Cisco Blogs


Cisco Blog > Threat Research

Microsoft Patch Tuesday for April 2015: 11 Bulletins Released

Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products.  This month’s release sees a total of 11 bulletins being released which address 26 CVEs.  The first 4 bulletins are rated Critical and address vulnerabilities within Internet Explorer, Office, IIS, and Graphics Component. The remaining 7 bulletins are rated Important and cover vulnerabilities within SharePoint, Task Scheduler, Windows, XML Core Services, Active Directory, .NET, and Hyper-V. Read More »

Tags: , , , , ,

Cybersecurity in the Post-Quantum Era

One of the great scientific challenges of our time is the construction of a practical quantum computer. Operating using the counterintuitive principles of quantum physics, such a device could rapidly explore an vast number of possible states. It could perform computational tasks that are far beyond our current capabilities, such as modeling molecules and designing new types of drugs—and breaking most of the cryptographic systems that are currently in use. Fortunately, no one has yet built a practical quantum computer, though many countries and companies are striving do just that. It has been claimed that the U.S. National Security Agency has a secret US$80M project with that aim, for example. Quantum computing is still an unproven technology, and it may not be practical for decades, but since it poses an existential threat to cryptography, we need to start preparing now for the possibility that one day the news will announce a breakthrough in quantum computing, and we will be living in a post-quantum world.

Read More »

Tags: , , , , ,

NAB 2015 Attendees: Is Your Security Model Threat-Centric?

Cyber-Security: it has always been important for video entertainment companies. But times have changed- now it’s mission critical. Top of mind again this last few days, the events of the last 6 months have proven this point. If cyber-protection is not bullet-proof, any video entertainment company is living on borrowed time… and that bill is going to come due with potentially disastrous consequences.

There is a second change going on: security at video entertainment companies used to focus on protecting content in the distribution chain – DRM, CAS and the like. But there are many more ways to lose content – many more places in the “connected” production chain where content can be stolen. For instance, as has happened in the last few months, if an attacker can gain access to Read More »

Tags: , , , , , , , , , , , ,

The Secure Way to IPv6 – Use Your Proxy!

When asked about IPv6, many companies are aware that they must do something, but are not sure what is the best way to approach IPv6. In my talks with customers, I found that the unfamiliarity with IPv6 is one of the biggest obstacles. So, to gain experience with IPv6, there are several paths to go down, from the inside-out approach (start within an internal area and work outwards) to the outside-in (work from the internet towards the internal network). One very easy way to start with IPv6 is to use your existing proxy infrastructure. I want to show you how to do this by using the Cisco Web Security Appliance (WSA).

Read More »

Tags: , , , ,

Cisco Launches Security Incident Response Services

In security, there’s a gap between perception and reality. According to the Cisco 2015 Annual Security Report, 90 percent of companies are confident about their security policies, processes, and procedures – yet 54% have had to manage public scrutiny following a security breach. Not only are there direct costs to a security breach – there are also intangible expenses, including a negative impact to brand reputation, and the erosion of customer trust.

As John Chambers articulated recently at the World Economic Forum in Davos, “There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.”  2015 is going to be another year where organizations around the world can expect to be under attack or will discover that they have been infiltrated.

There is a widening gap between resources and needs, as security practitioners lack both funding and manpower to adequately protect assets and infrastructure.  Because of this, CISO’s are increasingly looking to external experts for security guidance.

This is why we are unveiling our Security Incident Response Services.   Our new Incident Response Service is designed to advise organizations on how to reduce time to detection, containment and remediation. Our experts identify the source of infection, where it entered the environment, and what data was compromised. By going to the source – patient zero – and identifying malware movement throughout the environment, organizations can minimize the cost and overall impact of any breach, as well as identify methods to reduce future risk.  The service leverages threat intelligence from the Cisco Talos Security Intelligence and Research Group, Cisco security technologies including AMP Threat Grid and the expertise of the Cisco Security Solutions (CSS) team.  The Incident Response Service supports businesses in two areas:

Cyber Attack Response

Every event is unique and our Security Incident Response methodology provides expedience and allows for flexibility to continuously adjust to the dynamic threat landscape. Whether it’s an insider threat, distributed denial of service, advanced malware at the endpoints or customer data breach, the team guides an organization through identification, isolation and remediation using analysis and data mining, forensic image analysis, infected system dynamic instrumentation, malware reverse engineering and exploit analysis and re‐implementation.

Cyber Security Readiness

As businesses fall victim to increasingly targeted cyber-attacks and data breaches, they need external expertise to assess and promote security best practices as well as to protect corporate data and prepare for the inevitable data breach incident. An important pre-requisite for a successful incident response capability is a strong Incident Response plan, When an incident occurs, everyone knows how to respond, how to escalate, what to do, quickly and effectively. Cisco Incident Response offerings spans infrastructure breach preparedness assessments, security operations readiness assessments, breach communications assessments, and training among other activities.

Our team of experts has been actively working with customers for cyber attack response.  A recent engagement was initiated when a company had identified consumer credit card data exfiltration.  Working hand-in-hand with the customer, federal law enforcement and Cisco Talos, the Incident Response Services team discovered a new malware family targeting point of sale (PoS) systems.  The team identified malware patient zero and its lateral movement mechanism.  This ultimately led to the team’s discovery of a new family of malware, “PoSeidon,” which is detailed in this blog post.  Using best of breed technology, our incident response expertise, and working closely with Talos, the Cisco Incident Response Service team compressed the process of identifying, isolating and remediating for this customer by developing detection and countermeasures.

For more information on Security Incident Response Services team, please see our overview video and our Cisco Security Launch Page.

Tags: , ,