Cisco Blogs

Introducing Cisco’s New Quarterly Global Threat Reports

July 22, 2010 - 0 Comments

Today we released the Cisco 2010 Midyear Security Report, a report that provides a high level and thought provoking discussion of the technological, economic, and demographic shifts bearing down on IT security.  As you’ll see in the report, the first half of 2010 has been a very interesting time. ScanSafe has always had an unparalleled view of the Web threat landscape, thanks to the ten of billions of Web requests processed in real-time. Now, thanks to Cisco’s acquisition of ScanSafe, we can extend our threat data analysis even further.

As part of our efforts to improve what we do at Cisco Security Intelligence Operations, next week — just in time for Black Hat — we are introducing a project to merge threat analysis across all Cisco security teams. The first product of this is the Cisco 2Q10 Global Threat Report, which merges threat analysis from Cisco IPS, Cisco IronPort, and Cisco ScanSafe data. Not only can we now report the who, what, when and where of Web threats, but we can share our bird’s eye view into what types of attacks are happening on enterprise networks — including how they can sometimes correlate to attack outbreaks on the Web. And we’re going to do this every quarter.

For example, in the second quarter of this year Cisco ScanSafe observed an uptick in generalized SQL injection attacks, culminating with a June 2010 re-emergence of Asprox. Analysis of the Cisco IPS data revealed that attackers had begun reconnaissance sweeps looking for susceptible SQL servers starting in late March 2010. Given the commitment and drive of the great security teams at Cisco, it’s easy to foretell a not-too-distant future when we can begin providing early warning of impending attacks. Wouldn’t that be cool?

The Cisco 2Q10 Global Threat Report is going to be released on July 27. You will be able to find that report here. Highlights include a look at which countries have the highest relative rate of exposure (note: you might be surprised), the most frequent attacks encountered within enterprise networks, plus what’s been happening on the Web front and which verticals are feeling it the most.

We hope you find these reports as interesting to consume as we did preparing them.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.