New Must-Know Security Research for Midsize Organizations

Caroline Baker | February 18, 2015 at 6:00 am PST

(0 Comments)

Midsize organizations are among the earliest adopters of new technologies. In general, they conduct much of their business over the Internet and are quick to embrace new apps, online payment systems, cloud, and Bring Your Own Device (BYOD) technologies. Fast adoption of innovations helps them to compete against larger organizations by meeting customer demands more cost effectively. But these business enablers are also creating security vulnerabilities that adversaries are exploiting for financial gain.

Adversaries aren’t just targeting prized assets like customer and employee data, invoices, and intellectual property. Cybercriminals also recognize that smaller companies are a vector into the networks of larger corporations. A 2013 study conducted by PricewaterhouseCoopers on behalf of the UK Government Department for Business, Innovation and Skills found that 87 percent of small businesses had been compromised, up 10 percent from the previous year. Many small and midsize companies are now mandated by partners to improve their threat defense. Regardless of size, organizations have legal and fiduciary responsibilities to protect valuable data, intellectual property, and trade secrets.

Tags: cisco annual security report, Cisco Security, midmarket, Midmarket Security, security, security research

A Model for Evaluating Breach Detection Readiness

Sashank Dara | December 12, 2014 at 7:38 am PST

(1 Comment)

Given that modern attacks are complex and sophisticated, there is not a single product or tool that will ever be 100% effective at detecting threats. Prevention eventually fails. Therefore, you need protection before, during, and after an attack.

Modern-day networks are large and complicated. It is a nightmare for incident response teams and security investigators because it often takes days and months to identify that their networks were compromised. A wide variety of tools, technologies and platforms are available, like big data platforms, machine learning algorithms, statistical techniques, threat intelligence platforms, reputation feeds etc. It is often confusing for the decision makers to identify what is needed for their environment.
Read More »

Tags: breach detection, Cisco Security, johari window, security

Cisco to Provide Secure Ops Solution to Royal Dutch Shell

Peter Granger | October 15, 2014 at 10:45 am PST

pts

(0 Comments)

This week sees the IoT ( Internet of Things) World Forum (IoTWF) Research & Innovation Symposium that is showing IoT related subjects such as the current research, use cases, and customer experiences as part of the Internet of Everything. This time the symposium will focus on transportation and energy, key areas where IoT can change the life of every human being.

To complement the IoT relevance in Energy, you will have seen the press release today from Cisco highlighting the adoption of the Cisco Secure Ops Solution by Royal Dutch Shell, details of which were shared with delegates at the forum (and if not I’ve put a link at the bottom of this post).

Peter Granger “drills-down” on the new Secure Ops solution adopted by Royal Dutch Shell

We saw the collaboration between Cisco and Shell and Shell’s commitment to Cisco’s architectural approach at Cisco Live. If you haven’t read it you can here: High Energy at Cisco Live in San Francisco. At the event Alan Matula (CIO and EVP, Shell) spelled out the changing IT and OT (Operational Technologies) environment in his industry, and how Shell had seen this all coming…

“About 3 or 4 years ago we saw the internet of everything coming and we decided to set up a unique differentiated technology outfit and we put it right next to research and development and that actually pushes the technology advances as close as possible to the business outcomes that we’re trying to drive.”

You also saw (if following my blog) that Cisco announced Secure Ops here: Unveiling Cisco Collaborative Operations and Secure Ops Solutions. So now we have the customer proof point: the important piece!

So, what’s new? well a lot actually. I think the first thing is how Cisco is changing to not only work with partners as we’ve always done, but to take the lead in providing a solution directly to our customers if that’s what they want. With this solution there are a number of partners, but Cisco provides leadership so everyone knows their role and we have a more holistic approach, guided by Cisco.

Now down to the business. Shell will deploy the Cisco Secure Ops Solution at upstream, downstream and lubricant sites. The Cisco Secure Ops Solution provides remote proactive monitoring and Service-Level-Agreement -(SLA)-driven management of security, applications and infrastructure. At the IoTWF Shell shared that it has deployed the Cisco Secure Ops Solution to increase the security maturity level by improving its cyber security and risk management, while lowering costs of delivery and operations.

