Cisco Blogs


Cisco Blog > Data Center and Cloud

Securing the Open Network Environment

With all of the focus on Software Defined Networking, open networking, API’s, you name it, I do often wonder how, with all of this ‘openness’, does an Enterprise keep their network secure? After years of security teams working  tirelessly to protect their business critical infrastructure does this paradigm shift where anyone can write an application to control, get the intelligence from, and manipulate the network become the reason for many a sleepless night for security experts around the world? And on the other hand, can this new way to manage the network help in threat detection and prevention?

If you, like me, are wondering the same thing, I invite you to register here for the 5th session of the Cisco Open Network Environment Webcast Series titled “Securing the Open Network Environment” broadcasting on July 30th at 9 a.m. PST.

Jon Oltsik, ESG, Security, Mike Nielsen, Bret Hartman, ONE, SDN

Join Mike Nielsen and Bret Hartman from Cisco as well as Jon Oltsik from Enterprise Strategy Group (ESG) for a great discussion featuring live Q&A throughout the session.

If you have missed any of our previous sessions featuring introductions to OpenFlow, OpenStack, Cisco’s onePK, and Using Open Source in Networked Environments, please visit www.cisco.com/go/onewebcasts.

Tags: , , , , , ,

Cisco Bolsters Security Strategy with Agreement to Acquire Sourcefire

Today’s threat landscape is more dynamic than ever before. Rapid changes in the world around us, driven by cloud, mobility and the Internet of Everything, are considerably affecting traditional security approaches. The notion of the “perimeter” no longer exists and threats are able to circumvent traditional, disparate security products.

The marketplace needs a pervasive, continuous security architecture that addresses each phase of the attack lifecycle. Today, we are excited to announce the acquisition of Sourcefire (NASDAQ: FIRE), which directly supports Cisco’s strategy to constantly defend, discover and remediate threats – with the ultimate goal of covering our customers before, during and after an attack.

Sourcefire, based in Columbia, MD, is a leader in intelligent cybersecurity solutions. Sourcefire delivers effective, highly automated security through continuous threat research, detection and protection across its portfolio of next-generation intrusion prevention systems (IPS), next-generation firewall, and advanced malware protection solutions.

Sourcefire couples its technology with automated, real-time visibility across the extended network that includes virtual, mobile and endpoints. These solutions work not only at a point-in-time, but also provide continuous threat protection and retrospective remediation across the network.

Having led security innovation for more than 12 years, Sourcefire has assembled a world-class team with deep security DNA that will help drive Cisco’s execution of its security strategy. Sourcefire was founded by Marty Roesch, who pioneered their success through open source, creating a community of security technologists working together to build an industry leading intrusion prevention system. Sourcefire also is home to the Vulnerability Research Team, a group of elite security experts who work around the clock to proactively discover, assess, and respond to the latest trends in hacking activities, intrusion attempts, malware and vulnerabilities.

Sourcefire’s open source model is expected to strengthen and accelerate Cisco’s ability to build a strong ecosystem of security partners who can bring real time threat intelligence and innovations to customers through integration with our technologies and platforms.

Security is a critical component to Cisco’s overall strategy to be the No. 1 IT company.  Earlier this year, we acquired Cognitive Security, a security software company that applies artificial intelligence techniques to detect advanced cyber threats. Cognitive Security and Sourcefire are expected to help Cisco achieve our goal as we offer more best-in-class security services; more intelligence sources for continuous protection; and an open platform to enable a threat-aware network.

We believe that Cisco and Sourcefire customers will benefit from the combination of world-class products and technologies to provide continuous and pervasive advanced threat protection across the entire attack continuum and from any device to any cloud.

I am delighted to welcome the entire Sourcefire team to the Cisco family, and look forward to a prosperous future together.

In closing, I would simply like to remind you that this blog contains forward-looking statements which are subject to risks and uncertainties, including the risk factors discussed in Cisco’s most recent reports on Form 10-K and Form 10-Q filed with the SEC on September 12, 2012 and May 21, 2013, respectively, and in the press release announcing this transaction.  Such risks could cause actual results to differ from those contained in the forward-looking statements.  For further information, please consult such Form 10-K, Form 10-Q, and Cisco’s Form 8-K covering such press release, each available free of charge at the SEC’s website at www.sec.gov or by going to Cisco’s Investor Relations website at http://www.cisco.com/go/investors.

 

Tags: , , , , , ,

July, a Busy Month for Breaches

This month has been particularly prevalent for the loss of personal information. At the beginning of the month it was reported that Club Nintendo had been breached with the personal data of up to 4 million stolen by attackers [1]. Subsequently, the forums of Ubuntu were hacked with the loss of 1.82 million usernames, passwords and email addresses [2]. Additionally, Apple have announced that their developer website has had an unknown amount of personal data stolen [3].
Read More »

Tags: , , , , , ,

Zeus Botnet Impersonating Trusteer Rapport Update

Starting Friday, July 19, 2013 at 14:45 GMT, Cisco TRAC spotted a new spam campaign likely propagated by the Zeus botnet. The initial burst of spam was very short in duration and it’s possible this was intended to help hide the campaign, since it appears to be targeted towards users of a Trusteer product called Rapport. Within minutes of the campaign starting, we were seeing millions of messages.

spam3

This spam impersonated a security update from Trusteer. Attached to this file was the “RaportUpdate” file, which contained a trojan. We’ve identified this specific trojan as Fareit. This file is designed to impersonate an update to the legitimate Rapport product, which, as described by Trusteer, “Protects end users against Man-in-the-Browser malware and phishing attacks. By preventing attacks, such as Man-in-the-Browser and Man-in-the-Middle, Trusteer Rapport secures credentials and personal information and stops online fraud and account takeover.”

It’s important to note that while this end-point solution is designed to protect against browser-based threats, this specific attack is email-based. If the user downloads and executes the attachment via their mail client, it could bypass their browser and the protections of a legitimate Rapport client, entirely. If an end user is tricked into running malicious software for an attack via an avenue the attacker can reasonably predict, it becomes much easier to bypass network security devices and software.

 

Read More »

Tags: , , , , , , ,

Network Solutions Customer Site Compromises and DDoS

Network Solutions is a domain name registrar that manages over 6.6 million domains. As of July 16, 2013, the Network Solutions website is under a Distributed Denial of Service (DDoS) attack. Recently, Network Solutions has been a target for attackers; in a previous outage, domain name servers were redirected away from their proper IP addresses. This was reported to be a result of a server misconfiguration while Network Solutions was attempting to mitigate a DDoS attack. It is possible that the DDoS attacks are related.

According to isitdownrightnow.com, the Network Solutions site has been having issues for at least the last 24 hours.

response_time

Response time in ms (GMT -8:00)

Read More »

Tags: , , , , , ,