The growing use of mobility is a new threat vector in the extended network. It’s particularly complex to secure and manage when tablets and smartphones are used for both personal and business needs. The Ponemon 2014 Security Impact of Mobile Device Use by Employees study notes that 66 percent of users download mobile apps without their company’s permission. This downloading behavior increases the attack surface by introducing unapproved or personal mobile applications.
As highlighted in the Cisco Annual Security Report for 2015, mobile applications are a new threat vector that could include malware. The potential for this user-appropriated malware to access corporate resources introduces a lot of new risks that need to be addressed by IT security personnel. At Cisco, we’ve just completed a new integration with Samsung to enable workers to be productive while locking down this expanded attack surface.
Read More »
Tags: cisco annual security report, Cisco Annual Security Report 2015, Cisco AnyConnect Secure Mobility Client, mobile security, mobility, security
As recently as 2013, vulnerabilities involving Java appeared to be a favored tool of adversaries: Java was easy to exploit and, and exploits involving the programming language were difficult to detect. However, as reported in the Cisco 2015 Annual Security Report, Java is losing its front-runner position as a favored tool of bad actors looking to breach network security.
The decline in Java’s high profile as an attack vector in 2014 was recorded by Cisco Security Research. Only one of the top 10 most commonly exploited vulnerabilities in 2014 was related to Java (see chart below). In 2013, Cisco tracked 54 urgent new Java vulnerabilities; in 2014, the number of tracked vulnerabilities fell to just 19. We saw a corresponding decline in reports from the National Vulnerability Database (NVD), which includes all reported vulnerabilities: from 309 Java vulnerabilities in 2013, down to 253 in 2014.
Read More »
Tags: 2015 annual security report, attack vector, java, JRE, security, vulnerability
Last week, Cisco CEO John Chambers attended the World Economic Forum in Davos, Switzerland. A major theme of the week was security and the implications of the Internet of Everything…the topic which John focused on in his contributed article to the WEF blog, Agenda. You can read the full article here.
In the article he stated:
WEF graphic – John Chambers on Security 2015
Additionally, last week, Cisco issued our Annual Security Report which includes data about the number of breaches, attacks and how to mitigate these increasing threats. Cisco SVP and Chief Security Officer John Stewart blogged on this report here. A key call to action of the report is for corporate boards to take a more active role and focus on security as they help run their companies. He also talked to BloombergWest’s Cory Johnson. You can view that interview here.
In Davos, John Chambers talked to a few reporters about the implications of more things being connected…overall, of course, the impact will be very positive. As we move from 14B connected devices to 50B by 2020, John argues that each of those end points cannot be trusted to be secure, therefore you need to focus on security from an architectural approach…something, of course, where the network has a distinct advantage.
See John’s interview with USAToday Editor-in-Chief Dave Callaway.
See John’s interview with New York Times reporter David Gelles.
And, see here, for how many devices are connected to the Internet. Right. Now.
Tags: Davos, hacking, Internet of Everything, IoE, IoT, john chambers, security, WEF
As the Cisco 2015 Annual Security Report shows, current security approaches aren’t sufficient. Attackers are shifting methods and becoming more sophisticated in their approaches, users are unwittingly complicit enablers, and defenders struggle to keep up with all of these things. It is time for defenders to take a different approach to security that not only outwits attackers but also makes security a competitive advantage that enables business growth.
By taking a threat-centric and operational approach to security, organizations can reduce complexity and fragmentation, while providing superior visibility, continuous control, and advanced threat protection across the extended network and the entire attack continuum.
Using Cisco technology, this approach is enabled by broad visibility for superior intelligence across the extended network, where all the solutions a customer deploys communicate with each other. Organizations using siloed solutions will have holes in their security. Siloed solutions do not provide full protection since they do not communicate with one another, thus leaving security gaps and the inability to create actionable intelligence.
Cisco can provide a holistic solution to this problem by reducing the attack surface and extending protection across the network – before, during and after attacks.
Read More »
Tags: 2015 annual security report, Big Data, byod, Identity Services Engine, ISE, Managed Threat Defense, security
In many parts of the world there was a holiday period and celebration of the New Year, and it reminds me that the world has holiday periods all year round. What happens to your remote access demands during holidays? One would think that being on holiday means no one needs access to corporate resources, correct? Sometimes I really wish that were true. Sadly, that has not always been the case even for me. As an example or two, maybe you can relate to the people below or know someone like this:
Read More »
Tags: holiday, mobility, remote access, security, travel