Cisco Blogs


Cisco Blog > Security

February 2014 Threat Metrics

Web surfers in February 2014 experienced a median malware encounter rate of 1:341 requests, compared to a January 2014 median encounter rate of 1:375. This represents a 10% increase in risk of encountering web-delivered malware during the second month of the year. February 8, 9, and 16 were the highest risk days overall, at 1:244, 1:261, and 1:269, respectively. Interestingly, though perhaps not unexpectedly, web surfers were 77% more likely to encounter Facebook scams on the weekend compared to weekdays. 18% of all web malware encounters in February 2014 were for Facebook related scams.

Feb2014Rate

Read More »

Tags: , , , ,

Understanding Security Through Probability

TRAC-tank-vertical_logoThis post was also authored by Min-yi Shen and Martin Lee.

Security is all about probability. There is a certain probability that something bad will happen to your networks or your systems over the next 24 hours. Hoping that nothing bad will happen is unlikely to change that probability. Investing in security solutions will probably reduce the chance of something bad happening, but by how much? And where should resources be most profitably directed?

Cyber security is a complex environment with many unknowns and interdependencies. TRAC data scientists research this environment to try and understand how different variables affect security. Bayesian graph models are one of our most useful tools for understanding probabilities in security and to explore how the likelihood of outcomes can be changed. Read More »

Tags: , ,

T-7: The Bundle Countdown Begins…

It’s that time of year again—the Cisco IOS Software Security Advisory Bundled Publication will go live in seven days. As a reminder, the Cisco Product Security Incident Response Team (PSIRT) releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of March and September each calendar year. As is the case with the vast majority of our advisories, vulnerabilities scheduled for disclosure in these upcoming Security Advisories will normally have a Common Vulnerability Scoring System (CVSS) Base Score from 7.0 to 10.0.

To ensure you’re prepared for the upcoming publication, consider:

  • Creating a text file of all the Cisco IOS Software releases in your network
  • Assembling a simple list of Cisco IOS Software technologies and features you use
  • Noting your Cisco.com username and password
  • Locating the username and password for your Cisco IOS routers and switches
  • Ensuring network operation partners are prepared for the security advisory release
  • Reviewing the benefits of OVAL and CVRF content

Read More »

Tags: , , , ,

Summary: Navigating Security Threats in a Mobile World

Security plays an important role in the success of mobility implementations worldwide. We assume security threats are always present, however it’s not always apparent where threats may arise from. Being aware of these potential risk areas is crucial.

Business decision-makers must gain insight into where these breaches are occurring. They should also understand why it is important for them to care, and how they can be aided by technical decision-makers to solve these issues moving forward.

Here’s a brief look into the where, the why and the how of embracing a secure approach to enterprise mobility and what it means for business leaders.

Cisco_NavigatingSecurityMobileWorld

Where are security threats? Today’s organizations are facing a greater attack surface as advanced mobile devices and public cloud services foster new attack models and increasing complexity within networks. To cover the entire attack continuum, organizations need to address a broad range of attack vectors with solutions that operate everywhere the threat can manifest itself: on the network, on traditional endpoints, on mobile devices, and in virtual environments.

How can threats be thwarted? The best approach is a proactive one, rather than a reactive one, especially when many organizations may not know when they are under attack. Business leaders must work with IT teams to institute a formal program for managing mobile devices and to ensure that any device is secure before it can access the network.

Why does a balanced approach to mobile security matter? In a recent blog post, I discussed the need for organizations to deploy a balanced approach to mobile security. This approach should focus more on protecting the network and proprietary data and less on implementing overly broad restrictions. IT needs to approach security with a user experience mentality. After all, if you overly manage devices, your adoption will be low and so will your return on investment (ROI). This approach can lead to greater opportunities to align threat intelligence and security best practices.

To learn more about this balanced approach to mobile security, read the full blog: Navigating Security Threats in a Mobile World.

Tags: , , , , , , , , , , , , ,

Building Bridges for the Future of Technology

Technology in the public sector has revolutionized the way government agencies deliver services, conduct operations and secure sensitive information. Last week, I had the pleasure of learning from several prominent government leaders about how smart, visionary leaders have harnessed the power of new technology to transform the way they fulfill their respective missions.

We started by visiting the National Cybersecurity Center of Excellence (NCCoE) in Rockville, Maryland, which is part of the National Institute of Standards and Technology (NIST). When complete later in summer 2015 the NCCoE facility will be the epicenter of cybersecurity education, strategy and technology for government, academia and private industry and corporations such as Cisco. Now more than ever, such public-private partnerships are imperative in recognizing and thwarting common enemies who can wreak havoc by compromising sensitive information. This center will allow the top thinkers, practitioners, IT professionals and educators to collaborate and develop strategies to keep our sensitive information protected. Donna Dodson, director of the Center, hopes it will evolve into a hub for cyber solutions derived from government and private-sector tools. Read More »

Tags: , , , , , ,