Cisco Blogs


Cisco Blog > The Platform

Cisco Bolsters Security Strategy with Agreement to Acquire Sourcefire

Today’s threat landscape is more dynamic than ever before. Rapid changes in the world around us, driven by cloud, mobility and the Internet of Everything, are considerably affecting traditional security approaches. The notion of the “perimeter” no longer exists and threats are able to circumvent traditional, disparate security products.

The marketplace needs a pervasive, continuous security architecture that addresses each phase of the attack lifecycle. Today, we are excited to announce the acquisition of Sourcefire (NASDAQ: FIRE), which directly supports Cisco’s strategy to constantly defend, discover and remediate threats – with the ultimate goal of covering our customers before, during and after an attack.

Sourcefire, based in Columbia, MD, is a leader in intelligent cybersecurity solutions. Sourcefire delivers effective, highly automated security through continuous threat research, detection and protection across its portfolio of next-generation intrusion prevention systems (IPS), next-generation firewall, and advanced malware protection solutions.

Sourcefire couples its technology with automated, real-time visibility across the extended network that includes virtual, mobile and endpoints. These solutions work not only at a point-in-time, but also provide continuous threat protection and retrospective remediation across the network.

Having led security innovation for more than 12 years, Sourcefire has assembled a world-class team with deep security DNA that will help drive Cisco’s execution of its security strategy. Sourcefire was founded by Marty Roesch, who pioneered their success through open source, creating a community of security technologists working together to build an industry leading intrusion prevention system. Sourcefire also is home to the Vulnerability Research Team, a group of elite security experts who work around the clock to proactively discover, assess, and respond to the latest trends in hacking activities, intrusion attempts, malware and vulnerabilities.

Sourcefire’s open source model is expected to strengthen and accelerate Cisco’s ability to build a strong ecosystem of security partners who can bring real time threat intelligence and innovations to customers through integration with our technologies and platforms.

Security is a critical component to Cisco’s overall strategy to be the No. 1 IT company.  Earlier this year, we acquired Cognitive Security, a security software company that applies artificial intelligence techniques to detect advanced cyber threats. Cognitive Security and Sourcefire are expected to help Cisco achieve our goal as we offer more best-in-class security services; more intelligence sources for continuous protection; and an open platform to enable a threat-aware network.

We believe that Cisco and Sourcefire customers will benefit from the combination of world-class products and technologies to provide continuous and pervasive advanced threat protection across the entire attack continuum and from any device to any cloud.

I am delighted to welcome the entire Sourcefire team to the Cisco family, and look forward to a prosperous future together.

In closing, I would simply like to remind you that this blog contains forward-looking statements which are subject to risks and uncertainties, including the risk factors discussed in Cisco’s most recent reports on Form 10-K and Form 10-Q filed with the SEC on September 12, 2012 and May 21, 2013, respectively, and in the press release announcing this transaction.  Such risks could cause actual results to differ from those contained in the forward-looking statements.  For further information, please consult such Form 10-K, Form 10-Q, and Cisco’s Form 8-K covering such press release, each available free of charge at the SEC’s website at www.sec.gov or by going to Cisco’s Investor Relations website at http://www.cisco.com/go/investors.

 

Tags: , , , , , ,

July, a Busy Month for Breaches

This month has been particularly prevalent for the loss of personal information. At the beginning of the month it was reported that Club Nintendo had been breached with the personal data of up to 4 million stolen by attackers [1]. Subsequently, the forums of Ubuntu were hacked with the loss of 1.82 million usernames, passwords and email addresses [2]. Additionally, Apple have announced that their developer website has had an unknown amount of personal data stolen [3].
Read More »

Tags: , , , , , ,

Zeus Botnet Impersonating Trusteer Rapport Update

Starting Friday, July 19, 2013 at 14:45 GMT, Cisco TRAC spotted a new spam campaign likely propagated by the Zeus botnet. The initial burst of spam was very short in duration and it’s possible this was intended to help hide the campaign, since it appears to be targeted towards users of a Trusteer product called Rapport. Within minutes of the campaign starting, we were seeing millions of messages.

spam3

This spam impersonated a security update from Trusteer. Attached to this file was the “RaportUpdate” file, which contained a trojan. We’ve identified this specific trojan as Fareit. This file is designed to impersonate an update to the legitimate Rapport product, which, as described by Trusteer, “Protects end users against Man-in-the-Browser malware and phishing attacks. By preventing attacks, such as Man-in-the-Browser and Man-in-the-Middle, Trusteer Rapport secures credentials and personal information and stops online fraud and account takeover.”

It’s important to note that while this end-point solution is designed to protect against browser-based threats, this specific attack is email-based. If the user downloads and executes the attachment via their mail client, it could bypass their browser and the protections of a legitimate Rapport client, entirely. If an end user is tricked into running malicious software for an attack via an avenue the attacker can reasonably predict, it becomes much easier to bypass network security devices and software.

 

Read More »

Tags: , , , , , , ,

Network Solutions Customer Site Compromises and DDoS

Network Solutions is a domain name registrar that manages over 6.6 million domains. As of July 16, 2013, the Network Solutions website is under a Distributed Denial of Service (DDoS) attack. Recently, Network Solutions has been a target for attackers; in a previous outage, domain name servers were redirected away from their proper IP addresses. This was reported to be a result of a server misconfiguration while Network Solutions was attempting to mitigate a DDoS attack. It is possible that the DDoS attacks are related.

According to isitdownrightnow.com, the Network Solutions site has been having issues for at least the last 24 hours.

response_time

Response time in ms (GMT -8:00)

Read More »

Tags: , , , , , ,

Three Imperatives for Today’s CISO for Data Center Security: Key Takeaways from Today’s Webcast

This is a follow up from my post last week that announced this webcast. Today it was a treat to have Richard Noguera as our special guest and who is uniquely qualified to speak on the topic of key imperatives for today’s CISO for the data center.  Rich is a youthful InfoSec veteran who has led teams at Yahoo, Symantec and McAfee as well as held consulting roles and presently at Accenture in a Security and Risk management strategy role. I wanted to provide you access to the slides as well as summarize some of the key points Rich educated us on today.

Three imperatives for today¹s ciso for data center fina lv rn[2] from Cisco Data Center

 

As a concept, cloud is the one that most interested our audience today. We are seeing heavily virtualized data centers with private clouds, cloud attached data centers that leverage Infrastructure as a Service (IaaS) facilities for rapid service deployment or capacity management, and hybrid clouds that mix/match based on implementation needs.  Most of our customers have embraced one of the above models.  And, so I am going to focus on our imperatives accordingly.

Imperative 1: Enable IT to Play a More Strategic Role

Gartner predicts with market maturity that enterprises will increase migration of *mission-critical* functions to *public* cloud services over the next 3-5 years. IT and InfoSec must adapt and consider an alternative means to maintain the confidentiality, integrity, and availability of their business services, data, and users. For the ‘extended enterprise’ to operate effectively then, access control and data exchange between cloud service providers (CSP) needs to be standardized. Organizations should look to implement a Cloud Services Brokerage (CSB) – whether internally or externally, utilizing private/public/hybrid clouds – to accelerate service implementation and integration and also ensure visibility and cohesive security policy across multiple cloud service providers.

Imperative 2:  Business-driven Security and Risk Metrics

Read More »

Tags: , , , ,