IT-Harvest, founded by renowned security expert and industry analyst Richard Stiennon, provides reports, analysis, and advisory services on trends in emerging threats and the technology to counter them. Richard Stiennon is one of the most followed and well-respected IT security analysts and authors in the world. His recent white paper discusses why network segmentation is becoming increasingly critical to protecting networks. Further, it argues that Cisco TrustSec provides the right technology for leveraging the network to provide better security. Read More »
New IT Harvest White Paper: How Policy-Based Software Defined Segmentation and Cisco TrustSec Improve Security
Cisco is announcing another important strategic partner to its list of ACI-compliant vendors with the addition of the Check Point Next Generation Security Gateway to the ecosystem. A couple months ago I wrote about the inherent security architecture in ACI (Security for an Application Centric World), and now the Check Point solutions fit right into that framework as an alternative to Cisco security solutions. Essentially, this means that the ACI controller, APIC, can now configure the application network to include the insertion and provisioning of Check Point virtual and physical security gateways as it does other Layer 4-7 application services and security appliances. The availability of the Check Point solutions will offer customers greater choice and flexibility while underscoring the open, multi-vendor approach of ACI.
[Note: Check Point will be participating in our upcoming ACI Webcast event: “Is Your Data Center Ready for the Application Economy”, January 13, 2015, 9 AM PT, Noon ET, featuring ACI customers and several other key ACI technology partners. Register here.]
In scalable, multitenant cloud environments with flexible resource placement, almost every workload must be secured from every other workload, with detailed security policies enabled between workloads in an application network: a concept called micro-segmentation. This level of security policy detail can become tedious to manage on an application-by-application basis. It also can potentially restrict workload mobility and the ways that applications can be deployed in the cloud.
Cisco ACI policies abstract the network, devices, and services into a hierarchical, logical object model. In this model, administrators specify the Layer 4 through Layer 7 services (firewalls, load balancers, etc.) that are applied, the kind of traffic to which they are applied, and the traffic that is permitted. These services can be chained together and are presented to application developers as a single object with simple input and output. Connection of application-tier objects and server objects creates an application network profile (ANP). When this ANP is applied to the network, the devices are told to configure themselves to support it. Tier objects can be groups of hundreds of servers, or just one device; the same policies are applied to all the objects in a single configuration step (see below).
The integration with Check Point Next Generation Security Gateway provides automated security provisioning and a full range of security protections and threat-prevention capabilities in a highly dynamic and agile Cisco ACI environment. Check Point Security Gateways can be deployed as physical or virtual solutions and address today’s ever-changing threat landscape with a modular and dynamic security architecture.
The Common Vulnerability Scoring System (CVSS) Special Interest Group (SIG), in which Cisco is an active participant, acting on behalf of FIRST.org, has published a preview of the upcoming CVSS v3.0 scoring standard. The CVSS v3.0 preview represents a near final version and includes metric and vector strings, formulas, scoring examples and a v3.0 calculator – all available at the CVSS v3.0 development site. The official public comment period is scheduled to end February 28, 2015 and anyone who produces or consumes CVSS scores are encouraged to review and provide feedback to email@example.com by the close of the comment period.
In 2013, our internal Information Security team carried out a series of controlled anti-phishing exercises. The purpose was to raise employees’ awareness of potential spear phishing attacks through emails. Spear phishing has been a common first step for Advanced Persistent Threat (APT) attacks to gain access to a user’s system before launching further attacks at internal targets. As such, if employees are vigilant against such attack patterns, we should effectively reduce the risk of successful APT attacks involving email phishing.
Through a series specially designed phishing emails executed over the four quarters, at one to two emails each month, the team captured an average “click” rate of 26%. The lowest click rate was 5%, and a highest was 61%. However, month over month, there was no discernible trend, as some months were low and others suddenly shot up. What was the data telling us? Did the users’ awareness rise or remain indifferent because of this exercise?
Editor’s Note: In the two previous blogs, we discussed some of the issues and dilemmas found within information security knowledge and practice domains. Those challenges arise fundamentally from the traditional approach that many organizations have adopted to address information security requirements. In this fourth installment, we look at how good preparation can improve security outcomes, as illustrated in a few case examples.
As the Dutch philosopher Erasmus once said, “prevention is better than cure.” Most organizations’ security approaches have focused primarily on erecting defensive systems to prevent attackers from compromising information and systems through exploiting security weaknesses associated with technology, process, or people in the organization.