Year: 2015

June 26, 2015 1 Comment
Avatar

AMP Threat Grid integrates with Tripwire Enterprise

Today’s threat landscape is completely different than last year; and next years will be, not surprisingly, even worse. The Industrialization of Hacking has spawned a new era of professional, entrepreneurial, and resourceful cyber criminals. In recent year’s dynamic malware analysis (aka sandboxing) has become the shiny new technology that we all want, no, need to have. At one time anti-virus held this position as well, and the same will eventually be said of sandbox technology used to fight advanced malware.

You may have purchased a sandbox a few years ago but it’s likely that your malware analysis needs have gone beyond the traditional sandboxing technologies that simply extract suspicious samples, analyze in a local virtual machine, and quarantine. You need a more robust malware analysis tool that fits into your infrastructure and can continuously detect even the most advanced threats that are environmentally aware and can evade detection.

Tripwire recently partnered with Cisco and integrated the AMP Threat Grid dynamic malware analysis solutions into Tripwire Enterprise. But why choose this dynamic malware analysis tool? After careful evaluation there were a few key reasons to integrate this tool versus others:

  1. It’s not just dynamic malware analysis

    AMP Threat Grid provides both static and dynamic malware analysis, and a full subscription provides an API that is used to seamlessly deliver context rich threat intelligence into existing security technologies.

  2. Not everyone out there is a security expert

    Heck, very few are. AMP Threat Grid was designed to empower junior security analysts by providing a Threat Score so they can easily determine how malicious a sample is. The behavioral indicators are written in plain English so they can understand what the file is doing, and why its behavior is malicious, suspicious, or benign.

    Tripwire Sandboxing 1

  3. Lack of instrumentation

    AMP Threat Grid was designed without any instrumentation inside the virtual machine. Most experts agree that around 40% of today’s malware is environment aware, checking to see if it is running in a sandbox or the age of the operating system before detonating.

There are 3 ways that most people deploy a malware analysis tool:

  1. A stand-alone solution designed to feed itself samples for analysis without dependency on other security products. This has the most flexibility in deployment but adds significant hardware costs and complexity to management and analysis, especially for distributed enterprises.
  2. A distributed feeding sensor approach, such as firewalls, IPS, or UTMs with built-in sandboxing capabilities. These solutions are usually cost effective and easy to deploy but are less effective in detecting a broad range of suspicious files including web files. They can also introduce bandwidth limitations that can hamper network performance and privacy concerns when a cloud-based solution is the only option.
  3. Built into secure content gateways, such as web or email gateways. This approach is also cost effective but focuses on web and email channels only and also introduces performance limitations and privacy concerns.

Since Tripwire is already monitoring and collecting the data on your mission critical systems, these approaches don’t seem to work. But there’s a fourth way that actually takes the best of what these approaches offer and raises the bar to help you fight well-funded attackers that get better at what they do every day: Cisco AMP Threat Grid. Through AMP Threat Grid, Cisco offers advanced malware analysis and intelligence that delivers integration directly with Tripwire Enterprise providing you with a better ROI and more visibility into what is happening in your environment. Tripwire has integrated AMP Threat Grid into their Tripwire Enterprise, providing both static and dynamic analysis so you can better understand the malware targeting your organization, as well as the ability to automate the consumption of threat intelligence into your existing security infrastructure.

How does the Integration actually work?

AMP Threat Grid’s content driven security analytics dynamically and statically analyzes all submitted files, executing the sample in a safe environment, examining the behavior of the samples, and correlating the results with hundreds of millions of other analyzed malware artifacts. In less than 10 minutes AMP Threat Grid reports back and Tripwire Enterprise tags the file with the result. This enables Tripwire Enterprise customers to prioritize actions for changes on systems with threats identified by AMP Threat Grid and initiate workflow actions for quick remediation.

Tripwire Sandboxing 2

Not only does AMP Threat Grid analyze a broad range of objects, but those interested in an AMP Threat Grid subscription will also be provided with deep analytics capabilities wrapped with robust context. With over 350 behavioral indicators and a malware knowledge base sourced from around the globe, AMP Threat Grid provides more accurate, context rich analytics into malware than ever before. Tripwire customers can register for their free demo here.

