By Sana Yousuf CISO are always on the hunt for innovative solutions to solve their most pressing problems. They have been forced to choose their own adventure from an industry that’s rife with incompatibility, running their operations across dozens of tools and a plethora of consoles that don’t talk to each other. And this, combined with unmet scores of policy updates, inevitably leaves vulnerabilities in different point solutions across the security ecosystem. The reality is that most organizations already have an abundance of point products designed to address specific challenges, but most of these products can’t be easily integrated to fulfill a larger and more effective security strategy.
Choose your Adventure
“There are choices to be made, challenges to overcome, dangers to encounter and, as always in life consequences to be had. Choosing wisely could lead to triumph while taking the wrong path could end in disaster – but who’s to say what’s ‘right‘ and ‘wrong‘, anyway?” says Netflix for its first interactive television film Bandersnatch. The interactive film offers viewers various instances of choices, which can drastically change the outcome of the story. The parallel between a CISO looking at his next technology adventure and you as a viewer making those choice on behalf of the main protagonist is uncanny. These choices have the power to alter your endgame. Or as Netflix puts it “Fret not because once one experience comes to a close, you can – and should! – go back and make a new choice, alter the path of your story and maybe even change its outcome”. This reminds me of the ‘Choose your own adventure‘ books that we read in our childhood. Much like these books, wouldn’t it great if every CISO could retrace their decisions back to an outcome— not just technology but also people and processes — and find a totally different way to make them work. Together.
And ESG’s 2020 Integrated Platform report indicated that 30% of organizations use more than 50 different security products while 60% use more than 25. Every technology decision impacts your overall security program and creates more dependencies and vulnerabilities when these vendors‘ products are not integrated. Clearly, choosing your own adventure is not going to work. Security platforms are evolving in response to customers‘ need to consolidate their vendor landscape and simplify security.
The following are important questions to ask when you’re evaluating your options.
1. How is your platform different from a SIEM or SOAR?
Many vendors are calling their native SIEMs or SOARs “platforms” because they know the need for integration is so huge. The main purpose of SIEMs and SOARs is to cut down on the number of alerts, so response is more efficient. While they can automate incident investigation and response workflows, they don’t enable you to take holistic, coordinated actions across your environment. Even next-gen SIEMs and SOARs remain complex and tough to integrate. Without native connectivity between the backend control points and frontend workflows, you must divert limited staff resources to labor-intensive integration work. Platforms enable you to effectively integrate a portfolio of best-of-breed security products into your SIEM or SOAR tool to strengthen threat detection and research analysis for your SOC. Consider a vendor that offers a more sustainable platform approach that:
Provides a full lifecycle dashboard — unifying visibility and control across all your security solutions from one central location.
Streamlines workflows — enabling automated responses and coordinated actions to investigate and respond to threats more efficiently.
Unifies workflows — enabling NetOps and ITOps to serve as an extension of SecOps, improving each team’s productivity.
2. To which control points does your platform natively connect?
Your security solutions should work as a team, delivering consistent visibility and control across your entire environment. A platform should provide coverage for all major threat vectors and natively connect controls across the network, endpoints, cloud, and applications, giving you one unified view. This unified view enables teams to respond to threats from multiple angles and understand the full lifecycle of alerts, regardless of where they originate. It should enable you to choose what works for your business from a broad and open ecosystem. The fact is, two products do not make a platform – an open standard based exchange platform will allow you harness you existing investments and integrate with third party products seamlessly.
3. How many of my existing security components can connect to your platform?
There are incremental advantages to using multiple solutions from a portfolio-based platform vendor; however, wall-to-wall coverage isn’t a realistic goal or expectation. You need to be able to leverage your current investments and easily integrate new solutions in the future.
Ask your vendor how they prioritize working with third-party technologies; do they use partnerships, out-of-the-box integrations, standards-based information exchange, or open APIs?
Their platform should be:
SIEM/SOAR-agnostic — so you can connect the platform to any SIEM or SOAR one time to send fewer, higher-fidelity alerts from multiple control points.
Cloud-agnostic — so you can keep network security policies consistent, whether you’re using AWS, Azure, Google Cloud Platform, or on-prem control points.
Infrastructure-agnostic — so you can connect your existing best-of-breed solutions to the platform.
4. How will your platform increase my efficiency?
When your teams get buried under repetitive, manual tasks, efficiency goes down and the probability of errors goes up. A platform should deliver built-in automation and analytics that aid in policy and device management, detecting unknown threats, and coordinating response and policy change.
Find out if the platform can apply analytics to identify behavior anomalies across on-prem and cloud network traffic — even in encrypted flows. It should be able to do this while enforcing policies and automatically adapting network and application access for compromised endpoints. At the same time, your automation should be nuanced enough to not get in the way of productivity — while a compromised endpoint should automatically have its access blocked, the individual user should still have access on a healthy device.
5. How will I know your platform is improving my security?
The right platform won’t just help you improve your security across users, applications, and devices – it will help you measure and prove success. Does the vendor provide a unified, easy-to-consume dashboard with insights into how well your security program is mitigating risks?
Ask the vendor how easily the platform can create reports or show live views that measure how your security maturity is changing. If one of your objectives is to achieve a continuous improvement cycle, the platform should also provide metrics that map policy changes to the meaningfulness of alerts.

