Cisco Security Intelligence Operations: Defense in Depth
The security threat landscape is evolving. . . . Are you prepared? To help understand the magnitude of today’s security threats, let’s peek into a day at Cisco through the eyes of our Information Security team. On average, this team sees:
- 1.5 million intrusion attempts on Cisco’s network every day
- 13 billion NetFlow records per day
- 6 million transactions per day handled by Web Security Appliances
- 22TB of traffic inspected per day
- 750GB of system logs collected per day
In the early 2000s, the industry observed basic threats such as worms and viruses. Attackers were relatively unsophisticated and unorganized.
Over time, threats evolved to include spyware and rootkits. They became harder to find and detect. Their objective was to conceal themselves deep in a target system and carry out stealth attacks that evaded detection and maintained privileged access for future compromise. This new class of attacks gave rise to a heightened focus on perimeter security with Intrusion Prevention Systems (IPS) and Intrusion Detection Systems (IDS).
Now, advanced persistent threats and cyberware are serious menaces to security. Entire nation states are involved in these types of threats. It’s not just enterprises being impacted but entire governments. The threats are backed by well-funded, organized groups with specific goals in mind and sophisticated tools to launch targeted attacks. Stuxnet is a good example of this new class of threat trending in the security landscape. These attacks leverage the same exploit patterns as in the past, but combine them across multiple attack vectors in a sustained lifecycle. Organizations added reputation and sandboxing to defend against this formidable threat.
Looking forward, we will feel the impact of the “Any-to-Any” challenge. That is, any user on any device, increasingly using any type of network connection, with any application, and on any cloud. Many of these connections and interactions are happening simultaneously, leading to blended business and personal applications on the same platform.
Mobility and cloud are profoundly expanding the attack surface. As the number of connections increases and the volume of information being processed over the network grows, we are in a time when global, cloud-based intelligence and real-time analytics are increasingly critical to our network defense.
Cisco Security Intelligence Operations (SIO) provides near-real-time global threat information with early-warning intelligence, threat and vulnerability analysis, and proven Cisco mitigation solutions to help protect networks.
SIO starts with the network as the platform for security – with SIO being firmly rooted in all of our security appliances, whether they are firewall, IPS, web, email, and even VPN on the endpoint. Each of these platforms protects organizations and users and feeds into a global network of sensors.
Cisco ASA CX Context-Aware Security is a modular service that extends the ASA platform to provide precision visibility and control. The service uses the Cisco SecureX framework to gain end-to-end network intelligence from the local network using the Cisco AnyConnect Secure Mobility Client and the Cisco TrustSec solutions.
Cisco IPS solutions provide protection against common threats such as directed attacks, worms, botnets, and SQL injection attacks. IPS helps organizations meet regulatory compliance requirements. It is backed by Cisco SIO with intelligence coming from over 700,000 network devices sending current threat information, which is analyzed and pushed out worldwide as reputation data and outbreak filters. Cisco IPS include appliances; hardware modules for firewalls, switches, and routers; and Cisco IOS Software solutions.
In short, SIO represents the industry’s heftiest collection of real-time threat intelligence, with the broadest visibility, largest footprint, and ability to apply it across multiple platforms for a true defense-in-depth framework.
Learn more about SIO at http://tools.cisco.com/security/center/home.x