Malware is everywhere and it’s incredibly challenging to combat, using whatever unprotected path exists to reach its target and accomplish its mission.
Malware has become the weapon of choice for hackers. According to the 2013 Verizon Data Breach Investigation Report, of the top 20 types of threat actions last year, malware is the most common method used, followed by hacking and social engineering. Increasingly, blended threats that combine several methods – for example, phishing, malware and hacking – are being used to introduce malware, embed the malware in networks, remain undetected for long periods of time and steal data or disrupt critical systems. More specifically on blended threats, the report tells us that more than 95 percent of all attacks intended for conduct espionage employed phishing. What is more, a prominent recent retail breach began with a targeted email phishing attack that ultimately led to access to payment system data via malware uploaded to PoS systems.
Read More »
Tags: 2014 annual security report, Advanced Malware Protection, Cisco Cloud Web Security, Cognitive Threat Analytics, malware, Sourcefire
One of the big lessons I learned during the early days, when I was first creating Snort®, was that the open source model was an incredibly strong way to build great software and attack difficult problems in a way that the user community rallied around. I still see this as one of the chief strengths of the open source development model and why it will be with us for the foreseeable future.
As most every security professional knows, cloud applications are one of the most prevalent attack vectors exploited by hackers and some of the most challenging to protect. There are more than 1,000 new cloud-delivered applications per year, and IT is dependent on vendors to create new visibility and threat detection tools and keep up with the accelerating pace of change. The problem is that vendors can’t always move fast enough and IT can’t afford to wait. Countless custom applications pile on even more complexity.
So today, Cisco is announcing OpenAppID, an open, application-focused detection language and processing module for Snort that enables users to create, share, and implement application detection. OpenAppID puts control in the hands of users, allowing them to control application usage in their network environments and eliminating the risk that comes with waiting for vendors to issue updates. Practically speaking, we’re making it possible for people to build their own open source Next-Generation Firewalls.
Read More »
Tags: Next-Generation Firewalls, open source, OpenAppID, security, Snort, Sourcefire
Last October , Cisco confirmed that Sourcefire was now part of our family of security products and solutions .
“With this acquisition, we take a significant and exciting step in our journey to define the future of security. As one company, we offer an unbeatable combination that will greatly accelerate our mission of delivering a new, threat-centric security model. Through the addition of Sourcefire’s competitive talent and technologies, I see vast opportunities to expand Cisco’s global security footprint in both new and emerging markets, broaden our solution sets and deepen our customer relationships “
Chris Young, Cisco Senior Vice President Security Group
in his blog “Delivers Threat-Centric Security Model “
“Beyond the technology, one of the things that is important to me is that Cisco and Sourcefire both share key values that transcend our company names, HQ locations and number of employees. Much like Sourcefire’s Firemen Principles, you can be confident that these values will continue as one team at Cisco.”
Martin Roesch, Sourcefire founder and CTO and now VP and Chief Architect of Cisco Security Group
in his blog ONE Team
These days , John Stewart , Senior Vice President, Cisco Chief Security Officer , announced that we completed the deployment of Sourcefire at Cisco . John Stewart oversees at Cisco the Threat Response, Intelligence and Development ( TRIAD ) organization .
The implementation is already giving us insights into our data center that we never had before
To know more about this deployment and John’s first impressions check his blog
The First Inline Production Deployment at Cisco
The Cisco security architecture helps data center networking teams take advantage of security capabilities built into the underlying data center fabric, to accelerate safe data center innovation. There are three important security measures that every IT organization should follow to securely support data center innovation.
To learn more, download the Cisco white paper “Three Must-Have Security Measures that Accelerate Data Center Innovation.”
Tell us what do you think of the acquisition of Sourcefire by Cisco .
Tags: Chris Young, Cisco, Cisco TRIAD, CiscoIT, data center, John Stewart, Martin Roesch, security, Sourcefire
We are witnessing the growth of the Internet of Everything (IoE), the network of embedded physical objects accessed through the Internet, and it’s connecting new devices to the Internet which may not traditionally have been there before. Unfortunately, some of these devices may be deployed with a security posture that may need improvement.
Naturally when we saw a few posts about multi-architecture malware focused on the “Internet of Things”, we decided to take a look. The issue being exploited in those posts is CVE-2012-1823, which has both an existing Cisco IPS signature as well as some for Snort. It turns out this vulnerability is actually quite heavily exploited by many different worms, and it took quite a bit of effort to exclude all of the alerts generated by other pieces of malware in Cisco IPS network participation. Due to the vulnerability-specific nature of the Cisco IPS signature, the same signature covers this issue as well as any others that use this technique; just one signature provides protection against all attempts to exploit this vulnerability. As you can see in the graph below this is a heavily exploited vulnerability. Note that these events are any attack attempting to exploit this issue, not necessarily just the Zollard worm.
The graph below is derived from both Cisco IPS and Sourcefire IPS customers. The Cisco data is from customers who have ‘opted-in’ to network participation. This service is not on by default. The Sourcefire data below is derived from their SPARK network of test sensors. This graph is showing the percent increase of alert volume from the normal for each dataset at the specified time.
Read More »
Tags: #IoE, clamAV, Internet of Everything, IPS, IPS signatures, malware, Sourcefire, TRAC
In October, we were delighted to announce the completion of our acquisition of Sourcefire. With Sourcefire on board, Cisco provides one of the industry’s most comprehensive advanced threat protection portfolios, as well as a broad set of enforcement and remediation options that are integrated, pervasive, continuous, and open.
Within three weeks of the acquisition closing, we completed the first deployment into a highly secure data center and we are quite impressed with the results, to say the least! Within the first hour, we began seeing some interesting things from our network. The implementation was already giving us insights into our data center that we never had before!
Read More »
Tags: data center, data correlation, network visibility, security, Sourcefire, threat protection