You can lock every window and bolt every door to keep out intruders, but it won’t be of much use if the attacker is already inside; if the attacker is an insider. Most security reports and headlines highlight stories of organizations that are attacked by an external party, but incident statistics highlight a growing number of attacks from insiders and partners. These incidents are real, and threaten your most sensitive information. How do you know when an insider is exfiltrating data from your organization? Cisco Managed Threat Defense (MTD) monitors for advanced network security intrusions using expert staff and OpenSOC, which Pablo Salazar introduced last month. Our staff has a decade of experience investigating security attacks and resolving benign anomalies. In my twelve years as an InfoSec professional, I’ve seen cases where employees conceal their activity for a variety of reasons. In one particularly interesting incident, it was discovered an employee was encrypting and obfuscating outbound traffic from his laptop over a period of several weeks, using for-purchase VPN software called Private Internet Access.
Traditional network security solutions have been built from disparate point technologies that create gaps in traditional defenses that sophisticated attackers exploit. With an integrated approach, organizations gain the full contextual awareness and dynamic controls necessary to automatically assess all threats, correlate intelligence, and optimize defenses to protect modern enterprise networks. An integrated threat defense also considers both network and endpoint perspective across the extended enterprise. Contrast this with point solutions that lack the visibility needed to spot multi-vector threats and to see what users, applications, content and devices are on the network and what each are doing.
In today’s dynamic network environment, point solutions lack the visibility and control required to implement effective security policy to accelerate threat detection and response. In addition, disparate solutions add to capital and operating costs and administrative complexity. They also result in higher implementation costs to integrate with the existing IT environment, work stream, and network fabric. By integrating defense layers, organizations can enhance visibility, enable dynamic controls, and provide advanced threat protection that address the entire attack continuum – before, during, and after an attack
Cisco ASA with FirePOWER Services is a new, adaptive, threat-focused next-generation firewall that delivers superior, multi-layered protection, improves visibility, and reduces security costs and complexity. It provides integrated threat defense for the entire attack continuum by combining proven ASA firewall skills with industry- leading Sourcefire next-generation IPS and advanced malware protection.
[ed. Note: This post was updated 7/9/2014 to include new information not available to the author at the time of original publishing]
I just returned from the Gartner Security Summit at the Gaylord Resort in National Harbor Maryland. Each morning I took my run along the Potomac River and passed this sculpture of a man buried in the sand.
In speaking with many IT executives they expressed specific concerns around their IT security, and this sculpture of the “man in the sand” took on new meaning for me. I could see how they might similarly feel overwhelmed and buried given their limited resources and the abundance of threats to their environments. Yes, I’ve been in this industry too long! Anyway, throughout all of my conversations it was abundantly clear that people were looking for a new way to approach securing their networks and applications. Customers are recognizing that unsecured access to the network is a critical threat vector; however, when leveraged properly, the network itself also provides a significant platform that offers comprehensive protection to close those gaps. So, what do I mean by that?
The network uniformly sees and participates in everything across the threat continuum, whether before, during or after an attack. If we can leverage the insights and inherent control the network provides, IT organizations can truly augment their overall end-to-end security across this continuum. If done correctly, this augmentation can happen without investing a large amount of time, energy, and resources in filling all the gaps to secure their environments -- regardless of legacy network, endpoint, mobile, virtual, or cloud usage models
Cisco strongly believes that the network must work intimately with various security technologies in a continuous fashion to offer protection for networks, endpoints, virtual, data centers and mobile.
Given Cisco’s breadth and depth of security, we did not have room to exhibit our networking devices. However, within much of our networking (and even security) offerings, we have embedded security capabilities that provide more comprehensive protection across the entire threat continuum.
An example of this is Cisco TrustSec embedded network access enforcement, which provides network segmentation based on highly differentiated access policies. Cisco TrustSec works with Cisco ISE to provide consistent secure access that is mapped to IT business goals. Cisco ISE and TrustSec are part of the Cisco Unified Access solution and leverage a superior level of context and simplified policy management across the entire infrastructure in order to ensure that the right users and devices gain the right access to the right resources at any given time.
Cisco’s integrated approach to security reduces complexity, while providing unmatched visibility, continuous control and advanced threat protection, which, in turn, allows customers to prioritize more efficiently and act more quickly - before, during, and after an attack. Through Cisco’s New Security Model, we help you achieve a more pleasant experience and get you dug out of the sand. To learn more and go beyond just a shovel and pail, go to Cisco’s Security Page.
#CiscoChampion Radio is a podcast series by Cisco Champions as technologists, hosted by Cisco’s Amy Lewis (@CommsNinja). This week Chris Young, SVP Security Business Group Cisco, and Bill Carter, Senior Network Engineer and Cisco Champion, talk about Intelligent Cyber Security for the real world.
Listen to the Podcast
How Cisco deals with fragmentation in Security market
Attack-driven model for Security, before, during and after
How Sourcefire acquisition fits in with Cisco Security
Open Source Security around Snort Community Read More »
A recent Bloor Research Market Update on Advanced Threat Protection reminds us of something that many security vendors have long been loath to acknowledge: traditional, point-in-time technologies, like anti-virus or sandboxes, are not entirely effective when defending against complex, sophisticated attacks.
This is due to something we have said before and we will say again: malware is “the weapon of choice” for malicious actors. We know blended threats introduce malware. Our 2014 Annual Security Report notes that every Fortune 500 company that was spoken to for the report had traffic going to websites that host malware. Bloor tells us all, once again, that attack methods are becoming more complex.
To put it plainly, when it comes to networks being breached, it is not a case of if, but when.