Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between November 10 and November 17. As with previous round-ups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavior characteristics, indicators of compromise, and how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of date of publication. Detection and coverage for the following threats is subject to updates pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
What is E-rate? Since 1998, E-rate has been the largest source of federal funding for schools and libraries. The program has contributed $47B to support libraries and schools in building wireless networks and Internet connections. Since program modernization by the Federal Communications Commission, $2.6B has flowed to applicants for network equipment and maintenance costs with a goal of assisting schools and libraries in implementing innovative “digital education” curriculum.
People often ask the following questions about E-rate:
What educational benefits has the E-rate program delivered?
How do these benefits extend to classrooms?
What is “digital education” all about?
The answer is simple. By allowing schools to buy network technology, E-rate has been the means to a very worthy end—to enable schools to implement authentic learning practices for students and innovative professional development activities for faculty with the goal of improving academic achievement.
E-rate in action in Oklahoma On a recent webcast, we featured Howe Public Schools. Located in rural, southeastern Oklahoma, Howe is a small district of 650 students. Most students come from low-income households, including a significant number who are members of the Choctaw nation.
“Reimagining education is not about technology or devices, it’s about moving to a truly individualized and differentiated learning experience.”
Dr. Lance Ford, a Cisco educational technology advocate and educator who teaches at Howe Public Schools, shared that Howe, in spite of its small size, made a commitment to revitalizing its network infrastructure and integrating technology into teaching and learning at all grade levels.
Here are five ways Howe is using technology to change the way students learn:
Students are able to attend an expanded number of courses—e.g., advanced courses and special electives via two-way live distance learning with other schools—beyond what the district could offer on its own. Students have access to content that’s tailored to their interests, so their motivation to learn remains high.
Virtual field trips enable Howe’s students to develop a vision of the world beyond their local town. Outside experts are able to connect live with classes and augment the curriculum with specialized expertise and lessons.
Student research experiences have morphed into collaborative projects where students learn from each other as teachers act as learning coaches instead of lecturers.
Teachers can customize their professional development so that they can focus on the areas most important to them and their students.
Learning continues in Howe beyond the classroom. The school network supports connectivity from school buses so students can continue their studies on long rides between home and school.
Managing the changes needed to implement this curriculum wasn’t easy, but Howe has remained focused on an incremental approach to its technology investments. E-rate funding and federal grants—such as the RUS-Distance Learning and Telemedicine Grant—have provided much needed financial support.
To learn more about the teaching and learning initiatives at Howe Public Schools, check out our recent webcast.
Whatever you think the future might bring, one thing is certain—it will be about transformation and choice. The transformation is certain—it’s already here and accelerating. But how that transformation takes shape is still our choice.
This comic book prototype of the Future of Work has been one way to imagine some possible scenarios: How can we shape a future that is human-centered, inclusive, and diverse? Can we design artificial intelligence and robotics solutions that augment human workers, rather than replace them? How can we use technology in a thoughtful, humane, and ethical way? What would it mean to empower “gig” workers to create their own flexible, portable jobs, with a reasonable expectation of reasonable wage growth, stability, and affordable benefits?
We’ll be diving deeper into these questions, and developing real solutions to help shape the Future of Work at our next Cisco Hyperinnovation Living Labs (CHILL) event in February. I have a growing sense of excitement as I see the cohort of innovation partners for this lab begin to take shape. They are leading companies with the power to influence the transformation of their industries. We have room for a few more forward-thinking enterprises to join us. If your company has a vision for rapid, industry-shifting innovation, let’s talk. Send an email to AreYouIn@cisco.com or join the conversation on Twitter @katecokeeffe.
Meanwhile, let’s rejoin our comic book hero Gail, as she faces her own choice—and transformation.
Four sites with four separate networks. No VPN capabilities, no streamlined network management, and no IT budget. Limited wireless access, inhibiting student learning and staff collaboration. Only a five person IT team. Starting to sound like a nightmare?
This was the reality for Ascend Public Charter Schools, located in Brooklyn. Emeka Ibekweh, Managing Director of Technology, inherited very old, traditional controller-based, networking equipment when he joined in 2013. He was faced with challenges that are all too familiar to IT admins: each school had a separately managed network, there was limited wireless access for students and staff to use, and making network configurations or upgrades had to be done manually, on-site. This was not only taxing the IT team, but making it nearly impossible for students to benefit from digital learning resources and requiring staff to use traditional teaching methods. Emeka knew he needed to make a change — so when he received E-rate funding, he jumped right into a network refresh.
