Cisco Blogs

Cisco Blog > Security

Security Realities of IoT (Internet of Things)

Are you a security professional or IT professional just resolving the security issues with BYOD (bring-your-own-device)? Watch out, BYOD was a precursor or warm up exercise to the tsunami just hitting your shores now.

The SANS Institute just completed a survey on the security viewpoints on IoT, predominantly with security and IT professionals.

78% of respondents were unsure of the capabilities for basic visibility and management of Things they will need to secure or lack the capability to secure them.

It seems that, like BYOD, IoT is driven with minimal IT consultation. And it happens with security as an afterthought, with 46% who do not have a policy to drive the visibility and management of IoT devices.

The top security controls used today for securing IoT were 68% authentication/authorization, 65% system monitoring, and 49% segmentation. That translates into Cisco Secure Access solutions that offer superior visibility, robust intelligent platform of critical context, and highly effective unified secure access control. More importantly, this will also help the 74% that rely on manual processes for discovery and inventory of connected device (from previous SANS research).

Over half (67%) are using SIEM (security information and event management) to monitor and collect data to secure IoT. Cisco ISE (Identity Services Engine) integrates with SIEM to bring together a network-wide view of security events supplemented with relevant identity and device context. This provides security analysts the context they need to quickly assess the significance of security events. More details on the ISE and SIEM integration may be found in this new white paper: Cisco ISE Plus SIEM and Threat Defense: Strengthen Security with Context

The research rightfully points out that, of the many categories of Things, the newest category of single-purpose devices typically connected by wireless (and more likely embedded) software will be the most problematic for security. Due to this difficulty, the SANS community (61%) would like the Thing manufacturers to take more responsibility for providing security. While this is a reasonable request, the question is whether they have the expertise to do this when their focus is on the exciting new IoT market opportunities. Weigh in and tell us your outlook on securing this next wave of Things connecting to your network!

The paper on the SANS survey results is in the SANS reading room.

Tags: , , , , , , , ,

Cisco 2014 Annual Security Report: Why the Before/During/After Approach to Security Offers Better Protection from Threats

The number and variety of threats that can infiltrate corporate networks and disable critical infrastructure are sobering. Take a look at our findings and analysis in the new Cisco 2014 Annual Security Report, and you’ll see that malicious actors are innovating just as fast as security professionals do. As threats proliferate, so do the solutions for responding. It’s a confusing, fragmented market. That’s why Cisco believes it’s time for a new security model: a model that’s threat-centric, providing better visibility across the entire attack continuum and across all attack vectors, so that your organization stands a better chance of stopping attacks, or minimizing the damage they cause.

As we explain in the Cisco 2014 Annual Security Report, today’s advanced attacks are too complex and sophisticated to be addressed by traditional technologies that only perform their analysis once at a specific point in time, versus technologies that work continuously. At the same time, the data protection needs of organizations have become incredibly multifaceted. Mobile users and reliance on the cloud have complicated the ways business networks need to be protected. There is no “silver bullet” to solve every security problem.

Our recommendation for meeting today’s security challenge is to move away from point-in-time solutions, to an any time, all the time, continuous approach:

  • Before an attack: You can’t protect what you can’t see. Know what’s on your network—devices, operating systems, services, applications, users, and more. With this knowledge you can set up access controls, enforce security policies, and block applications and overall access to critical assets. This will help reduce the surface area of attack. But keep in mind that there will still be gaps attackers can exploit to achieve their objectives.
  • During an attack: Deploy solutions that can address a broad range of attack vectors by operating everywhere a threat can turn up—networks, endpoints, mobile devices, and virtual environments, for example.
  • After an attack: As much as we want to stop all attacks, it’s a given that on some occasions, intruders will succeed. Prepare for this eventuality with capabilities to determine the scope of the damage, contain the event, remediate, and bring business operations back to normal as quickly as possible.

The before/during/after approach to security avoids the problems associated with fragmented security solutions, such as lack of visibility and inconsistent enforcement. The Cisco 2014 Annual Security Report details today’s top security concerns and the value of this strategy.

Tags: , , , ,

My Top 7 Predictions for Open Source in 2014

My 2014 predictions are finally complete.  If Open Source equals collaboration or credibility, 2013 has been nothing short of spectacular.  As an eternal optimist, I believe 2014 will be even better:

