Cisco Blogs


Cisco Blog > Security

The Internet of Everything, Including Malware

December 4, 2013 at 1:09 pm PST

We are witnessing the growth of the Internet of Everything (IoE), the network of embedded physical objects accessed through the Internet, and it’s connecting new devices to the Internet which may not traditionally have been there before. Unfortunately, some of these devices may be deployed with a security posture that may need improvement.

Naturally when we saw a few posts about multi-architecture malware focused on the “Internet of Things”, we decided to take a look. The issue being exploited in those posts is CVE-2012-1823, which has both an existing Cisco IPS signature as well as some for Snort. It turns out this vulnerability is actually quite heavily exploited by many different worms, and it took quite a bit of effort to exclude all of the alerts generated by other pieces of malware in Cisco IPS network participation. Due to the vulnerability-specific nature of the Cisco IPS signature, the same signature covers this issue as well as any others that use this technique; just one signature provides protection against all attempts to exploit this vulnerability.  As you can see in the graph below this is a heavily exploited vulnerability. Note that these events are any attack attempting to exploit this issue, not necessarily just the Zollard worm.

The graph below is derived from both Cisco IPS and Sourcefire IPS customers. The Cisco data is from customers who have ‘opted-in’ to network participation. This service is not on by default. The Sourcefire data below is derived from their SPARK network of test sensors. This graph is showing the percent increase of alert volume from the normal for each dataset at the specified time.

zollard_cisco_sf

Read More »

Tags: , , , , , , ,

Sourcefire in Our Data Center – The First Inline Production Deployment at Cisco

In October, we were delighted to announce the completion of our acquisition of Sourcefire. With Sourcefire on board, Cisco provides one of the industry’s most comprehensive advanced threat protection portfolios, as well as a broad set of enforcement and remediation options that are integrated, pervasive, continuous, and open.

Within three weeks of the acquisition closing, we completed the first deployment into a highly secure data center and we are quite impressed with the results, to say the least! Within the first hour, we began seeing some interesting things from our network. The implementation was already giving us insights into our data center that we never had before!

Read More »

Tags: , , , , ,

Cisco Partner Weekly Rewind – October 11, 2013

October 11, 2013 at 8:18 am PST

Partner-Weekly-Rewind-v2Every Friday, we’ll highlight the most important Cisco partner news and stories of the week, as well as point you to important, Cisco-related partner content you may have missed along the way. Here’s what you might have missed this week:

Off the Top

Cisco completed its acquisition of Sourcefire this week. This move brings Sourcefire’s competitive technology and talent into the Cisco family, but what does that mean to partners?

Ken Trombetta took some time this week to offer his thoughts on the Sourcefire acquisition’s effect on channel partners. He also affirmed Cisco’s commitment to making the integration as seamless as possible for Cisco Channel Partners.

Be sure to check out Ken’s blog and give us your thoughts on the Sourcefire acquisition. Read More »

Tags: , , , ,

Cisco Closes Acquisition of Sourcefire; What Does that Mean to You?

Mobility, cloud and the Internet of Everything (IoE) continue to change IT security making point product solutions insufficient. The old model of having disparate products securing isolated areas simply won’t protect against the dynamic threats of today’s world. In the ever-growing world of the Internet of Everything (IoE) the number of attack vectors will only increase.  Today’s security solutions require a continuous approach that is much more automatic when handling security threats before, during and after an attack.

The good news for our partners is that the acquisition of Sourcefire is complete. With Sourcefire part of the Cisco family, we will provide partners with a broad portfolio of integrated solutions that deliver unmatched visibility and continuous advanced threat protection across the entire attack continuum, and partners can:

  • Work with one vendor to offer a wide range of industry leading security offerings;
  • Become or remain more competitive in the security space; and
  • Use the support of Cisco to build your security business Read More »

Tags: , ,

SUMMARY – Martin Roesch on Sourcefire Becoming Part of Cisco

October 8, 2013 at 8:43 am PST

Cisco Security has announced the closing of the acquisition of Sourcefire.  Sourcefire founder and CTO (and creator of Snort®) Martin Roesch posted to Sourcefire’s blog this morning to share the news:

“I can tell you with certainty that this is a great match for Sourcefire, for Cisco and, ultimately, for our customers, partners and open source communities” said Roesch.  “From a technology perspective, after having dedicated 15 years to Snort and then to Sourcefire, it’s personally gratifying to be part of building this strong foundation.”

Roesch, now vice president and chief architect of Cisco’s Security Business Group, is excited for the new opportunities presented.  “It’s the new model of security I’ve been talking about for some time.  Now working as part of the Cisco team, led by Chris Young, we can accelerate execution of this vision and make this even more impactful.”

This is just the first exciting news about the acquisition.  As Roesch states in his post, “expect more great things as we continue down this path as ONE team.”

Read the full post: http://blog.sourcefire.com/Post/2013/10/08/1381233600-one-team--sourcefire-is-now-part-of-cisco/

Tags: , , , ,