Having used Cisco before, Emeka decided to start there. He and his team trialed Cisco Meraki, and after seeing that he could manage all of his networking equipment from one easy-to-use dashboard, he was sold. They purchased Meraki access points, switches, and security appliances and began to roll them out across all of their schools. They immediately saw the benefits – from being able to quickly make configuration changes, to viewing all network traffic, to easily creating separate and secure SSIDs. Plus, students and teacher could now easily and reliably log onto the network, improving student learning initiatives and increasing collaboration among teachers and staff. It really was a dream come true.
Now, nearing the end of 2017, Ascend Charter Schools has grown to ten schools spread across eight buildings and Meraki has continued to grow with them. With each new school, Meraki is quickly deployed at each site, providing unparalleled network access for students and teachers. Emeka and his team now have complete visibility into their network, easily identifying which APs are receiving the heaviest load, which switches are using the most power, what content is being filtered, and where the bandwidth sinkholes are coming from. He can now manage his entire network from a single, simple interface, easily pushing firmware upgrades and running cable tests with the push of a button.
To learn more about Ascend’s Meraki deployment, what products they use, and what they plan to do next, read the full case study. Watch the webinar recording to see a live demo of Ascend’s Meraki dashboard.
So many newsworthy hacks in recent years have had a staggering impact on literally millions of consumers and businesses. While these hacks have perhaps made us numb to their effects, the reality is these breaches represent the new normal in today’s digitized world. And given that attackers are growing in number, sophistication and intensity, many global businesses must continuously evaluate their cybersecurity strategies just to keep up.
The Need for a Simpler and Integrated Security Solution
What stands out in many breaches is not that adversaries were able to penetrate the network through a known vulnerability. Rather it is the fact that the security breaches made their way into the network interior, then were not detected for months after the initial infiltration! While we do not know if this lag is due to poor processes, technology shortcomings or both, what we do know is this confirms the alarming industry trend that it takes businesses on average between 98 to 200 days to detect cybersecurity attacks that have entered their networks. So, the delay in publicly announcing many recent breaches, coupled with long detection times means hackers have many months to laterally move and steal our most valuable personal data.
Recent breaches also make it evident that organizations’ security strategies (or lack thereof) are not robust enough to identify and contain security threats in a timely manner. Forward thinking security executives understand that implementing a strong security strategy is essential to maintaining the health and integrity of their businesses. In fact, according to our recent cybersecurity report, 74 percent believe their tools are very or extremely effective in blocking known security threats. [1]
However, many security leaders mistakenly believe that just having security tools that focus on visibility and blocking at the point of entry is sufficient enough to protect their networks. The truth is with the proliferation of threats far outpacing these network defense tactics, the subsequent gap can never fully be closed. Businesses need more than just point-in-time detection technologies because attackers design threats specifically to elude initial detection. If a single file goes undiscovered or if it evolves and becomes malicious after entering the environment, you need to quickly trace its steps to identify the behavior and have controls that limit these viruses from spreading across the network. Hence organizations need to be able to immediately detect, block and defend attacks when they are happening as well as the means to quickly scope, contain and remediate those threats.
Contain Your Security Breaches with TrustSec
While building those additional security capabilities may seem straightforward, the process can be quite complicated. For example, if organizations were to contain security breaches through traditional segmentation and access control methods, they would likely be overwhelmed with having to manually reconfigure the expanding networks of VLANs and dACLs which could require a significant amount of time and costs. By the time this effort is completed, cybersecurity attackers may have already accomplished the objectives of their attack while leaving significant damage in its wake.
Cisco is uniquely positioned to address these aforementioned issues through its proven, disruptive software-defined segmentation technology: Cisco TrustSec.
TrustSec enables companies to apply software-defined segmentation dynamically across their networks through business/security policies that are abstracted from IP addresses and VLANs. It does this by organizing device endpoints and users into logical groups, security group tags (SGTs), that describe the permissions on the network, thereby making it easier to assign new policies without having to spend time and money reconfiguring existing networks.[2] Given that TrustSec is embedded within Cisco’s portfolio of network technologies, policies can be centrally created and quickly distributed across the network thereby ensuring that assets are protected during an attack while providing the right users with unobstructed access to the right resources at the right time.
TrustSec is especially potent when it is combined with Cisco Identity Services Engine (ISE). When malicious attacks (i.e. successful breaches) occur, ISE provides the contextual identity of the infected devices and enforces segmentation policies through TrustSec to quickly isolates those infected sources from moving laterally across the network.
While cybersecurity threats represent the new normal and will only get more sophisticated as time goes on, Cisco will always be at the forefront with game changing solutions that will help businesses redefine their security strategy.
Click here to learn more about Cisco TrustSec. You can also learn how ISE and TrustSec can address ransomware like WannCry here.