Read on Jon Oltsik take on why you should consider a more integrated cybersecurity approach.

The Cisco SecureX Answer
At Cisco, we’ve are answering these question with SecureX-an open, integrated platform approach that simplifies our customers‘ experience, enables automation, helps them accelerate their business, and protects their future. It connects the breadth of Cisco’s integrated security portfolio and your infrastructure to deliver measurable insights, desirable outcomes, and unparalleled cross-team collaboration.
You can stay updated by signing up for the SecureX waitlist. Click here to experience the world of Cisco SecureX and make an informed decision to drive your business forward.
The post 5 Questions to Ask Your Security Platform Vendor appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Apr 3 and Apr 10. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More
Reference:
20200410-tru.json – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.
The post Threat Roundup for April 3 to April 10 appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Panos Kampanakis The Challenge
Quantum Computers could threaten the security of TLS key exchange and authentication. To assess the performance of post-quantum certificates TLS 1.3, we evaluated NIST Round 2 signature algorithms and concluded that two of them offer acceptable speeds. We also analyzed other implications of post-quantum certs in TLS. More details in https://ia.cr/2020/071
We all know by now that the potential development of large-scale quantum computers has raised concerns among IT and security research professionals due to their ability to break public key cryptography. All currently used public key algorithms would be deemed insecure in a post-quantum (PQ) setting. In response, the National Institute of Standards and Technology (NIST) has initiated a process to standardize quantum-resistant crypto algorithms, focusing primarily on their security guarantees.
The Tests
The industry has been evaluating some of these algorithms for use in encryption protocols like TLS and IKEv2/IPsec. Cloudflare, Google, and AWS have been looking into PQ TLS key exchange. At Cisco, we focused on PQ authentication/certificates in TLS 1.3. We briefly discussed some of our early results in a recent blog post and detailed them in our paper presented at ETSI/IQC Quantum Safe Cryptography Workshop 2019.
A couple of months ago, we presented all of our results in our paper at NDSS 2020 in San Diego. The paper presented a detailed performance evaluation of the NIST signature algorithm candidates and investigated the imposed latency on TLS 1.3 connection establishment under realistic network conditions. In other words, we deployed servers all over the world. We proved that at least two candidate PQ signature algorithms perform similarly to RSA/ECDSA certificates, as shown in the figure below.

