Cisco Blogs


Cisco Blog > Enterprise Networks

Snort your way to PCI compliance

When organizations look to secure their retail stores, branches, or points-of-sale, meeting the required mandates for Payment Card Industry (PCI) security compliance quickly becomes the number one prioritized focus area.  In fact, the 2015 Verizon PCI compliance report demonstrates this when it states that the number of companies that fully complied with the payment card industry (PCI) security standards during 2014 rose to 20 percent from about 11% in 2013. While this standalone increase in compliance is great, Verizon also notes that less than a third of the companies were fully compliant a year later after successful validation. The major takeaway here is that it is unfortunately easy to fall out of compliance if organizations don’t take the appropriate steps to maintain their security.  With 69% of consumers admitting that they will be less inclined to do business with a breached company, it is increasingly important for reaching and maintaining PCI compliance to be one of the highest priorities for organizations.

PCI Requirement 11 demands that organizations have a sustainable network and application vulnerability management program and that evaluates the overall effectiveness of security measures in place across the organization.  In a very telling sign, most organizations that suffered a breach were not compliant with Requirement 11.  Intrusion detection and prevention systems (hereafter, “IPS”) technology play a critical role in helping meet PCI compliance by monitoring all traffic in the cardholder data environment and issuing timely alerts to suspected compromises. Of course, simply having the technology is not enough.  Considering many organizations fall out of compliance due to maintenance, it is absolutely critical that IPS engines are updated with new signatures and rule sets to ensure that new threats are stopped.

Snortpig_professor2

Here, at Cisco, we’re happy to announce that our Cisco Integrated Services Router (ISR) 4000 Series  now come equipped with Snort IPS to help customers meet these PCI-compliance requirements at the branch. Read More »

Tags: , , ,

Microsoft Patch Tuesday – November 2015

Microsoft’s Patch Tuesday has arrived. Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains 12 bulletins addressing 53 vulnerabilities. Four bulletins are rated critical and address vulnerabilities in Edge, Internet Explorer, Windows Journal, and Windows. The remaining eight bulletins are rated important and address vulnerabilities in .NET, IPsec, Kerberos, Lync/Skype for Business, NDIS, Office, SChannel, and Winsock.

Bulletins Rated Critical

Microsoft bulletins MS15-112 through MS15-115 are rated as critical in this month’s release.

MS15-112 and MS15-113 are this month’s Internet Explorer and Edge security bulletin respectively. In total, 25 vulnerabilities are addressed with four of them specifically affecting both IE and Edge. The remaining 21 vulnerabilities only affect Internet Explorer. The majority of the vulnerabilities that are resolved in this month’s release are memory corruption defects. In addition, an ASLR bypass, an information disclosure vulnerability, and a couple of scripting engine flaws are also addressed.

Read More >>

Tags: , , ,

Securing the IoE with OpenAppID

We introduced OpenAppID in early 2014 with the goal of empowering customers and the open source community to control application usage in their network environments. Since then, we have increased our coverage from 1,000 OpenAppID detectors to more than 2,600, and have received valuable feedback from the community on ways to improve the product.

The case of having an open, application-focused detection language and processing module for Snort has attracted the attention of the Internet of Everything (IoE) world. There are countless devices out there using the Internet on their own, varying from a remote IP based camera to an industrial based sensor in which may include some security features on them.

With the combination of OpenAppID and Snort we are giving the capability to the open source community to create their own application-based protocols and classifications, which can be used to Read More »

Tags: , , , , , ,

Like Chalk and Cheese: Cisco ASA 5506-X with Release 9.4.1 – Policy Based Routing

Cisco ASA 5506-XEarlier this Year, Cisco introduced the Cisco ASA 5506-X with FirePOWER Services. This Model should replace the successful and smallest Security Solution, the ASA 5505. Designed for the Small Business and a new era of threat and advanced malware protection Cisco ASA with FirePOWER Services delivers an integrated threat defense for the entire attack continuum. BEFORE, DURING and AFTER.

As Desktop version, the Cisco ASA 5506-X builds an easy entry for a:

 

Cisco ASA 5506-X 1

  •  Superior Multilayered Protection
    • Site-to-site and remote access VPN
    • Granular Application Visibility and Control (AVC)
    • Highly effective threat prevention and full contextual awareness
    • Reputation- and category-based URL filtering
    • AMP provides industry-leading breach detection effectiveness
  • Unprecedented Network Visbility
  • Reduced Costs and Complexity security Solution

Read More »

Tags: , , , , , , , , , , , , ,

Research Spotlight: Project FTR

image00

image02_a

 

 

 

 

 

 

Intro

Historically, networks have always been at risk for new, undiscovered threats. The risk of state sponsored hackers or criminal organizations utilizing 0-day was a constant, and the best defense was simply to keep adding on technologies to maximize the odds of detecting the new threat – like adding more locks to the door if you will. Here at Cisco Talos we’re constantly pushing the envelope. Recently after some thinking juice we started brainstorming ways to better address the constant threat of attacker utilizing unknown 0-day. Today, we’re happy to inform our customer base about our new inspection technology code name project Faster Than Realtime, or FTR. Project FTR is the next generation of detection technology, that which will truly revolutionize the industry.

Project FTR

To mitigate the ever-growing threat of new and unknown attacks we simply decided to add a few options to our existing inspection infrastructure. Snort’s new Quantum Pre-Detection (QPD) leverages Predictive Attack Detection (PAD) by putting packets into an Ethereally-Buffered Capture (EBC) file.  Snort then reads the .ebc via PAD so that QPD can tell you that you are under attack before you’re even under attack.

Read More »

Tags: , , , , , , ,