Authors

Avatar

Joe Malenfant

Director, IoT Marketing

Internet of Things (IoT)

June 25, 2015 Leave a Comment
Avatar

Statement of Jennifer Sanford on Passage of Trade Package

Congress has now approved a landmark trade package including Trade Promotion Authority and Trade Adjustment Assistance.  This is a significant accomplishment that just a week ago looked in serious doubt.

This trade package will give President Obama the ability to conclude negotiations on the TransPacific Partnership; it gives Congress the authority to establish priorities in those negotiations, and it provides $1.8 billion for worker re-training.

Free trade supports American jobs.  At our facility in Research Triangle Park, North Carolina, for instance, some 4,500 plus jobs are supported by free trade, including hundreds of jobs at our technical assistance center.  Put simply, our engineers in North Carolina couldn’t help customers in Europe, Asia and the Americas if data is not able move freely around the world. The TPA bill supports this kind of digital trade.

The economic impact of free trade goes well beyond one company or one industry.  It affects every sector of every industry in the economy.  According to the Business Roundtable, free trade supports 39.8 million jobs across the nation.

On behalf of Cisco, I’d like to thank President Obama for his leadership on trade, as well as Republican and Democratic members of both the House and the Senate for their courageous votes on this issue.

Enacting this legislation is a critical part of ensuring American competitiveness over the next generation.

Authors

Avatar

Jennifer Sanford

Senior Director, International Trade Policy

Cisco Global Policy and Government Affairs

1 Comment
Avatar

Big Data. Big Opportunity. Real Simple: Practical Steps to Building Your Big Data Practice.

I talk to partners every day about the big data opportunity. We know that partners who sell UCS see dramatically larger deal sizes for big data opportunities.  We know all of this and still there is a lot of caution and skepticism from partners about jumping into this new world of big data and analytics.  I have heard comments from many partners, like:

  • “It’s just hype, another fad”
  • “I will ride this out and wait for the wave to pass and go on with business just like I always have”
  • “I am driving revenue and growing my business, why do I need to worry about this Big Data thing. I am not going to hire a “data scientist”!  I’m not even sure what I would do with one if I hired one!”

There is indeed is a lot of hype about big data and analytics today – it is everywhere. However, it is not a fad, and it is not going away. The world is moving to the Internet of Things (IoT) and the Internet of Everything (IoE), and big data is projected to be the next evolution of IT.

As IoT and IoE gain momentum, enterprises are deploying new data-creating sensor at the far reaches of their networks and billions of new connections are being made.  Cisco anticipates that 50 billion things will be connected by 2020.  Those connections are creating enormous amounts of data.  The ultimate success of IoT and IoE is all about being able to turn that data into insight.  Insights that drive organizational improvements such as delivering products faster, fueling higher productivity or predicting customer demand.  Big data and analytics is all about driving business outcomes from IoT and IoE. Continue reading “Big Data. Big Opportunity. Real Simple: Practical Steps to Building Your Big Data Practice.”

Authors

Avatar

Pamela Erdman

Manager, Business Development

Global Partner Organization (GPO)

7 Comments
Avatar

How to Land Yourself in A Dream Career in Cybersecurity

Last week I had the wonderful honor of being a presenter in the Cisco Networking Academy Find Yourself in The Future Series. To date this series has attracted over 9000 live attendees, which is testament to the extremely high levels of interest in technology careers in this region as well as the extraordinary efforts of the APAC marketing team. One figure blew me away in particular: 70% of attendees are interested in pursuing careers in cybersecurity.

Cybersecurity is an incredibly exciting field. It draws in some of the most talented technologists and brainiacs and in many ways cybersecurity is similar to a game of chess. It’s about anticipating and staying ahead of your opponent. It’s also about learning to think like the bad guys except that he patterns are anything but predictable and then doing good. And, that feeling of contributing to the good of humankind is intensely gratifying.

Cybersecurity is such a diverse field and it intersects with just about every area of technology and even behavioral sciences. And, it’s this intersection that will enable students to pursue their dream careers in cybersecurity. Imagine a career in cybersecurity that intersects with medicine. Today people could die from hackers sending fatal doses to hospital drug pumps and you might have a vision for solving this life-threatening problem. In my work one of my goals is to provide our chidren a safe, digital playground. This combines my interest for education with privacy and digital safety.

On last week’s presentation I suggested students take the following steps to achieving their dream careers. And, it’s these very steps that have been major enablers in my career too.