We also investigated PQ signature impact on TLS session throughput and analyzed the trade-off between lengthy PQ signatures and computationally heavy PQ cryptographic operations.
The Results
Our results demonstrated that the adoption of at least two PQ signature algorithms would be viable with little additional overhead over current signature algorithms. Also, we argued that many NIST PQ candidates could effectively be used for less time-sensitive applications, and discussed in depth the integration of PQ authentication in encrypted tunneling protocols. Finally, we evaluated and proposed the combination of different PQ signature algorithms across the same certificate chain in TLS. The results showed a reduction of the TLS handshake time and a significant increase of a server’s TLS tunnel connection rate over using a single PQ signature scheme.
For more details on the impact of PQ certificates on TLS, refer to our NDSS 2020 paper.
For additional resources, visit trust.cisco.comadditional resources, visit trust.cisco.com
The post Promising Results for Post-Quantum Certificates in TLS 1.3 appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Vibhuti Garg Did you know? IT organization spend 76% of their attention on securing their data center
Virtualization, cloud, and software-defined networking are redefining the modern data center. There is a huge influx of data, from big data analytics and new types of applications. Workloads are even more dynamic than before, spanning across multiple physical data center locations and across public, private, and hybrid cloud environments. This spread of data creates a “new” perimeter outside of your traditional data center premises and can increase data theft opportunities. You could thus be challenged with where and how to secure your data center.
Modern Data Centers Need a New Approach to Security
Data centers are evolving and are no longer confined to traditional set-up. In fact, Gartner predicts that by 2022, 50 percent of enterprise-generated data will be created and processed outside a traditional, centralized data center or cloud. Ensuring Security can be challenging as Security teams spend 76% of their time securing the data center and to make it more challenging 25% of global security decision makers say staff shortages are a major challenge, and they struggle to find staff with the right skills. To address the data center security needs, IDC advocates that securing your data center can a be three-fold methodology covering visibility, reducing attack surface through segmentation and preventing threats.
Challenges of securing data everywhere
The challenge with securing data is that you need to have security EVERYWHERE, not just at the perimeter. Attackers know that your data is now highly distributed, and that you may be having a harder time keeping track of it. They know that this provides them with another layer of obfuscation and opportunity for carrying out theft.
Today’s security must therefore be pervasive – built in and integrated across the network, cloud, applications, and endpoints. This makes it harder for attackers to slip through the cracks and take advantage of the distributed nature of computing.
Why Choose Cisco Secure Data Center Solution?
Cisco is working hard to make your data center is more agile and automated – enabling you to extend workloads beyond the perimeter for new applications that require computing to be performed closer to the user experience.
The Cisco Secure Data Center Solution provides an integrated security architecture that addresses three critical needs of the modern data center around Visibility, Segmentation and Threat protection. The Cisco Secure Data Center Solution is a validated systems-level solution for highly secure data centers, delivering:
Operational efficiency from automated provisioning and flexible, integrated security
Advanced threat protection to stay up to date, informed, and secure
Improved resiliency to enable data center availability and secure services
Cisco Secure Data Center Components
Enabling a decentralized data center environment requires a security strategy that spans three important areas: visibility, segmentation, and threat protection.

Visibility – If you can’t see it, you can’t secure it. That’s why Cisco offers in-depth network and threat visibility in any data center and across any cloud.
Segmentation – Segmenting your network reduces your attack surface. It can prevent attackers from moving laterally across the network, and block legitimate users from accessing restricted resources.
Threat Protection – By now we all know that threat protection is a process, not a single product. Cisco’s data center protection consists of various levels of threat sensors to prevent attackers from stealing data or disrupting operations.
The truth is that in today’s dynamic environment, you may not always know exactly where everything is at all times. But with the right mix of tools and intelligence, you don’t have to know. Instead, you can rest assured that wherever your data may go, it will remain protected.
Where Can You Begin?
By using a common set of integrated technologies and security policies across platforms, organizations can significantly enhance their data defenses.
Cisco’s solution provides an overview of what it takes to secure the modern data center.
We recommend our in-depth design guide for traditional set-ups and cloud environments for securing your data center.
See our experts in action at Cisco Live, Barcelona and RSA earlier this year and catch up on the best and latest!
Listen to Brad Casemore from IDC and Don Meyer from Cisco Security talk about Cisco’s approach towards securing data center.
Leverage on experience of our existing customers.
The purpose of the Secure Data Center Solution is to provide our customers with a cost-effective infrastructure to experience Cisco next-generation technology. I would be pleased to set a briefing call with you to discuss the Cisco solution and can be reached at vibgarg@cisco.com.
The post Threats Can Be Anywhere: Modernize Your Data Center Security‎ appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Hazel Burton If anyone feels like they are in need of a shot of wisdom and good humor, please allow me to present the latest episode of Cisco’s Security Stories podcast as a viable contender.
Wendy Nather, Head of Advisory CISOs, Cisco DuoIn this episode, I chat to the incredible Wendy Nather. Wendy will be a name familiar to many of you I’m sure, and she has an enormous amount of credibility and respect within the cybersecurity industry.
She is currently Head of Advisory CISOs at Cisco Duo. She started her career as a security analyst and went on to lead IT security for EMEA in the investment banking division of Swiss Bank Corporation (now UBS), and served as Chief Information Security Officer of the Texas Education Agency.
Wendy is very, very passionate about the topic of people. During our interview she talks candidly about how the security industry has treated users in past, and she has a very inspiring take on developing the right culture/ how we should have people’s backs.
And my favorite part of this episode has to be when when I ask her what is the one thing she wishes she could change in the security industry….it’s one heck of a response.
Also in this episode, my cohost Ben Nahorney and I have a chat about remote working, and what users and companies can do to ensure a smooth as transition as possible to home working from a security perspective. We also talk about what some cyber criminals are doing to take advantage of the current situation, and how you can protect yourself and your data. Our friends at Cisco Talos wrote a comprehensive blog about this topic, which you can read here.
And finally our ‘On this day‘ feature is where we dig into the security archives and discuss significant events that happened in cybersecurity history. This feature is guaranteed to help you win any virtual pub quiz, as long as all the questions are about cybersecurity…and cover trivia we’ve talked about….:)
The day that we’re going to be talking about for this episode is April 1st 2009. And Ben has some personal experience in this one – he’s referenced in Wikipedia and everything! This story has many twists and turns, so strap in as Ben regales the story of the Conficker worm.
You can listen the podcast right here, or you can visit our dedicated pod page at cisco.com/go/securitystories and choose your preferred listening platform, from Apple Podcasts to Spotify to Google Podcasts.
In the meantime I’ll get back to editing the next episode, which will be out very soon!