  1. Big data’s biggest play will be in meatspace, not cyberspace.  There is just so much data we produce and give away, great opportunity for analytics in the real world.
  2. Privacy and security will become ever more important, particularly using Open Source, not closed. Paradoxically, this is actually good news as Open Source shows us again, transparency wins and just as we see in biological systems, the most robust mechanisms do so with fewer secrets than we think.
  3. The rise of “fog” computing as a consequence of the Internet of Things (IoT) will unfortunately be driven by fashion for now (wearable computers), it will make us think again what have we done to give up our data and start reading #1 and #2 above with a different and more open mind. Again!
  4. Virtualization will enter the biggest year yet in networking.  Just like the hypervisor rode Moore’s Law in server virtualization and found a neat application in #2 above, a different breed of projects like OpenDaylight will emerge. But the drama is a bit more challenging because the network scales very differently than CPU and memory, it is a much more challenging problem. Thus, networking vendors embracing Open Source may fare well.
  5. Those that didn’t quite “get” Open Source as the ultimate development model will re-discover it as Inner Source (ACM, April 1999), as the only long-term viable development model.  Or so they think, as the glamor of new-style Open Source projects (OpenStack, OpenDaylight, AllSeen) with big budgets, big marketing, big drama, may in fact be too seductive.  Only those that truly understand the two key things that make an Open Source project successful will endure.
  6. AI recently morphed will make a comeback, not just robotics, but something different AI did not anticipate a generation ago, something one calls cognitive computing, perhaps indeed the third era in computing!  The story of Watson going beyond obliterating Jeopardy contestants, looking to open up and find commercial applications, is a truly remarkable thing to observe in our lifespan.  This may in fact be a much more noble use of big data analytics (and other key Open Source projects) than #1 above. But can it exist without it?
  7. Finally, Gen Z developers discover Open Source and embrace it just like their Millennials (Gen Y) predecessors. The level of sophistication and interaction rises and projects ranging from Bitcoin to qCraft become intriguing, presenting a different kind of challenge.  More importantly, the previous generation can now begin to relax knowing the gap is closing, the ultimate development model is in good hands, and can begin to give back more than ever before. Ah, the beauty of Open Source…

Tags: , , , , , , , , , , , , , , , , , , , , , , ,

Cisco 2014 Annual Security Report: Threat Intelligence Offers View into Network Compromises

Thanks to extensive detection telemetry and analytics, we have a clear view into the attackers and malicious actors that are infiltrating Internet infrastructure and using trusted applications as a foothold for gaining access to networks. As explained in the Cisco 2014 Annual Security Report, online criminals continue to develop more sophisticated methods for breaching security protections—all of which require extra vigilance and a holistic view of threats and how they’re managed.

Perhaps the trend of most concern is malicious actors’ ability to gain access to web hosting servers, nameservers, and data centers, and using their processing power and bandwidth to launch far larger exploits and attacks. This is sobering, because it means that now the very foundations of the Internet are at risk of exploitation. The 2013 DarkLeech attack demonstrates how the compromise of hosting servers can help attackers gather the resources they need for a much larger campaign: In this case, servers were compromised worldwide, allowing the perpetrators to take over 20,000 legitimate websites.

The broad reach of this malicious behavior and resulting compromises can be seen in the results of Cisco’s examination of Domain Name Service (DNS) lookups originating from inside corporate networks, as detailed in the Cisco 2014 Annual Security Report.

Cisco threat intelligence experts found that 100 percent of the business networks analyzed had traffic going to websites that host malware, while 92 percent show traffic to webpages without content, which typically host malicious activity. Ninety-six percent of the networks reviewed showed traffic to hijacked servers. The pervasiveness of malicious traffic indicates that organizations need to monitor network traffic closely (and continuously) for possible indicators of compromise.

Some of the most tenacious players in the network compromise game are launching targeted attacks, which are proving very difficult for organizations to oust from their networks. These attacks are persistent and disruptive, threatening the security of intellectual property, customer data, and other sensitive information. As a guide to understanding targeted attacks, the Cisco 2014 Annual Security Report offers insights on the “attack chain”—that is, the events that lead to and through the stages of such attacks, as seen in the graphic below:


The bottom line is that IT security professionals need to think like attackers and understand the methods and approaches they use to execute their missions.

The Cisco 2014 Annual Security Report has many more findings on security threats, gleaned from Cisco research and observations—including updates on mitigating Java exploits, threats observed in mobile device use, and the status of threats and vulnerabilities reported by Cisco. You’ll find it a valuable resource as you prepare to understand security challenges in the year ahead.

Tags: , , , ,

AutoGuard: Keeping your Car Safe from Hacks

Like everything else in the forthcoming Internet of Everything era, cars, which today already rely heavily on digitized systems, are well on their way to connectivity with their surroundings. This is a welcome development. Already we have Bluetooth (radio to cellular) to help us speak hands-free while driving and GPS to keep from getting lost. In the near future, two communicative cars on a collision course could take preventative measures to avoid a crash. So the future looks bright. Our cars are essentially mobile computers on wheels, and our driving experience will be richer and safer as a result.


But there is a danger lurking, and it can’t be ignored. Think about the early days of networked computers. As long as computers were networked only with one another, there was little to threaten their security. But once computers connected to the Internet on a large scale, viruses, Trojans, and all sorts of nastiness were introduced into the world. These threats are manageable, but they do need to be managed.

Car networks are Read More »

Tags: , , , ,