It was an amazing week. The vibe, the enthusiasm, lots of energy, smiling faces, nice and sunny days with the perfect scenario; the Mexican Caribbean.
Those who have attended any Cisco Live can testify to the above statement, and after such a week with so many things happening at the same time, you need some time to sit down think about the week and do some closing thoughts. Here are mine:
Opening Keynote.
Ruba Borno, Vice President of Growth Initiatives and Chief of Staff to CEO, kicked off Cisco Live on Monday doing an analogy of Maslow’s hierarchy of needs with 6 imperatives for business digitization. According to Ruba’s blog, there are six imperatives every organization should be thinking about when approaching business digitization. The third imperative focuses on the multicloud world. I’ll continue this blog from there.
Cloud, Intercloud & Multicloud
An interesting topic circulating during the Cloud Days on Monday and Tuesday was: what happened with Intercloud? As you probably know it came to an end but I have some interesting final thoughts. The market move differently of what we thought it would happen and cloud providers grew faster in very innovative ways. However, the actual concept of customers having multiple cloud options it’s a reality. According to IDC’s 2016 CloudView survey, 84% of customers had plans to use multiple clouds and the latest numbers from the same study in 2017 now indicate that 94% of customers will use multiple clouds. It truly is a reality; IDC’s data also indicates that 58% of cloud adopters work with at least four cloud vendors and 15% work with at least ten cloud vendors. So, let’s start from here; there is no cloud and certainly no Intercloud ; ) but the industry indicates that It’s a multicloud world after all.
A sample of cloud adoption in LATAM
IDC has profiled several organizations around the world and has come up to a conclusion that there are 5 maturity levels with regards to cloud adoption:
Cisco, in collaboration with IDC, has developed a cloud assessment tool, the Business Cloud Advisor that can help organizations assess themselves in their cloud maturity level. During Cisco Live, we had some attendees doing the assessment and here are some findings:
According to IDC, there’s only 11% of global organizations interviewed who have an optimized cloud strategy and they have significant and tangible key performance indicators such as 11% of revenue growth, 87% in reduced times to provision IT services and 77% in IT cost reduction. I wonder why we didn’t have one from our Cisco Live results. Perhaps one of the following?
Lack of a formal governance process for reviewing and approving cloud service catalog items and operational policies.
Exploring reporting processes to integrate cloud into existing governance processes and policies.
Rationalize the IT procurement process to support a shift to subscription, pay-as-you-go pricing.
Evaluation and documentation of technical and business risks that are associated with different cloud services and platforms.
Who knows, every case is different. If you want to assess your organization, click here.
Cisco, Multicloud and Google
Every company is going through changes that are becoming radical for their business survival. In some cases, we’ve seen some “cloud mandates” which means that there is an instruction from the top down of the organization to go all cloud but what does that really mean? What does a cloud first strategy mean or cloud native? My point here is that to achieve any of those, you need to enable your infrastructure, your users, applications and data to run smoothly in a safe connection when traveling to or from the public cloud and making sure that you understand what the performance is. That is why, at Cisco, we believe that every customer needs to have a strong base in networking, security, analytics and management. By achieving this, you’ll be able to navigate in a fragmented and complex multicloud world.
We don’t optimize for one’s cloud. We help you enable your multicloud challenges and, we can also work with other great public cloud providers such as Google as per the exciting recent news.
Learn more about what Cisco can do for you. We are not just a “plumbing company.” We can really help you in such topics such as Kubernetes, Istio, Apigeee, through our alliance with Google, and other well known topics such as automation, orchestration and, of course, a network intuitive.
It was indeed an awesome week. Thank you @CiscoLiveLatam, I’ll continue my journey into this multicloud world!
Every year, the U.S. Chamber of Commerce Foundation honors businesses for their strategic and sustained positive impact on people, communities, the environment, and society.
Cisco is proud to have been selected as the winner for this year’s Citizens Awards, in the Best Commitment to Education Program category, for the Cisco Networking Academy program. This award recognizes a strategic initiative focused on improving educational outcomes for students and one that demonstrates measurable results.
Cisco Networking Academy addresses the growing need for IT talent by equipping students with entry-level technical and 21st-century career skills. Cisco licenses the e-learning curricula, assessments, simulation software, and a learning management platform for free to nonprofit learning institutions. Instructor professional development and experiences like hands-on labs and global competitions are also available. To date we’ve contributed $3 billion in in-kind contributions.
This year we are celebrating 20 years of impact: the program has prepared more than 7.8 million students across 180 countries for IT careers since 1997. Since 2005, 1.6 million participants reported that completing the program helped them obtain a new job.