The post Security Stories Episode 2: Democratizing Security with Wendy Nather appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Angela Frechette Cannon Which technologies will help you the most?
As part of the recent RSA Conference, we all got to see – either in-person or virtually – the latest and greatest technology coming out of the security industry. While events like this can certainly be helpful in guiding future investments, they can also make one’s head spin with the sheer volume of tools available to secure today’s infrastructure.
This year, the RSA Conference drew more than 650 exhibitors (including Cisco) and more than 700 speakers, one of which was our own Wendy Nather, who delivered a keynote. In her keynote, she discussed how security must become easier for people to use and understand if we want to keep our organizations protected now and into the future. “We have to simplify functions, data, operations, all of those things to make it easier no matter who’s going to use it,” she said.
But with so many attack vectors, network components, devices, and security technologies out there, how do we make things simpler? Which of the many security technologies will help us most?

In our 2020 CISO Benchmark Report, we inquired as to which security technologies organizations currently have in place. While technology needs are often unique to each specific organization, there were a couple of technologies that we deem important for which there are currently noticeably low adoption rates among our respondents.
Multi-factor authentication
In an age of frequently stolen passwords, multi-factor authentication (MFA) can go a long way in keeping your assets and data safe. We were surprised to find in our CISO Benchmark Study that only 27% of respondents are currently using MFA to secure their environments.
Multi-factor authentication can protect your applications by using a second factor for validation, such as a smartphone, to verify user identity before granting access. It is a key component of a zero trust security architecture.

MFA can help protect against attacks such as phishing, social engineering, and credential theft. While some MFA solutions can be difficult to roll out, Cisco’s Duo Security provides a simple experience for every user and application. It also integrates easily with organizations‘ existing technology.
Duo also helps companies streamline their security stack to lessen complexity. According to Steve Myers, head of security for KAYAK, “We were previously trying to do this through a combination of five other products. The fact that one product can provide this level of granular access control is really awesome.”
Network segmentation and micro-segmentation
Another effective way to reduce risk is through segmentation, which provides a proactive method of security by minimizing the attack surface. Through network segmentation, various network components and assets are separated from others to prevent the lateral movement of attackers throughout an environment. This way, if an outsider finds their way into one part of a network, they don’t automatically have full access to everything up to and including restricted data. Segmentation is another core pillar of a zero trust computing environment.

However, only a quarter of our respondents are currently using network segmentation, and even fewer (17 percent) are using micro-segmentation. Micro-segmentation is a more granular form of segmentation for applications and their workloads, offering policy consistency across both on-premises and cloud-based data centers. This capability is now critical since applications and their data have become a primary target for breaches and attacks. Cisco Tetration uses machine learning to understand applications and automatically generate micro-segmentation policies based on application behavior.
Getting it right
Speaking of machine learning and automation, those are key areas in which our CISO Benchmark Report respondents seem to be progressing.
It was promising to see in our study that technologies such as automation, machine learning, and artificial intelligence – which are designed to make security easier and more manageable – are being widely adopted.
Automation, machine learning, and artificial intelligence
As part of the data collected for our 2020 CISO Benchmark Study:
85 percent said they are at least somewhat reliant on artificial intelligence
88 percent said they are at least somewhat reliant on machine learning
90 percent said they are at least somewhat reliant on automation
Additionally, 77 percent said they are planning to increase automation to simplify and speed up response times in their security ecosystems. All of this is encouraging as organizations battle with crushing complexity and an inability to keep up with security alerts amidst a severe shortage of skilled cybersecurity professionals.
Over the years, Cisco has woven integration and automation into its security portfolio to simplify network protection. This recently culminated in the introduction of our new security platform, Cisco SecureX. The SecureX platform brings together various components of the Cisco security portfolio, along with third-party technologies, so that they can share information, learn from one another, and help organizations respond to threats in a more automated, coordinated fashion.

