Cisco Blogs

Cisco Blog > Security

Changing the Way We Deliver Vulnerability and Threat Intelligence

We are making some changes to the way Cisco Security provides and shares vulnerability and threat intelligence to make it more consumable by our customers and the security community. The Cisco Security IntelliShield Service has been successfully delivering multi-vendor security intelligence to our customers for 15 years. During this time, the security intelligence market has continued to evolve to more integrated and automated solutions. Similarly, the Cisco Security strategy has evolved to add machine-readable security content.

We have seen an ever-increasing volume of multi-vendor reporting over the years. IntelliShield started publishing security intelligence alerts in May 2000 and we published 1337 alerts that first year. By 2005 that had increased to 1555 alerts and in 2010 to 5210 alerts. In 2014, IntelliShield published 7242 alerts and the volume continues to increase. As the volume of security activity has increased, security teams are faced with the challenge of efficiently handling that increased volume. The solution for this increased volume is to automate the reporting and sharing of vulnerability and threat intelligence through machine-to-machine standardized formats.  Read More »

Tags: ,

Change is Coming to the Security Industry – and This is a Good Thing

Cisco presents a vision of the future in the Cisco 2015 Midyear Security Report that we expect many—particularly in the security industry—might find a little controversial. We suggest that over the next five years, there will be a continued wave of industry consolidation—driven less by financially motivated M&A and more by the need for capable solutions—that brings together niche innovators and long-standing players for the greater cause of protecting organizations.

And then what? This consolidation will lead to the development of an integrated threat defense architecture that will help to reduce time to detection and remediation of both known and emerging threats. This architecture will bring unprecedented visibility into the threat landscape, and provide control, global intelligence, and context across many solutions.

While disruptive, this change is necessary. Right now, as an industry, we’re just not doing an effective job helping all end users defend themselves from the highly sophisticated and ever-changing tactics of today’s threat actors.

As noted in the Cisco 2015 Midyear Security Report, Read More »

Tags: , , ,

Midyear Security Report: Exploit Kits and Ransomware Get Creative

The modern online adversary is out to make money, not simply hack networks for the fun of it. In the Cisco 2015 Midyear Security Report, there’s yet more evidence that criminals are using tools with ever-increasing sophistication to steal valuable personal or financial data and sell it, coerce users into paying ransoms for their own data, and generally reap financial rewards for their exploits.

The Angler exploit kit continues to lead the market in terms of sophistication and effectiveness. As explained in the Cisco 2015 Midyear Security Report, Angler packs a significant punch because it uses Flash, Java, Internet Explorer, and Silverlight vulnerabilities to achieve its objectives. Angler is very effective, in part due to its ability to compromise users by using multiple vectors: Cisco found that 40 percent of users who encounter an Angler exploit kit on the web are compromised, compared to just 20 percent of users who encounter other widely used exploit kits.

Angler successfully fools users and evades detection with several innovative techniques. For example, as we discuss in the report, our researchers believe Angler’s authors use data science to create computer-generated landing pages that look normal enough to pass muster from heuristic scanners. In addition, Angler has recently started using “domain shadowing” to dodge detection—the exploit kit authors compromise a domain name registrant’s account, and then register thousands of subdomains under the legitimate domain of the compromised user. While domain shadowing isn’t new, we’ve monitored growing use of this technique since last 2014: according to our researchers, more than 75 percent of known subdomain activity by exploit kit authors since that time can be attributed to Angler. Read More »

Tags: , ,

Announcing the 2015 Midyear Security Report

Our 2015 Midyear Security Report (MSR) is out this week, and it’s been a bumpy year when you consider the innovative, resilient, and evasive nature of the global cyber attacks we’ve seen in recent months. Our team continues to see adversaries who rapidly refine their ability to develop and deploy malware that evades detection. It is sobering to note that our MSR confirms that the security industry is just not keeping pace with the attackers.

The MSR is our follow-up to the Cisco Annual Security Report (ASR), which we publish in January. The 2015 MSR updates you on what we’ve seen in the first half of 2015, with analysis and insights about the latest attack trends and advice on what to do about them.

Some of the top troubling trends in this year’s six-month update include: Read More »

Tags: , ,

The Best Defense is a Good Offense? Why Cisco Security Researchers Attack Cisco Technologies

This week, Cisco provided comments on the Department of Commerce’s Bureau of Industry and Security (BIS) proposed cybersecurity regulations. These comments reflect the realities of how Cisco looks to protect both our customers and our products. They also emphasize the critical role that security researches, access to tools, and qualified talent have in cybersecurity.

Cisco has hundreds of dedicated security engineers and researchers throughout the company and around the globe, who use the latest and greatest tools and techniques to test our technology. We proactively attempt to break into our own products, our own services, and our own networks, in order to close identified weaknesses and vulnerabilities as soon as possible and to develop better protections against attack. Many of these same people are responsible for investigating reported vulnerabilities or compromises of our products and running these reports to ground with absolute certainty. In doing this, we have resolved countless bugs and vulnerabilities and continue to improve the security of our products with what we learn. Along the way we have discovered many interesting and creative adversaries and certainly learned that there are some very resourceful people out there.  Read More »

Tags: , , , ,