.1.10, 3.0.19, and 2.3.15. Cisco Security Intelligence Operations’ has previously published an analysis of CVE-2013-0156. Cisco is receiving reports of attempted infection from Cisco IPS customers participating in Global Correlation.
This introductory post explains how one of Cisco’s security research groups established a network data collection capability for large amounts of network traffic. This capability was necessary to support research into selected aspects of the Domain Name Service (DNS), but it can be adapted for other purposes.
DNS exploitation is frequently the means by which malicious actors seek to disrupt the normal operation of networks. This can include DNS Cache Poisoning, DNS Amplification Attacks and many others. A quick search at cisco.com/security yields a lot of content published, indicating both the criticality and exposures associated with DNS.
Our research required the ability to collect DNS data and extract DNS attributes for various analytical purposes. For this post, I’ll focus on collection capabilities regarding DNS data. Read More »
On March 12th, Cisco announced the ISR-AX and how Cisco is changing the game, reducing complexity and making it simpler for enterprises to deliver and manage application delivery to users. Cisco is expanding the role of our Integrated Service Routers (ISRs) to deliver application-centric networks that provide granular visibility, control, and optimization without additional devices or bandwidth upgrades -- Cisco® Application Experience (AX) Router family is now a part of the ISR family of routers! The Cisco ISR-AX Routers directly integrate Cisco Wide Area Application Services (WAAS), Application Visibility and Control (AVC), Data/IPBase and Security services into a platform that is simple to order, configure, and deploy for secure, optimized cloud connectivity and branch-office routing. The Cisco ISR G2 and ISR-AX Routers are based on the same hardware and software that you know and love and are deploying today. Today I wanted to go into the technical details of each of the components. Read More »
Today, marks an important milestone in the history of routing, as Cisco introduces ISR-AX (Integration Services Router Generation 2 with Application Experience) and redefines the role of the router as the application delivery platform.
Quintiles – a biopharmaceutical in Durham, North Carolina – has experienced, first-hand, the benefits of an application aware router. They have successful rolled out VDI to thousands of users globally with key services of ISR-AX, namely Cisco Wide Area Application Services (WAAS). With this solution, they have been able to onboard new acquisition employees within days instead of months, and dramatically increase productivity.
HDR – an Omaha, Nebraska-based architecture and construction firm – also relies on application services integrated on the router to guarantee application performance. HDR runs several mission-critical engineering applications worldwide, which are latency sensitive and transport over 10 terabyte files. They depend on the Cisco Application and Visibility (AVC) services available on the ISR-AX to provide a high quality of experience and resolve issues in a matter of minutes and minimize downtime. Read More »