SecureX unifies visibility, enables automation via machine learning/artificial intelligence, and strengthens security across network, endpoints, cloud, and applications. Ninety-eight percent of customers said the unified view provided by SecureX enables rapid threat response. In a time where new threat vectors seem to pop up daily, rapid threat response is critical for effective cybersecurity.
Strengthening security in 2020
Technology is of course never one-size-fits-all, but the capabilities above represent some key innovations that we recommend organizations explore moving forward. For more information on how to strengthen your security in 2020, check out the following:
Cisco 2020 CISO Benchmark Report
RSA Conference Keynote – Wendy Nather, Cisco
Cisco SecureX Platform
This post is the first in our new series covering various topics and data from our 2020 CISO Benchmark Report. Check back next month for the latest installment!
The post How to Strengthen Your Security in 2020 appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Mar 27 and Apr 3. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More
Reference:
20200403-tru.json – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.
The post Threat Roundup for March 27 to April 3 appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Matt Stauffer According to research from Enterprise Strategy Group (ESG) and the Information Systems Security Association, 91% of cybersecurity professionals believe that most organizations are either extremely or somewhat vulnerable to a significant cyber-attack or data breach.1 CISOs have tried many different solutions. Many are increasing hiring in a field with a steep talent shortage, which may have some long-term returns but doesn’t solve the problems they are facing today. Some also purchase a patchwork of security solutions that aren’t really integrated – an approach that can cause major complications for security architects. These strategies are clearly not increasing confidence in their overall security effectiveness.
What are the primary reasons you believe cybersecurity analytics and operations are more difficult today than they were 2 years ago?Research indicates that organizations can’t hire their way out of their cybersecurity woes. CISOs must improve security efficacy, streamline operations and bolster employee productivity, and they must rely on their existing workforce. That’s where Network Traffic Analysis (NTA) tools can provide a cybersecurity quick-win. An effective and modern NTA solution can continuously monitor the network and detect threats that might have bypassed the perimeter or even originated within the business. Top-tier NTA solutions take the weight off of the employees‘ shoulders by giving them the tools they need to speed up threat detection and remediation. To help you evaluate an NTA solution effectively, let’s take a look at the top features identified by cybersecurity professionals as part of the research conducted by ESG:

Built-in analytics and threat intelligence services
44% of survey respondents said that built-in analytics to help analysts detect suspicious/malicious behavior is one of the most important features. Best-in-class NTA tools have different algorithms and signatures built-in to model behavior and crunch data, allowing for high-fidelity alerts that streamline workloads and accelerate incident response. The same percentage also said that threat intelligence services/integrations to enable comparisons between suspicious behavior and known threats is another top feature. These integrations allow NTA tools to “enrich” network telemetry, making alerts more thorough and actionable.

Ability to monitor IoT traffic/devices
Users also need the ability to monitor niche equipment that is unique to their industries. This is especially important in industries that have made aggressive investments in IoT like healthcare, manufacturing and transportation. IoT devices generate telemetry and increase the threat surface like any other connected device, and therefore need to feed into an NTA tool.

Ability to monitor all network nodes
37% of respondents stated that alerts for when new network nodes are connected are essential for an NTA tool. This means security professionals want NTA tools to issue alerts when unsanctioned devices connect. This is incredibly important for monitoring and mitigating cyber-risks.

Proven integrations with other security technologies
37% also said that one of the most important features is documented and tested integrations with other types of security technologies. These other technologies could be malware sandboxes, network segmentation enforcement technologies and much more. These integrations allow for a closed-loop process that includes network security development, monitoring and enforcement.