  1. Find an area of cyber security that is particularly compelling and exciting to you. Or find the intersection of cybersecurity with another field and think of ways that you could change or influence the industry.
  2. Research that area on the web and learn as much as you can about it.
  3. Explore possibilities of being an intern in an organization that is pursuing innovative directions that coincide with your interests.
  4. Find a mentor. Mentors both help you grow your career as well as help you navigate a workplace. If you can find a way to help the person who is mentoring you, for example, research a new area, then you become very valuable to your mentor too.
  5. Finally, think about your career in a series of phases. What you might start out doing may be very different to what you do in 20 years from now. So think about companies that allow you to evolve and career paths that are flexible.

We live in an increasingly insecure digital world. The upside is that that cybersecurity will continue to be a much sought after skillset in the workforce. And, if I can help you pursue your dream career in cybersecurity, please reach out to me and if you missed the session you can view the recording on YouTube.

https://www.youtube.com/watch?v=2RCJ65tAZjU

Authors

Avatar

Evelyn de Souza

Cloud Data Governance Leader

Chief Technology and Architecture Office

16 Comments
Avatar

The Digital Vortex, Where Disruption Is Constant and Innovation Rules

Given the breakneck pace of technology change, business leaders can be forgiven for feeling as if they are living in a vortex. That’s because, in many ways, they are.

In a real vortex, rotational forces draw everything to the center, where objects collide and combine in unpredictable ways. To me, that sounds like business as usual in the Internet of Everything (IoE) era.

The Digital Vortex is the inevitable movement of industries toward a “digital center” in which business models, offerings, and value chains are digitized to the maximum extent possible. The result is “components” that can be readily combined to create new disruptions that blur the lines between industries.

Digital Disruption by Industry. Source: Global Center for Digital Business Transformation, 2015
Digital Disruption by Industry. Source: Global Center for Digital Business Transformation, 2015

Continue reading “The Digital Vortex, Where Disruption Is Constant and Innovation Rules”

Authors

Avatar

Joseph M. Bradley

Global Vice President

Digital & IoT Advanced Services

7 Comments
Avatar

Digital Transformation in the Oil & Gas Industry: “Drill, Data, Drill!”

“Drill, baby, drill” makes for an easy mantra when it comes to energy exploration, but the oil and gas (O&G) industry moved past simply drilling long ago with the introduction of digital information processing. For example, integrated production modeling was introduced in the 1970s. With the recent turmoil in the energy industry, the stakes are even higher for O&G companies to work smarter and more efficiently. Forward-looking businesses are making the transition to true digital transformation, which requires the adoption of the Internet of Everything (IoE)—the networked connection of people, process, data, and things—throughout the entire O&G value chain. According to a recent Cisco study, of these four IoE elements, essential “data” is the component most in demand—and the element that needs the most improvement.

Survey respondents identified “data” as the area of IoE they need to improve most to drive insight and value.
Survey respondents identified “data” as the area of IoE they need to improve most to drive insight and value.

However, in many cases it’s not data that’s lacking; O&G firms are awash in data generated by sensors and machines spread throughout their far-flung operations. The struggle comes in capturing real-time operating data closest to the point it’s created, analyzing it in real-time and applying the results to improve functional and business capabilities. To capitalize on the wide range of data IoE generates, O&G firms must overcome three key challenges:

  • Automating the collection of data
  • Integrating data from multiple—and often far-flung—sources
  • Analyzing data to effectively identify actionable insights

Continue reading “Digital Transformation in the Oil & Gas Industry: “Drill, Data, Drill!””

Authors

Avatar

Mala Anand

No Longer with Cisco

7 Comments
Avatar

Application Visibility Makes Parenting Easier!

internet usage-v1.Parenting in a hyper-connected world is increasingly challenged by lack of visibility into children’s internet usage, and by limited controls to customize internet usage policies per child. About a year ago, I installed a home router with parental-controls. My kids (teenage girls!) quickly complained about the additional latency it introduced on the network. User experience was clearly in the tank. I soon discovered that those controls were not granular enough to customize for different times of the day, for different users, and down to individual devices.

By then, I realized that I had to fundamentally rethink my home network in order to become a more effective parent. I needed better insight into my network’s traffic. Finally, last fall, the geek in me awakened and I deployed a full-fledged Cisco network in my home with advanced Application Visibility & Control (AVC) capabilities, providing me deep insight into my home’s internet traffic.

Continue reading “Application Visibility Makes Parenting Easier!”