Networking Academy provides accessible education to students regardless of socio-economic background, location, gender, or career stage, including those in underserved communities like veterans, prisoners, and people with disabilities.
Changing lives
The education we provide has the power to change the trajectory of our students’ lives. From helping them to find work and elevate their careers to transforming their communities. Nuray Guerler was a student who took advantage of the hands-on aspect of the Networking Academy curriculum.
During her CCNA courses, taken at SFZ Förderzentrum Academy in Germany, a vocational training center for people with visual impairments, Nuray learned to solve practical networking tasks and connect routers and equipment in the classroom by touch, memorizing the shape and functions of equipment. She used a screen reader to translate the CCNA course materials into a Braille display, and her instructor read questions and described pictures to her during exams.
Nuray, picture above, passed her certification exam and shortly after registering her profile on a job search site, received an invitation to interview. She got the job and now works as an IT trainer in an engineering office, teaching wherever she is needed – Halle, Leipzig, Dresden, or Chemnitz.
She believes that her CCNA certification was key to her success in getting an interview and recommends the CCNA course and Networking Academy program for anyone who is inspired by the subject, saying: “Handicapped persons have to fulfill 150% to get the same recognition. Networking Academy can only make things better.”
Changing education
The more educators we’ve met, the more they’ve taught us. Today, Cisco Networking Academy schools and educators are at the forefront of new teaching methods and resources, delivering a curriculum that extends beyond technical training to the problem-solving and entrepreneurial skills students need to get a job or create their own businesses.
The Networking Academy curriculum builds a solid digital foundation through courses like Networking Essentials, Cybersecurity Essentials, and Programming Essentials in C++, and focuses on collaborative learning to develop deeper, transferrable problem-solving skills.
For Bhaskar Gandhavadi, pictured left, IT training became more than an occupational need; it was his life’s work. For 30 years, he volunteered to teach IT skills in his home state of Telangana, India, but with 100,000 yearly graduates from 240 colleges, only six percent were employable in IT.
Bhaskar was chosen to lead the Telangana Academy of Skills & Knowledge (TASK), a government-sponsored nonprofit, to search for a solution. At Bhaskar’s urging, TASK teamed up with Cisco Networking Academy to provide the software, hardware, teaching tools, infrastructure, and financial backing to modernize the state’s IT curriculum. In the program’s first year, 20 colleges, 2000 students, and 45 instructors participated.
Of the program, Bhaskar said, “Most of my students are from underdeveloped communities but hope for a better life, and the Networking Academy has really helped with that.” The students of Telangana now have the skills and the confidence to find higher paying tech jobs right out of school, changing their lives and their communities.
Changing futures
For 20 years, Cisco Networking Academy has inspired people to take on the trends, technologies, and challenges of changing the world. Networking Academy has broken an all-male hiring cycle in Sri Lanka, helped an at-risk teenager in Monterrey, Mexico escape the influence of gang and drug violence, and given a single mother and former hospitality industry worker the skills to change her life and become an engineer.
When is the last time you made a major personal purchase, like a car? How much time did you spend researching options before you finally made your decision? Turns out, most people spend 15 hours actively researching before buying a car. And once you buy it, you spend more money on gas, oil changes, tire rotations, and other maintenance. And the car’s value begins to depreciate as soon as you drive it off the lot.
When is the last time you purchased a new small-business phone system? How much time did you spend researching? Did you know what features and benefits to look for?
If you are in the market for a new phone system, it’s worth spending some time doing product research. Especially considering that unlike a new car, a phone system can actually save money or even help you make money.
5 things to look for
Simple management. Not everyone is a mechanic, so most people want a car that is easy to maintain so they don’t have to take it into the shop regularly. Likewise, most small businesses don’t have huge IT departments to manage complex communications systems. In some cases, you may have only one IT person who handles all your technology. When you buy a new phone system:
Take a look at the back-end management and make sure that the upkeep requires minimal effort.
Find out if it’s easy to complete day-to-day tasks like adding new lines, changing extensions, resetting passwords, etc.
Remember, less time spent maintaining the phone system means you can spend more time on other, more productive activities around the office.
Quick setup and personalization.Most people want to go into a car dealership and drive off the lot a few hours later. No one wants to spend several days without having a car to drive. You should expect the same thing when installing a new phone system. Setting up a new phone system can be painful, especially if you install a more complicated phone system.
Make sure that the solution you purchase can be installed quickly, with little or no downtime for your communications.
Confirm that the phone system can be customized quickly to meet any particular needs that your small business may have.
