OpenSOC, an open source security analytics framework, helps organizations make big data part of their technical security strategy by providing a platform for the application of anomaly detection and incident forensics to the data loss problem. By integrating numerous elements of the Hadoop ecosystem such as Storm, Kafka, and Elasticsearch, OpenSOC provides a scalable platform incorporating capabilities such as full-packet capture indexing, storage, data enrichment, stream processing, batch processing, real-time search, and telemetry aggregation. It also provides a centralized platform to effectively enable security analysts to rapidly detect and respond to advanced security threats.
A few months ago we were really excited to bring OpenSOC to the open source community. Developing OpenSOC has been a challenging, yet rewarding experience. Our small team pushed the limits of what is possible to do with big data technologies and put a strong foundational framework together that the community can add to and enhance. With OpenSOC we strive to provide an open alternative to proprietary and often expensive analytics tools and do so at the scale of big data. Read More »
Tags: analytics, Big Data, Hadoop, Managed Security Services, MTD, OpenSOC, security
Adversaries are committed to continually refining or developing new techniques to conceal malicious activity, decrease their reliance on other techniques that may be more detectable, and become increasingly more efficient and effective in their attacks. Below are just three examples—explored in detail in the newly released Cisco 2015 Annual Security Report—of how malicious actors met these goals in 2014. These trends were observed by Cisco Talos Security Intelligence and Research Group throughout last year, and analyzed by the team using a global set of telemetry data:
- Use of malvertising to help deliver exploit kits more efficiently—Talos noted three exploit kits we observed “in the wild” more than others in 2014: Angler, Goon, and Sweet Orange. More than likely, their popularity is due to their technical sophistication in terms of their ability to evade detection and remain effective. The Sweet Orange kit, for example, is very dynamic. Its components are always changing. Adversaries who use Sweet Orange often rely on malvertising to redirect users (often twice) to websites that host the exploit kit, including legitimate websites.
- Increase in Silverlight exploitation—As we reported in both the Cisco 2014 Midyear Security Report and the Cisco 2015 Annual Security Report, the number of exploit kits able to exploit Microsoft Silverlight is growing. While still very low in number compared to more established vectors like Flash, PDF, and Java, Silverlight attacks are on the rise. This is another example of adversaries exploring new avenues for compromise in order to remain efficient and effective in launching their attacks. The Angler and Goon exploit kits both include Silverlight vulnerabilities. Fiesta is another known exploit kit that delivers malware through Silverlight, which our team reported on last year.
- The rise of “snowshoe spam”—Phishing remains an essential tool for adversaries to deliver malware and steal users’ credentials. These actors understand that it is more efficient to exploit users at the browser and email level, rather than taking the time and effort to attempt to compromise servers. To ensure their spam campaigns are effective, Talos observed spammers turning to a new tactic last year: snowshoe spam. Unsolicited bulk email is sent using a large number of IP addresses and at a low message volume per IP address; this prevents some spam systems from detecting the spam, helping to ensure it reaches its intended audience. There is also evidence that adversaries are relying on compromised users’ machines as a way to support their snowshoe spam campaigns more efficiently. Snowshoe spam contributed to the overall increase of spam volume by 250 percent in 2014.
These are only a few of the threat intelligence findings presented in the Cisco 2015 Annual Security Report. We encourage you to read the whole report, but also, to stay apprised of security trends throughout the year by following our reports on the Cisco Security blog. Talos is committed to ongoing coverage of security threats and trends. In fact, in the Cisco 2015 Annual Security Report, you’ll find links to several posts that our researchers published throughout 2014, and were used to help shape and inform our threat intelligence coverage in the report.
Tags: Cisco Annual Security Report 2015, malvertising, security, Silverlight, spam, Talos
The growing use of mobility is a new threat vector in the extended network. It’s particularly complex to secure and manage when tablets and smartphones are used for both personal and business needs. The Ponemon 2014 Security Impact of Mobile Device Use by Employees study notes that 66 percent of users download mobile apps without their company’s permission. This downloading behavior increases the attack surface by introducing unapproved or personal mobile applications.
As highlighted in the Cisco Annual Security Report for 2015, mobile applications are a new threat vector that could include malware. The potential for this user-appropriated malware to access corporate resources introduces a lot of new risks that need to be addressed by IT security personnel. At Cisco, we’ve just completed a new integration with Samsung to enable workers to be productive while locking down this expanded attack surface.
Read More »
Tags: cisco annual security report, Cisco Annual Security Report 2015, Cisco AnyConnect Secure Mobility Client, mobile security, mobility, security
As recently as 2013, vulnerabilities involving Java appeared to be a favored tool of adversaries: Java was easy to exploit and, and exploits involving the programming language were difficult to detect. However, as reported in the Cisco 2015 Annual Security Report, Java is losing its front-runner position as a favored tool of bad actors looking to breach network security.
The decline in Java’s high profile as an attack vector in 2014 was recorded by Cisco Security Research. Only one of the top 10 most commonly exploited vulnerabilities in 2014 was related to Java (see chart below). In 2013, Cisco tracked 54 urgent new Java vulnerabilities; in 2014, the number of tracked vulnerabilities fell to just 19. We saw a corresponding decline in reports from the National Vulnerability Database (NVD), which includes all reported vulnerabilities: from 309 Java vulnerabilities in 2013, down to 253 in 2014.
Read More »
Tags: 2015 annual security report, attack vector, java, JRE, security, vulnerability
Last week, Cisco CEO John Chambers attended the World Economic Forum in Davos, Switzerland. A major theme of the week was security and the implications of the Internet of Everything…the topic which John focused on in his contributed article to the WEF blog, Agenda. You can read the full article here.
In the article he stated:
WEF graphic – John Chambers on Security 2015
Additionally, last week, Cisco issued our Annual Security Report which includes data about the number of breaches, attacks and how to mitigate these increasing threats. Cisco SVP and Chief Security Officer John Stewart blogged on this report here. A key call to action of the report is for corporate boards to take a more active role and focus on security as they help run their companies. He also talked to BloombergWest’s Cory Johnson. You can view that interview here.
In Davos, John Chambers talked to a few reporters about the implications of more things being connected…overall, of course, the impact will be very positive. As we move from 14B connected devices to 50B by 2020, John argues that each of those end points cannot be trusted to be secure, therefore you need to focus on security from an architectural approach…something, of course, where the network has a distinct advantage.
See John’s interview with USAToday Editor-in-Chief Dave Callaway.
See John’s interview with New York Times reporter David Gelles.
And, see here, for how many devices are connected to the Internet. Right. Now.
Tags: Davos, hacking, Internet of Everything, IoE, IoT, john chambers, security, WEF