Authors

Avatar

Hugo Vliegen

VP of Product Management and Technical Marketing

Enterprise Routing and SD-WAN

June 24, 2015 Leave a Comment
Avatar

Quick Tips for Tracking Alerts

It’s no secret, networks, in general, are more challenging to manage than before.

As networks increase in complexity to embrace new business innovations, they may require more supporting devices, which, in turn, can result in even more alerts to manage.

If you’re a network manager or security officer, what are you going to do?

At Quintiles, they started using Smart Net Total Care to identify devices that might have security vulnerabilities. In the centralized portal, their IT team could easily access information on each type of alert, which is displayed by category or device and contains summary information with a link to the actual alert on Cisco.com.

“In the past, our security team would receive a notification and need detailed data from us to determine our level of risk,” says Wil Bolton, senior network systems engineer for Quintiles. “Now we can be proactive, because we can check the portal and know immediately. We have already completed some critical upgrades based on PSIRT information and can be confident that we are aware of a potential vulnerability.”

So, how are you going to quickly identify risks and network vulnerabilities? How will you reduce time chasing irrelevant alerts, so you have more time to focus on projects you care about?

 

We’ve put together six suggestions to help you better manage your alerts.

1. Develop an Alert Review Processdoan thai blog

  • Determine what your main goals are for alert management. For instance, being proactive and reducing the number of problems; simplifying day-to-day operations; or freeing up time for more strategic work.
  • Decide on a regular alert review schedule and follow it
  • Make sure all team members are involved in the process, understand it and know what they need to do with the information.
  • Establish a timeline for reviewing your results – monthly, quarterly, biannually, etc.
  • Evaluate what’s working and what’s not and make adjustments

2. Prioritize Alerts by Business Needs

Every team should have its own set of critical considerations for prioritizing alerts. These might include potential security vulnerabilities, business criticality of the device, the service-level agreement (SLA) type, equipment replacement costs, device location, and the software and hardware lifecycle. Additional factors may make your team’s list, but no matter what they are, establishing a predetermined set of factors and a hierarchy of their importance will help your team have a clear view of alert priorities.

3. Tag Alerts

Put your process into action. With a clear, established process, when the main reviewer tags alerts for action, the team knows what steps to take to manage the alert, and the team members can annotate what they did, so there is a reference record.

4. Maintain an Alerts Record

Whether you addressed the alert or chose not to address it, record how you responded and why. Creating a detailed record provides critical context for retrospective analysis. It also maintains a record of which alerts have been addressed for other team members. So when team members are addressing remediation steps or are seeking TAC support, they have important background on hand.

6. Review Alert Status

You should compare the before and after status of your alerts to make sure all your most important items have been addressed. With a detailed report, you can easily keep track of what’s new and what’s been addressed. If you are using Smart Net Total Care, a delta report quickly identifies alerts from a specific time period for your review.

What alert tracking tips have worked for you?

Learn More

Join the Conversation

Please feel free to comment, share and connect with us on Facebook, LinkedIn, @CiscoEnterprise, and the Enterprise Networks Community.

 

Authors

Avatar

Doan Thai

Services Marketing Manager

Global Customer Success Team

Leave a Comment
Avatar

Like Chalk and Cheese: Cisco ASA 5506-X with Release 9.4.1 – Policy Based Routing

Cisco ASA 5506-XEarlier this Year, Cisco introduced the Cisco ASA 5506-X with FirePOWER Services. This Model should replace the successful and smallest Security Solution, the ASA 5505. Designed for the Small Business and a new era of threat and advanced malware protection Cisco ASA with FirePOWER Services delivers an integrated threat defense for the entire attack continuum. BEFORE, DURING and AFTER.

As Desktop version, the Cisco ASA 5506-X builds an easy entry for a:

 

Cisco ASA 5506-X 1

  •  Superior Multilayered Protection
    • Site-to-site and remote access VPN
    • Granular Application Visibility and Control (AVC)
    • Highly effective threat prevention and full contextual awareness
    • Reputation- and category-based URL filtering
    • AMP provides industry-leading breach detection effectiveness
  • Unprecedented Network Visbility
  • Reduced Costs and Complexity security Solution

Continue reading “Like Chalk and Cheese: Cisco ASA 5506-X with Release 9.4.1 – Policy Based Routing”

Authors

Avatar

Sven Kutzer

Technical Solutions Architect

Global Security (GSSO) – EMEAR – Advanced Threat