Pricing for small-business budgets. There are lots of small-business phone systems on the market, ranging from low-cost basic solutions to expensive enterprise-level platforms. At times the adage “you get what you pay for” can be true, so be wary of cheap phone systems offered by companies without IP telephony experience. At the same time, you probably don’t have the luxury of spending huge sums of money on a communications platform. Do your homework and find a phone system that meets your needs without being overpriced. And don’t forget to factor in reliability and maintenance (think gas mileage and oil changes) into the equation to understand the total cost of ownership.
Flexibility to grow with your business. Today, more than ever, companies need to be agile. One of the best ways to be agile as a small business is to implement a flexible communications system that can adapt with you. Would you buy a two-door coupe with a baby on the way? Verify that your phone system vendor provides an easy migration path for upgrades. Specifically:
Look for subscription licensing plans that let you upgrade your software as new versions become available to simplify adding capacity.
Double-check that you can use the same IP phones if you upgrade to a larger system since phones are a major investment.
Support of a trusted communications vendor. Would you buy a car from a brand you have never heard of? Countless vendors offer small business phone systems, but not all vendors are created equal. Your communications platform is the face of your company and a phone system is a significant long-term investment. It’s how your employees interact with customers and partners. Make sure you are working with a company that has experience providing reliable communications and will be there to support you for many years to come.
Choose Cisco for your telephony needs
Cisco has been the leader in corporate telephony for more than a decade. When you partner with Cisco, you get the latest technology from an industry-leading communications company.
We also offer a great IP phone system for small businesses. The Business Edition 4000. It’s a modern, cloud-managed IP phone system that is optimized for small businesses with up to 200 phones. Help your business improve communications, simplify IT management, and save money.
Billions of corporate messages flow back and forth on a daily basis. And with over 90% of breaches starting with an email, organizations today face a daunting challenge when choosing the best email security solution to stop emails with phishing links or malicious attachments that unleash ransomware, phishing or business email compromise attacks. Securing the most important business communication tool is a tall order indeed. This is why we’re proud to share that Cisco Email Security has been named Top Player on Radicati’s Market Quadrant for Secure Email Gateways 2017 for the second consecutive year.
After analyzing a total of 16 vendors, including Microsoft Office 365, Radicati chose Cisco Email Security as the best solution. Radicati analysts looked closely at the breadth and depth of each product’s capabilities. What made the difference? Our multi-layer approach with best-in-class capabilities that include:
Superior threat intelligence: Talos is our solution’s foundation and one of the world’s most comprehensive real-time threat detection networks. Talos analyzes 600 billion emails daily and correlates data from the best intelligence feeds and from all points in the attack kill chain for a comprehensive view of the attack landscape. With over 250 threat researchers, Talos detects and blocks more threats and prevents zero-hour attacks by continually updating our customers’ email security solutions.
Advanced threat protection: Radicati also highlighted Advanced Malware Protection (AMP), which protects Cisco Email Security customers from threats like ransomware, hidden in malicious attachments. What’s particularly powerful about AMP on Email Security is that it’s part of a broader ecosystem that enables Email Security customers to see more threats in more places. For example, if an AMP for Endpoints customer in Germany receives a new malicious file, that file will be blocked when an Email Security customer in Australia subsequently receives the same file. This is effective security – the ability to see a threat once and block it everywhere.
Deep URL Analytics: Cisco Email Security is not a point product. Our solution leverages threat telemetry not available to other vendors. Our industry-leading web security portfolio, including Umbrella, gives us an edge with superior URL intelligence. What this means for customers is that our solution drops emails with risky links before they reach users’ inboxes. But with real-time click time analysis, even websites that change to a malicious behavior will be blocked. Either way, customers are protected against attacks that involve risky links such as phishing or business email compromise.
Radicati also pointed out that with Cisco Email Security customers don’t compromise on features because the same features are available whether you’re an organization with ten thousand or one hundred users. Plus, customers can transition to the cloud at their own pace – changing the number of on-premises versus cloud users is easy.
In addition to these best-in-class capabilities and deployment flexibility, Radicati noted that Cisco Email Security has a compelling vision for the future that addresses customer needs in the evolving threat landscape. Security is a top priority for Cisco and this means continuous investment in Cisco Email Security and our best of breed portfolio that becomes more powerful and effective every day. In the constant race against threats the only way to stay ahead of attackers is securing your #1 attack vector with the best email security solution.
To get a copy of the complete report, download it here or visit the Cisco Email Security page for more information about our solution.
The Networking Academy curriculum builds a solid digital foundation through courses like Networking Essentials, Cybersecurity Essentials, and Programming Essentials in C++, and focuses on collaborative learning to develop deeper, transferrable problem-solving skills.
