Cisco Blogs


Cisco Blog > Security > Threat Research

Threat Spotlight: Group 72

This post is co-authored by Joel Esler, Martin Lee and Craig Williams

Everyone has certain characteristics that can be recognised. This may be a way of walking, an accent, a turn of phrase or a style of dressing. If you know what to look for you can easily spot a friend or acquaintance in a crowd by knowing what characteristics to look for. Exactly the same is true for threat actors.

Each threat actor group may have certain characteristics that they display during their attack campaigns. These may be the types of malware that they use, a pattern in the naming conventions of their command and control servers, their choice of victims etc. Collecting attack data allows an observer to spot the characteristics that define each group and identify specific threat actors from the crowd of malicious activity on the internet.

Talos security and intelligence research group collects attack data from our various telemetry systems to analyse, identify and monitor threat actors through their different tactics, techniques, and procedures. Rather than give names to the different identified groups, we assign numbers to the threat actors. We frequently blog about significant attack campaigns that we discover, behind the scenes we integrate our intelligence data directly into our products. As part of our research we keep track of certain threat actor groups and their activities. In conjunction with a number of other security companies, we are taking action to highlight and disrupt the activities of the threat actors identified by us as Group 72. Read More »

Tags: , , , , , ,

Gartner’s perspective on Cisco TrustSec

I am very pleased to be able to share some Gartner research on TrustSec.

While we’re continuing to make progress through broader product support, validation from auditors and implementation by other vendors, we believe that this research and Gartner’s perspective will provide you with a useful and informative viewpoint.

To read Gartner’s perspective on TrustSec please go to Cisco TrustSec Deployed Across Enterprise Campus Branch and Data Center Networks. We’d love to hear your feedback so please leave any comments below.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Source: Gartner Research, G00245544, Phil Schacter, 12 February 2013, refreshed 1 October  2014

Tags: , ,

What is the Cisco Customer Solutions Architecture (CSA) Layered Approach?

This is part 2 of the “Your Business Powered By Cisco Customer Solutions Architecture (CSA)” blog series.

CSA Description

The following figure shows a simplified view of the Cisco CSA. It has five horizontal layers: Physical Infrastructure layer, Virtualized Infrastructure layer, Services layer, Service Management and Automation layer, and App/portal layer.  Supporting each layer from top-to-bottom, there are three vertical layers: ITSM/ITIL services layer services enablement, Security layer for providing security across each of the horizontal layers, and Cisco Intellectual and domain management layer for providing Cisco best practices at each of the horizontal layers.

1

This CSA is a logically layered architecture (LLA), with each layer providing a distinct function.   The model is designed in a hierarchical fashion with devices and facilities at the bottom, customer interactions at the top, and various required functionalities in the middle layers.  The key to this model is the abstraction of each layer into software-defined components with standardized interfaces. Similar to other LLA models such as ITU-T TMN (Telecommunications Management Network), each horizontal layer supports the layer above in performing its business functions.

CSA Layered Approach

The interaction between various layers is through abstraction, orchestration, and API’s.  The customers’ requests are processed from the top layer where orchestration fulfills the various components and provisions into the infrastructure using the API’s between the layers.  Similarly, the Read More »

Tags: , , , , ,

Security and the Internet of Everything

The theme of this year’s Cyber Security Awareness Month is “Our Shared Responsibility.” At Cisco, security is everyone’s responsibility – from our trustworthy development processes, to innovation enabling our customers and partners to address threats on end points, networks, and in the cloud. That is why Cisco is setting the industry standard for meeting the security needs demanded by the Internet of Everything (IoE).

Over the next six years, the number of devices connected to the Internet is going to reach 50 billion, creating some pretty unique opportunities and dilemmas as companies and industries are connecting people and devices to one another in ways we’ve never seen before, changing the way we work and live.

As the number of connected devices in the “Internet of Things” increases exponentially, organizations must keep security top of mind as the number and type of attack vectors increases alongside the quantity of data IoE creates. This shift is creating a daunting challenge for companies and those responsible to defend the infrastructure.

I recently did a video blog on the IoE from the security perspective. Take a look and let me know what you think in the comments.

Tags: , , , , ,

Drop the IT-Centric Mindset: Securing IoT Networks Requires New Thinking

October 8, 2014 at 5:00 am PST

The Internet of Things (IoT) has become a popular topic of discussion amongst security company executives, analysts, and other industry pundits. But when they begin discussing the technical details, it quickly becomes evident that many of the most experienced security professionals still approach IoT with an IT-centric mindset. That’s because they believe IoT is mostly about the billions of new connected objects. While the dramatic increase in the number and types of connected objects certainly expands the attack surface and dramatically increases the diversity of threats, they’re only part of the IoT security challenge. In addition, the convergence of the organization’s existing IT network with the operational technology (OT) network (e.g., manufacturing floors, energy grids, transportation systems, and other industrial control systems) expands the depth of security challenges and makes threat remediation remarkably more complex.

While IT and OT were once separate networks, they’re now simply different environments within a single extended network ‒ but by no means are they the same! The architectures, operational needs, platforms, and protocols are vastly different for each of them, which drive radically different security needs for each of them. As a result, security architectures, solutions, and policies that have proven effective for years in the IT world often don’t apply in OT environments, so attempting to enforce consistent security policies across the extended network is doomed for failure.

Protecting data confidentiality is IT’s primary concern, so when faced with a threat, their immediate response is to quarantine or shut down the affected system. But OT runs critical, 24x7 processes, so data availability is their primary concern. Shutting down these processes can cost the organization millions of dollars, so the cost of remediation may be greater than simply dealing with the aftermath of an infection. In addition, because OT is a human-based operation in what can be dangerous working conditions, their focus is on the safety of their operation as well as their employees. As a result of these main differences, the two groups approach security in completely different ways. While IT uses a variety of cybersecurity controls to defend the network against attack and to protect data confidentiality, OT views security more in terms of secure physical access, as well as operational and personnel safety.

Securing IoT networks must go beyond today’s thinking. Rather than focusing on the individual security devices, they need to be networked, so that they can work together to produce comprehensive, actionable security intelligence.  By combining numerous systems, including cyber and physical security solutions, IoT-enabled security can improve employee safety and protect the entire system from the outside, as well as the inside. As a best practice, IT should maintain centralized management over the entire security solution, but with a high level of understanding of the specific needs of OT. Based on that understanding, they need to enforce differentiated security policies to meet those specific needs, and provide localized control over critical OT systems.

At the end of the day, IT and OT need to work together for the common good of the entire IoT implementation – thereby driving truly pervasive, customized security across the extended network.

Want to learn about the part Big Data plays in your overall security plan, and how Cisco can help organizations deliver the security they need to succeed in the IoT and IoE eras? Join us for a webcast at 9 AM Pacific time on October 21st entitled ‘Unlock Your Competitive Edge with Cisco Big Data and Analytics Solutions.’ #UnlockBigData

Tags: , , , , , , , , ,