Archiv für die Kategorie: News

By Samuel Brown We are entering the integrated era
You’ve probably noticed the recent headlines of a few one-trick ponies getting together to form their own three ring circus. These events underscore a paradigm shift that is underway – the security world is entering the integrated era. Nowadays, customers want comprehensive solutions with seamless integrations across their endpoint, cloud and email security programs. Standalone vendors are just now realizing this and are scrambling to partner up with one another to satisfy the market’s demands. As an ambassador of Cisco’s integrated security portfolio, I would like to formally address these three vendors by saying: Congratulations – you finally realized what your customers need. But let me issue a caution: you’re going about it all wrong!
The new reality
A lot of things have fundamentally changed how users work today. Applications, data, and user identities have moved to the cloud, branch offices connect directly to the internet, and many users work off-network. This has given users an unprecedented ability to access, create, and share information online, which has concomitantly increased the risk of them exposing sensitive information. Additionally, advanced attackers have matured beyond the traditional defense models that rely on a patchwork of point solutions – they no longer rely on a single attack technique, and instead use multipronged approaches that may combine email phishing, fileless malware, and malicious websites.
Practitioners must protect against internet-born threats, phishing attacks, have control and visibility into their endpoints, and be able to quickly respond to incidents that arise – that’s a tall order for many reasons. First, the average enterprise has 75 security tools running in its environment. Second, most of these tools don’t communicate with one another. The sheer volume and complexity associated with responding to this information overload while simultaneously trying to correlate disparate datasets across multiple disaggregated sources is daunting. Security teams often find themselves drowning in a deluge of data and facing unmanageable workloads that make it nearly impossible for them to do their jobs well. This leaves them feeling overwhelmed and unmotivated, and further undermines cyber risk management by increasing the likelihood of them not responding to the threats that matter most fast enough, or missing them altogether. Additionally, 79% of respondents in Cisco’s 2019 CISO Benchmark Report said it was somewhat or very challenging to orchestrate alerts from multiple vendor products. To paraphrase, this implies that 79% of the security community does not view ‘Frankensteining‘ multiple point products together as a solution to their problems!
Now, don’t get me wrong – I love animals, am an avid fan of the Ringling Brothers, and think that one-trick ponies getting together is abso-friggin-lutely adorable. But frantically moving from console to console while correlating disparate threat data is a myopic approach that doesn’t solve the underlying problem. The inconvenient reality is that there always are and always will be threats to respond to, and with attack surfaces continually growing, the problem is only getting more complex. The only way to stand up to advanced attacks is by taking a highly integrated architectural approach to security.
Successful security integrations require a minimum of these 5 things – everything else will fail sooner or later:
Comprehensive coverage – Platforms that cover major threat vectors, like web and email security, span across all endpoints, and integrate with network security tools.
Intelligence sharing & automated response – Actionable threat intelligence that is shared amongst all incorporated solutions for data enrichment purposes, so that responses are automated (rather than ‘suggested‘) and if a threat is seen once anywhere, it is immediately blocked everywhere.
Centralization – Features and capabilities that allow users to consolidate information from multiple solutions on a single pane from which they can dynamically pull observables about unknown threats and kick off investigations.
Improved time to remediation (TTR) – Proven ability to significantly reduce TTR to enable SecOps teams to work more quickly and efficiently, thus decreasing likelihood of an incident becoming a full-blown breach.
Reliable integration – Integrations that wouldn’t disappear because one company changed their mind regarding their strategic direction or got acquired.
Security that works together for the integrated era
Fortunately, at Cisco, we foresaw this paradigm evolution years ago and invested in building a seamlessly integrated security platform across our SIG, email security, endpoint security, and advanced sandboxing solutions, along with our network security tools like IPS and NGFW. Backed by Cisco Talos – the largest non-governmental threat intelligence organization on the planet – real-time threat intelligence is shared amongst all incorporated technologies to dynamically automate defense updates so that if a threat is seen once, it is blocked everywhere. Teams can also kick off threat investigations and respond to incidents from a single console via Cisco Threat Response (CTR), which is a tool that centralizes information to provide unified threat context and response capabilities. In other words, Cisco’s integrated security portfolio, underscored by Threat Response streamlines all facets of security operations to directly addresses security teams‘ most pressing challenges by allowing them to:
Prioritize – SecOps teams can pinpoint threat origins faster and prioritize responding to the riskiest threats in their environment.
Block more threats – Threat Response automates detection and response, across different security tools from a single console, which allows SecOps team to operate more efficiently and avoid burnout.
Save time – Threat intelligence from Talos is shared across all integrated tools, so that you can see a threat once and block it everywhere.
As the largest cybersecurity vendor in the world, only Cisco has the scale, breadth and depth of capabilities to bring all of this together with Threat Response – and best of all, it’s FREE! Cisco Threat Response is included as an embedded capability with licenses for any tool in Cisco’s integrated security architecture.
Let’s compare the following two scenarios:
Scenario 1 – A patchwork of non-integrated security tools:
Security teams must review alerts from multiple solutions, correlate disparate datasets from various disaggregated sources investigate each threat. They triage and assign priorities, perform complex tasks with tremendous urgency with the goal of formulating an adequate response strategy based on situational awareness and threat impact, potential scope of compromise, and the criticality of damage that can ensue. This process is laborious, error-prone, and time-consuming, requiring an analyst to manually swivel through multiple consoles quickly. We’ve run internal simulations, in which all of this on average takes around 32 minutes. SOC analysts are left drained and high-severity threats risk being overlooked.
Scenario 2 – Cisco’s integrated security platform:
Security teams see an aggregated set of alerts from multiple Cisco security tools in Threat Response’s interface. The alerts are automatically compared against intelligence sources, SOC analysts can visualize a threat’s activities across different vectors, kick off an investigation, pinpoint the threats origin, and take corrective actions immediately – all from a single console. In our internal simulations this took 5 minutes.

