To help kick off 2015 with new insights in the world of attackers, users, and defenders, we analyzed a significant amount of 2014 security data telemetry from our global customer footprint. We took this data and distilled it into a comprehensive report for you to leverage and are proud to announce that today, we released Cisco’s 2015 Annual Security Report.
Cisco released its first Annual Security Report back in 2007. More recently, to capitalize on our growing ability to view a greater volume of threats in real-time from a greater number of sources, we began to publish a Midyear Security Report as well. While the macro trends remain mostly constant, the data and research in each report highlights how rapidly attackers can innovate malicious activity to exploit new gaps in defenses. The new methods we see in the most recent report certainly show the continued trend of attackers growing smarter and using more nefarious methods to accomplish their goals and hide their tracks. Sometimes, innovative methods include simply bringing old methods back as defenders focus on other areas and as vulnerabilities still exist. In any case, no report is the same as the last and we continue to have our work cut out for us to improve the state of things. Cybersecurity in any organization, no matter what the purposes, needs everyone. “All hands on deck” should be the new corporate security mantra.
Some quick facts about the report: the Cisco 2015 Annual Security Report examines the latest threat intelligence gathered by Cisco security experts, providing industry insights and key findings that reveal cybersecurity trends for 2015. There is a special focus on attackers, users, and defenders and the gaps that lie in between. The report also highlights results from our Security Capabilities Benchmark Study that examines the security posture of enterprises and their perceptions of their preparedness to defend themselves against cyber attacks. Geopolitical trends, global developments around data localization, and the importance of making cybersecurity a boardroom topic are also discussed.
To help bring the key highlights to life and give depth of insight about the contents of the report, I participated in an interview session with Brian Remmel and spoke about the findings. Check it out, download the report and let us know what you think.
May 2015 be better than 2014.
Tags: 2015 annual security report, CASR
New year predictions generally take one of several forms: broad generalizations about multi-year trends, guesses about what might happen, or overviews of recent events disguised as predictions. The first is too easy, the second—going out on a limb—risks missing the mark so badly as to be useless. So I will go with the third choice in the hope that, by calling out some of the common threads running through major stories of 2014, we can take some cues for the future.
Read More »
Tags: cybersecurity, geopolitical, security, trends
This post was written by Yves Younan.
Microsoft’s first Update Tuesday of 2015 is pretty light, there’s a total of eight bulletins, all covering a single vulnerability. Seven of these bulletins are rated as important and just one is rated critical. No bulletin for IE is being released this month. Two of the vulnerabilities were publicly disclosed prior to today, while another one was being actively exploited by attackers.
Microsoft made a number of changes to Update Tuesday last month, such as dropping deployment priority in favor of their exploitability index (XI). This month more changes were made to the program: Microsoft is no longer providing their Advance Notification Service (ANS) to the general public, but is instead only providing it to premier customers.
Read More »
Tags: 0-day, coverage, ms tuesday, rules, security, Talos
IT-Harvest, founded by renowned security expert and industry analyst Richard Stiennon, provides reports, analysis, and advisory services on trends in emerging threats and the technology to counter them. Richard Stiennon is one of the most followed and well-respected IT security analysts and authors in the world. His recent white paper discusses why network segmentation is becoming increasingly critical to protecting networks. Further, it argues that Cisco TrustSec provides the right technology for leveraging the network to provide better security. Read More »
Tags: Cisco TrustSec, security
The Common Vulnerability Scoring System (CVSS) Special Interest Group (SIG), in which Cisco is an active participant, acting on behalf of FIRST.org, has published a preview of the upcoming CVSS v3.0 scoring standard. The CVSS v3.0 preview represents a near final version and includes metric and vector strings, formulas, scoring examples and a v3.0 calculator – all available at the CVSS v3.0 development site. The official public comment period is scheduled to end February 28, 2015 and anyone who produces or consumes CVSS scores are encouraged to review and provide feedback to firstname.lastname@example.org by the close of the comment period.
Tags: Common Vulnerability Scoring System, CVSS, security, vulnerability, vulnerability scoring