Cisco Blogs


Cisco Blog > Threat Research

Microsoft Patch Tuesday for February 2015: 56 vulnerabilities fixed

Microsoft’s Patch Tuesday for February 2015 has arrived.  This month’s round of security updates is large with Microsoft releasing 9 bulletins addressing 56 CVEs.  3 of the bulletins are rated critical and address vulnerabilities within Internet Explorer, Windows, and Group Policy.  The remaining 6 bulletins are rated important and address vulnerabilities in Office, Windows, Group Policy, and System Center Manager.

Read More »

Tags: , , , , ,

Cisco’s All-Star Starting Five

This week, Cisco and NBA celebrate how the Internet of Everything (IoE) powers the fan experience. Thanks to advancements in technology, we’re changing courtside connectivity between the game, the player and the fan.

Like any NBA team, an IT infrastructure begins with a starting lineup of technologies that enable a winning Internet of Everything strategy. In excitement for the NBA All-Star game, Cisco picked its Starting Five for today’s IT environment. Check out our picks below and share your favorites on Twitter, Instagram or Facebook using the tag #ConnectedFan.

Point Guard:

A point guard is fast and agile, and responds quickly to pressing demands brought about by unseen difficulties. Any coach can appreciate the “automatic” abilities of a veteran point guard who can sense problems before they happen and eliminate the headaches to improve the overall team’s performance. Like any successful point guard, IoE can help accelerate your organization’s ability to compete in today’s dynamic market. Through the enablement of people, process, data and things, IoE is estimated to drive a 21% increase in corporate profits.

Shooting Guard:

The shooting guard is a high profile position that drives results. The efficient creation, deployment and management of applications in today’s environment greatly affect the bottom line. ACI has the potential to drive high-visibility, high-impact results for the organization that no other technology can make.

Small Forward:

Quick and lean, the small forward is the most versatile player who just gets the job done. Like Fast IT, the small forward is in the trenches and works with the team to accomplish bigger goals. Fast IT is Cisco’s operational model for the Internet of Everything, providing organizations with the ability to provide the connectivity that allows IoE to provide a real impact on businesses that didn’t exist just a few years ago.

Power Forward:

The power forward is the team’s most powerful traveler, known for mid-range jump shots and the ability to fulfill multiple roles in your lineup. With today’s mobile workforce and the continued proliferation of connected devices, your mobility strategy must be equally expansive and adaptable to effectively meet today’s business demands on your network.

Center:

This is your bigman — the tallest player in your lineup who is the anchor for your team’s defense. With a Fast IT model, security enables you to assess, react to, and guard against threats.

Tags: , , , ,

Fake Volume License Trojan Targets Corporate Users and Evades Sandboxes

Two weeks ago, multiple Cisco Managed Threat Defense (MTD) customers received an email that appeared to come from the Microsoft Volume Licensing Service Center (VLSC).  The email shown below is very similar to the real email Microsoft sends.  It had a personalized welcome line and appears to contain a link to login to the Volume Licensing Service Center:

The phish email supposedly from Microsoft Volume Licensing

The phish email supposedly from Microsoft Volume Licensing

Read More »

Tags: , ,

Beyond the Internet of Things (IoT): A Commentary

Shawn McCarthy, Research Director at IDC Government recently penned an insightful blog on IoT. Titled “Beyond the Internet of Things: How Convergence Can Help Governments Support Their Rising Tide of New Devices,” the blog notes with more devices producing more data, government agencies have been working to add more storage, security, network bandwidth, and systems management tools. David Bray, the innovative, young Chief Information Officer at the Federal Communications Commission, has noted this exponential change. In a recent interview, Bray estimates that from the current 7 billion networked devices we will grow to upwards of 50 billion networked devices by 2020. Deloitte suggests that by 2020, the IoT is powered by a trillion sensors. And Cisco Systems’ research indicates the economic impact in 2020 is more than $14 trillion. In order to take advantage of their mountain of new data, and the associated range of new applications, agencies will have to merge parts of their existing infrastructure. That converged infrastructure can take two forms – merging data centers themselves or consolidating components within a single optimized computing package. Converging IT infrastructure is the first step in the roadmap to capitalizing on the benefits of the Internet of Everything (I0E). Bray goes even further, arguing that we will need to shift from searching for data to having relevant data find us, to include developing machines that learn our preferences for data as well as when to deliver that data in a form most useful to our work. McCarthy also reviews the disruptive, but hopefully positive, effects of IoT on citizen services, government reaction times, and employees. Read More »

Tags: , , , , ,

How AMP Threat Grid Accelerates Incident Response with Artifacts, Content, and Correlation

As a result of Cisco’s acquisition last May, ThreatGRID is now part of the Cisco Advanced Malware Protection (AMP) portfolio as AMP Threat Grid. The acquisition expands Cisco AMP capabilities in the areas of dynamic analysis and threat intelligence technology, both on-premise and in the cloud. AMP Threat Grid extends Cisco AMP with even greater visibility, context, and control over sophisticated threats. Security analysts and incident response teams can augment their forensics analysis to detect and stop evasive attacks faster than ever.

AMP Threat Grid is not simply another dynamic analysis platform or sandbox. While the solution does leverage various dynamic analysis techniques and ‘sandboxing’ to produce content, it also acts as a content engine so that you can more quickly and easily extract insights from the data. AMP Threat Grid treats all of its analysis as content, making it available to the user via a portal or API. AMP Threat Grid also doesn’t stop at a single analysis technique; instead it applies multiple dynamic and static analysis engines to submitted samples – all produced disk, network, and memory artifacts – in order to generate as rich a source of data as possible.

Read More »

Tags: , , , , ,