Bottom line: Cisco’s integrated portfolio with Threat Response brings the time it takes to deal with a potential threat down from 32 minutes to 5 minutes, which is 85% faster than the non-integrated patchwork scenario!
In summary:
The recent news of partnerships combined with our internal testing has validated our strategy of developing an integrated architecture of security tools that work together. Furthermore, it has confirmed our belief that Cisco’s integrated security portfolio represents a game-changing and disruptive suite of technologies and integrations that pose a significant threat to any single point solution vendor focused on protecting just one threat vector, regardless of partnerships. Don’t be part of the circus by buying into this conglomeration of one-trick ponies, choose security that works together. Hone your security skills and attend one of our Threat Hunting Workshops.

Source:: Cisco Security Notice

By Anthony Grieco The world is facing a collective challenge with a growing cyber threat landscape. Trends like the Internet of Things (IoT) and 5G are expanding the attack surface with over 40 billion devices expected online within five years. A new wave of advanced ransomware may cost our global economy up to $20 billion by the year 2021. Countries and regions alike are struggling to create consistent regulations that protect their citizens and stay ahead of emerging threats. Organizations wanting to go digital are looking around for who they can trust. To deliver security and trust on a global scale in this environment will require more than individual companies operating in silos, it is a multi-party responsibility including both the public and private sector. It will require a new set of diverse talent. It will require new technical capabilities. It will require research to help stay one step ahead. It will require collaboration. Each of these requirements need to be cultivated to get us where we need to be as an industry.

The time to plant the seeds for our collective future is with action – today.

We know the pain of digital transformation. At Cisco, we’ve gone through our own transformation in a highly complex environment. Think many clouds, operating 176,000 networks across the globe, blocking 20 billion threats on the internet a day, not to mention delivering our portfolio of over 600 product lines. The struggle is real. But even if we don’t have all the answers, the silver lining is that this experience has pushed us to learn at every stage of our journey. We see it as our role and responsibility to share our experience with others and are constantly looking for new opportunities to amplify those efforts. After all, cybersecurity is a team sport. As organizations, countries, and regions raise the bar for global cybersecurity…we all reap the benefits. Many are talking about co-innovation, collaboration and partnerships. We need to do more than talk. We need the right tools and the right environment where productive conversations, best practice sharing, and hands-on learning can happen.
That is why we are investing in our first Center of Excellence and Co-Innovation that will focus on cybersecurity and privacy. Opening in Milan in 2020, the center will bring together experts from both the public and private sectors to connect, learn, research and create solutions to help solve some of our most pressing security and privacy challenges. Leveraging our global network of Co-Innovation Centers and Cisco DevNet, a platform with more than 500,000 developers, the center will provide an environment to tackle complex challenges such as securing critical infrastructure (i.e. utilities, smartgrids) as well as evaluating the future complications of technologies like IoT and 5G. To supplement our investment on the future, we are also supporting a number of scholarships for a Master of Science in Cyber Risk Strategy & Governance at two Italian universities.
Cisco works with universities around the world in over a hundred different research projects and programs related to the enhancement of cybersecurity, data protection and privacy. This is in addition to more than 326,000 students worldwide who took cybersecurity courses last fiscal year through Cisco Networking Academy. Through collaboration and education, our goal is for these actions to cultivate future talent and build expertise for the next generation.
I am proud of the long-term commitment Cisco has laid down to help build the next generation of cybersecurity talent and co-innovation. My challenge to each of you is to join us – either physically at one of our programs or philosophically aligned to the spirit of collaboration. Regardless of where you are on your journey. Maybe you are new to cybersecurity. Or you are just starting to take your organization digital. There is a role and place for your contribution. If you have just started, I encourage you to seek out others who have a long history and experience with security and privacy challenges. For those of you who have that proven experience…it is your role to share it. Because the reality is that no one is going to win alone. It’s time for action and to get involved.
To succeed in tackling the world’s most critical and complex cybersecurity challenges we must work together. Join the team.
Want to hear more about Cisco’s cybersecurity journey? Check out our Trust Center to learn more.

Source:: Cisco Security Notice

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Sep. 13 to Sep 20. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More
Reference:
TRU09202019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice

By Talos Group This blog post was written by Colin Grady, William Largent, and Jaeson Schultz.
Emotet is still evolving, five years after its debut as a banking trojan. It is one of the world’s most dangerous botnets and malware droppers-for-hire. The malware payloads dropped by Emotet serve to more fully monetize their attacks, and often include additional banking trojans, information stealers, email harvesters, self-propagation mechanisms and even ransomware.
At the beginning of June 2019, Emotet’s operators decided to take an extended summer vacation. Even the command and control (C2) activities saw a major pause in activity. However, as summer begins drawing to a close, Talos and other researchers started to see increased activity in Emotet’s C2 infrastructure. And as of Sept. 16, 2019, the Emotet botnet has fully reawakened, and has resumed spamming operations once again. While this reemergence may have many users scared, Talos‘ traditional Emotet coverage and protection remains the same. We have a slew of new IOCs to help protect users from this latest push, but past Snort coverage will still block this malware, as well traditional best security practices such as avoiding opening suspicious email attachments and using strong passwords.
Read More

Source:: Cisco Security Notice