Cisco Blogs


Cisco Blog > Security > Threat Research

Help! My IP Address Has Been Hijacked!

SpamCop is a free, community-based spam email reporting service provided by Cisco. SpamCop analyzes reported spam, and extracts details about the sending IP, the URLs contained in the spam, and the networks over which the spam message has transited. This information is used to create the SpamCop Block List (SCBL). The SCBL a list of IP addresses believed to be sending Unsolicited Bulk Email.

As part of its service, each week SpamCop sends millions of email messages to notify network administrators about malicious activity that is observed occurring on their networks. SpamCop receives all types of replies in response to our notification emails. Many times recipients of SpamCop’s notifications will reply to SpamCop and claim, “we did not send the spam”. The SpamCop Deputies responsible for following up on these replies have heard every excuse under the sun. For them, “we did not send the spam” is the spam block list equivalent of “the dog ate my homework.”

Read More »

Tags: , , ,

A Visibility-Driven Approach to Next-Generation Firewalls

Cisco ASA with FirePOWER Services has redefined the next-generation firewall (NGFW) as an adaptive, threat-focused platform, delivering superior, multi-layered protection, unparalleled visibility, and reduced security costs and complexity.

This innovative new solution addresses three strategic imperatives—being visibility-driven, threat focused, and platform-based. In this post, we will examine the necessity of a foundation of full contextual awareness and visibility—to see everything in an environment, detect multi-vector threats and eliminate the visibility gaps in traditional defenses comprised of disparate point technologies that sophisticated attackers exploit.

In an aptly titled recent post from Joseph O’Laughlin, “You Cannot Protect What You Can’t See,” he discusses why visibility (and subsequent control) into only applications and users is no longer enough to protect today’s dynamic environments and outlines how visibility into the network enables better network protection. This core concept of visibility into the network is at the heart of Cisco ASA with FirePOWER Services (and our Next-Generation Intrusion Prevention Systems too) that sets it apart from all other network security competitors. Read More »

Tags: , , , , , ,

Summary: Midsize Auctioneer’s Network is Fast and Fortified

IDC’s SMB Survey comparing IT spending priorities in 2012 and 2013 concluded that the top three requirements for the network are performance, security and capacity. 

MM IDC

How is designing a network different for a giant auctioneer different from other mid-sized enterprises?

Ritchie Bros. Auctioneers is the world’s largest auctioneer of heavy equipment and trucks. They sell billions of dollars of unused and used equipment at hundreds of unreserved public auctions each year. What’s even more impressive is that they are able to do this with only 1300 employees worldwide. Read the full blog here Read More »

Tags: , , , , , , , , , , , , , , , ,

Igniting Security with Cisco

In an announcement earlier today, we introduced Cisco ASA with FirePOWER Services, the industry’s first threat-focused next-generation firewall. We also are announcing the continued evolution of Cisco’s Security Channel Partner Program to substantially increase a Cisco partner’s Security business.

Security Ignite

With Security Ignite, security specialized partners get additional upfront discounts (up to 6 percent) on new next-generation security business registered through the Opportunity Incentive Program (OIP) or Teaming Incentive Program (TIP). Deal registration encourages and protects a partner’s investments in developing new next-generation security opportunities. Security Ignite works in concert with the Technology Migration Program (TMP) and the Value Incentive Program (VIP). This powerful combination reinforces the focus on partners developing new security solution opportunities. Security Ignite is available in all theatres, with a few exceptions. Read More »

Tags: , , ,

Dynamic Cyber Attacks Call for Dynamic Controls

Last month’s earthquake in Napa Valley got me thinking. In earthquake-prone areas, new construction is being built to move dynamically to withstand shocks and tremors. Innovative materials and designs sway and bend to provide better protection. But older buildings based on traditional, static design concepts can suffer devastating damage in an earthquake and its aftershocks.

It’s similar to the journey we’re on in the security industry, which is scaling to better address the harsh realities we face as defenders. At Cisco, we track this journey through a scale of controls we refer to as  the Security Operations Maturity Model, which moves from static to human intervention to semi-automatic to dynamic and, ultimately, predictive controls. I will talk more about this scale in the coming weeks, but for now, let’s focus on the need for most organizations to shift to dynamic controls.

We all know that the security landscape is constantly evolving and attackers are innovating in lockstep with rapid changes in technology. In fact, as I talk with security professionals daily about the challenges they face, a few consistent points come up:

  • As new business models are built on innovations in mobility, cloud, the Internet of Things (IoT) and Everything (IoE), security solutions and processes must become more dynamic and more scalable to keep up with the change;
  • Further, as hacking has matured and become industrialized, the security models used to defend need to mature as well; and
  • Finally, there’s too much complexity, fragmentation, and cost in legacy security deployments.

A recent malicious advertising attack called “Kyle and Stan”, discovered by our Talos Security Intelligence and Research Group, demonstrates the challenges defenders are up against -- read their full post here. Posing as legitimate advertisers, cybercriminals contact the major advertisement networks to try to get them to display an ad with a malicious payload packed inside of legitimate software – spyware, adware, and browser hijacks, for example. They target popular websites and instruct the companies to run the ad for just a few minutes, leaving little or no time for the ad content to be inspected. In this case, malvertising victims were faced with an often-unprompted download of what appeared to be legitimate software with a hidden malicious payload. The malware droppers employ a range of clever techniques to continuously mutate in order to avoid detection by traditional, point-in-time systems.

Read More »

Tags: , , , , , , , ,