Cisco Blogs


Cisco Blog > Security

Targeted Attack, Targeted Response: Designing and Implementing an Incident Response Plan That Works

September 4, 2012 at 7:30 am PST

A few weeks ago I had the pleasure of participating, as a guest speaker, in a webinar titled “Targeted Attack, Targeted Response: Designing and Implementing an IR Plan That Works.” Joe Riggins, Senior Director of Incident Response for HBGary, moderated this Q&A format webinar. We discussed the current incident response (IR) challenges companies are facing, as well as specific steps organizations can take to design, test, and successfully implement an ongoing IR plan for their specific business environment.

The webinar recording can be accessed here.

Read More »

Tags: ,

Global Correlation: IPS + SIO = Greater Protection

The Cisco Intrusion Prevention System (IPS) includes Global Correlation capabilities that utilize real-world data from Cisco Security Intelligence Operations (SIO). We have seen on this blog before how IPS Global Correlation can be used to detect and validate the urgency of emergent threats as well as allow our team to hone the protection capabilities of our IPS Sensors.

Perhaps more fundamentally however, Global Correlation allows Cisco IPS Sensors to filter network traffic using the “reputation” of a packet’s source IP address. The reputation of an IP address is computed by Cisco SensorBase using the past actions of that IP address. IP reputation has been an effective means of predicting the trustworthiness of current and future behaviors from an IP address.

Our team has recently published a new white paper that explores the benefits of IPS Global Correlation and how they relate to various IPS deployment scenarios. I would like to share a couple of items from the white paper and encourage you to read it for more information.

Read More »

Tags: , , ,

New Java Vulnerability Used in Targeted Attacks

Security researchers discovered a Java vulnerability (documented in IntelliShield alert 26751) that attackers are using to install malicious software on a victim’s systems. No software updates are available that correct the vulnerability (Updates are now available, see Part 2 of the blog).  The attacks are currently limited in nature. There have been few reports of attacks that rely on the vulnerability. Now that Metasploit developed a functional exploit, continued attacks that leverage this vulnerability increase in likelihood as time goes on. US-CERT has issued a related vulnerability note. Administrators can monitor this and other ongoing activity at the Cisco Security Intelligence Operations portal.

It is not yet clear what attackers hope to gain out of the attacks observed in the wild. Goals may differ between individual attacks. Current exploits appear to install a malicious software dropper that may install other malicious software, but to what end is unknown. Attackers may attempt to install malicious software that monitors keyboard input and network communication, hoping to gain user credentials for either external resources to aid in fraudulent activity or to access other internal systems within the targeted site.
Read More »

Tags: , , ,

Service Providers Can Take a Bite Out of the $30 Billion SaaS Pie

By Bryan Mobley, Director, IBSG Service Provider practice

Service providers continue to struggle to monetize the tsunami of data traffic flooding their networks from consumers and business customers alike. While data traffic is growing exponentially, revenue is relatively flat. In engagements with major service providers and global enterprises, Cisco’s Internet Business Solutions Group (IBSG) has uncovered potential ways for service providers to generate additional revenue by helping software-as-a-service (SaaS) providers deliver a better experience to their enterprise customers. This blog describes one way service providers can participate in a SaaS market estimated to reach $30 billion by 2013.  By 2015, Forrester Research predicts the SaaS market will exceed $78 billion, representing more than 80 percent of the global public cloud market.

Security Concerns Can Limit SaaS Benefits

Many large enterprises today have embraced SaaS as a way to Read More »

Tags: , , , , , ,

Bundled Third-Party Software Security at OSCON 2012

The practice of using Open Source Software (OSS) and other third-party software (TPS) to build products and services is well established. Not only can it create tremendous efficiency--why build an operating system or web server if you don’t need to?--it also allows individual products to leverage best-of-breed functionality. This best-of-breed functionality can be critical on today’s Internet as security and scalability are often difficult or even patently ignored until it is too late.

The use of TPS to build things has been so successful and is so widespread that many products may even be assembled from a majority of software written by unknown third parties. This practice is not without its challenges. One of those challenges is security.

How does the security of a product’s constituent TPS affect its own security? How does the creator of the product learn of, manage and ultimately resolve security issues that originate in the relevant TPS packages?

These are the types of questions I attempted to address during a recent presentation at O’Reilly OSCON 2012. During that session I touched on seven challenges and offered five tools that I believe can make a difference.

Our friends on the Cisco Security Marketing team have posted the slides from that presentation online at slideshare.net.

Managing the Security Impact of Bundled Open Source Software from OSCON from Cisco Security

Is this an area of concern for you? If it is, I’d like to know how you are tackling it. What is working well? What is working not-so well?

Tags: , , ,