Public cloud visibility
More than a third of respondents said that the ability to monitor cloud traffic is an essential feature. In order to provide true end-to-end visibility, NTA tools need to be able to tap into VPCs, cloud monitoring logs and APIs across AWS, Azure, GCP, etc.
Cisco Stealthwatch
Stealthwatch aligns well with the most important NTA attributes cited by the surveyed cybersecurity professionals. For example, Stealthwatch:
Features multiple types of built-in analytics. Its behavioral modeling and multi-layered machine learning algorithms can detect hidden threats- even those hiding in encrypted traffic.
Provides comprehensive visibility. In addition to monitoring on-premises environments, Stealthwatch also offers agentless visibility into the public cloud. It can also detect when a new network node connects, monitor traffic from IoT devices and more. Nothing slips through the cracks with Stealthwatch.
Backed by Cisco Talos threat intelligence. Threat intelligence is one of the most important features of an NTA tool. Stealthwatch ties its multi-layered analytics with global threat intelligence from Talos, the largest non-governmental threat intelligence organization in the world, and can take immediate action when activity is associated with a known threat, no matter the origin.

CISOs of the world can’t keep up with their security workloads, especially with a global cybersecurity talent shortage. They need quick wins– fast, efficient and accurate alerts that allow them to focus on what really matters. Cisco Stealthwatch is the tool they need right now.

You can find the full ESG Research Whitepaper here
To learn more about Stealthwatch, go to https://cisco.com/go/stealthwatch or sign up for our free visibility assessment.

1 Source: ESG Research Report, The Life and Times of Cybersecurity Professionals 2018, May 2019.
The post Top 5 features of a Network Traffic Analysis (NTA) tool- Why you need Stealthwatch now more than ever appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Talos Group By Vanja Svajcer.
Attackers are constantly reinventing ways of monetizing their tools. Cisco Talos recently discovered a complex campaign with several different executable payloads, all focused on providing financial benefits for the attacker in a slightly different way. The first payload is a Monero cryptocurrency miner based on XMRigCC, and the second is a trojan that monitors the clipboard and replaces its content. There’s also a variant of the infamous AZORult information-stealing malware, a variant of Remcos remote access tool and, finally, the DarkVNC backdoor trojan.
Defenders need to be constantly vigilant and monitor the behavior of systems within their network. Attackers are like water — they will attempt to find the smallest crack to achieve their goals. While organizations need to be focused on protecting their most valuable assets, they should not ignore threats that are not particularly targeted toward their infrastructure.
Read More >>
The post AZORult brings friends to the party appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Dr. Gee Rittenhouse During this global health crisis, normal has been redefined. We are living through a dynamic situation that has required us to reorient our personal and professional lives in ways we never have before. Companies have had to do the same. Many have taken the extraordinary step of moving the majority, if not the entirety, of their workforces to a virtual workplace. As companies adapt to their new normal, securing this sudden exponential growth of remote workers and their devices remains a challenge.
A few weeks ago, we shared that Cisco would provide extended free licenses and expanded usage counts at no extra charge for three of our key security technologies that are designed to protect remote workers: DNS-layer security from Cisco Umbrella, zero-trust security from Duo and secure network access from AnyConnect. As a result of this, there has been a huge demand for these technologies. Cisco has supported an additional 9 million-plus users during this crisis with this rollout.
Security teams generally start by securely connecting employees to the network with the VPN, and multi-factor authentication provides an additional layer of security to customers‘ remote access strategy. As security teams work to protect a larger remote workforce, Duo is seeing the number of daily authentications from VPNs increase by 157 percent. But we know that 85 percent of corporate users bypass the VPN when working remotely. So, customers are increasingly looking to DNS-layer security to secure users on and off the network, and we have seen the need for Umbrella licenses increase by 100 percent.
Through all of this, we have been listening to customers feedback on how else we can best support them. What we heard is that more than ever there is a need to protect both user-owned and company-owned devices. Based on that input, today we are extending our free security offers to also include Cisco Advanced Malware Protection (AMP) for Endpoints. This technology prevents breaches and blocks malware at the point of entry as well as detects, contains and remediates advanced threats if they evade the frontline of defense.
With this new addition, existing customers can exceed their device limit by two times to support an increase in remote workers. To take advantage of this offer, they simply install AMP for Endpoints Connectors on extra devices, and no other action is required. As with our AnyConnect, Umbrella and Duo offers, this will be available until July 1, 2020.
Our mission is to be our customers‘ most trusted partner by providing effective security solutions. This current situation demands this more than ever, and we will continue to stand with our customers and partners through this challenging time.
You can learn more about our Cisco Security Remote Worker offerings here and find additional resources on the Business Continuity site. If you have any questions, please contact your Cisco representative or email us at pandemicsupport@cisco.com.
The post Expanding Free Security Offers into Customers‘ Endpoints appeared first on Cisco Blogs.

Source:: Cisco Security Notice