When you think about all the challenges that oil and gas industry companies face today, you’ll see that they operate in the world’s toughest conditions. Whether it’s traditional on-shore or off-shore or non-traditional methods (horizontal drilling and “fracking” for example), energy companies have to be aware of a variety of threats, including safety, environmental, and cyber threats, when making important decisions in real-time.

“Cisco’s solution is designed to help companies combat new and evolving cyber security threats to the energy industry, specifically in the industrial control system (ICS) domain. Working with Shell, Cisco has developed solutions that directly address security concerns for the types of sometimes harsh environments in which Shell operates.”

“Cisco Secure Ops is a turn-key solution that implements and maintains security controls, risk management and compliance for industrial control system (ICS) environments using a combination of people, process and technology. Industrial control system delivery partners, like Rockwell and Yokogawa Electric, support the solution. Additional partners will be forthcoming.”

Here’s a quote from Greg Carter of Cisco (Director/GM, Internet of Everything Services Group, Cisco) that confirms the benefits:

“Cisco Secure Ops Solution was designed to provide a robust and secure solution to quickly address potential threats that come with the increase in connected people, processes and things with IoE. I’m thrilled that Shell is already seeing the benefits from these innovations on a global scale and look forward to continued success with this solution across other verticals in the months ahead.”

If you want to learn more about the Cisco Secure Ops solution, click here. To read a copy of the Press release, click here.

Tags: Cisco, Cisco Industries, Cisco Security, ICS Security, Industrial Security, oil & gas, Royal Dutch Shell, shell

Announcing the Cisco IOS Software Security Advisory Bundled Publication

Erin Float | September 24, 2014 at 9:30 am PST

(0 Comments)

Today, we released the final Cisco IOS Software Security Advisory Bundled Publication of 2014. Six years ago, Cisco committed to disclosing IOS vulnerabilities on a predictable schedule (on the fourth Wednesday of March and September each calendar year) in direct response to your feedback. We know this timeline allows your organization to plan and help ensure resources are available to analyze, test, and remediate vulnerabilities in your environments.

Today’s edition of the Cisco IOS Software Security Advisory Bundled Publication includes six advisories that affect the following technologies:

Resource Reservation Protocol (RSVP)
Metadata
Multicast Domain Name System (mDNS)
Session Initiation Protocol (SIP)
DHCP version 6 (DHCPv6)
Network Address Translation (NAT)

Tags: Cisco IOS software, Cisco IOS Software Checker, Cisco PSIRT, Cisco Security, psirt, security advisories, vulnerabilities

Threat Spotlight: “Kyle and Stan” Malvertising Network 9 Times Larger Than Expected

Armin Pelkmann | September 22, 2014 at 7:40 am PST

(5 Comments)

This post was authored by Armin Pelkmann.

On September 8th, Cisco’s Talos Security Intelligence & Research Group unveiled the existence of the “Kyle and Stan” Malvertisement Network. The network was responsible for placing malicious advertisements on big websites like amazon.com, ads.yahoo.com, www.winrar.com, youtube.com and 70 other domains. As it turns out, this was just the tip of the iceberg. Ongoing research now reveals the real size of the attackers’ network is 9 times larger than reported in our first blog. For more details, read the Kyle and Stan Blog.

The infographic below illustrates how much more of the malvertisement network was uncovered in comparison to our first assessment. We have now isolated 6491 domains sharing the same infrastructure. This is over 9 times the previously mentioned 703 domains. We have observed and analyzed 31151 connections made to these domains. This equals over 3 times the amount of connections previously observed. The increase in connections is most likely not proportional to the domains due to the fact that a long time that has passed since the initial attacks.

The discovery difference from the previous blog to this one in raw numbers. With more than 3-times the now observed connections and over 9-times the revealed malicious domains, this malvertising network is of unusually massive proportions.

Tags: adware, AMP, Cisco Security, CWS, esa, hacking, kyle, kyle and stan, malicious advertisment, malvertising, malware, reversing, security, spyware, stan, Talos, threat, threat spotlight, wsa