Finding ROI Gold in Real-time Customer Feedback

By McCall Moore Partner Success Story
Too often, businesses find out about unhappy customers after they’ve left. Maybe the hotel room was too hot, or they were less than impressed with the free breakfast. The chance to make good is gone, and now there’s a negative online review and a lost opportunity for customer loyalty.
Thankfully, companies are catching on to the beauty of real-time customer feedback, allowing staff to address issues on the spot, and turning negative experiences into positive ones. Local Measure is a leading customer experience platform for the hospitality industry, and their Pulse solution captures feedback that helps convert critics into loyal customers.
It’s simple and seamless: with Pulse in place alongside Cisco Wi-Fi Solutions, customers can easily login through a captive portal—immediately receiving the question “How is your experience going so far?” with an option to tap on an emoji rating. A negative rating generates a request for details, capturing the info in a customer profile and letting staff address the issue right away.
With Local Measure Pulse, businesses can reduce negative online reviews, improve customer satisfaction, and even increase spend per customer. But can real-time feedback also help companies boost their bottom line? That’s the question Local Measure asked when they commissioned Forrester Consulting to conduct a Total Economic Impact (TEI) study.
The answer was a resounding yes. The study, The Total Economic Impact of Local Measure’s Pulse, analyzed the solution’s ability to reduce service costs and improve guest experience and staff efficiency—and revealed a potential ROI of 280%.
And the benefits don’t stop there. Solutions like Pulse help businesses know their customers better, capturing feedback and contact details. All the while, managers have eyes into how quickly front-line teams respond to customers. While many companies gather customer feedback, now they can prove its financial benefits—seizing the attention of the C-suite and putting exceptional customer experiences top of mind
Between sad emoji and heart-eyes, there’s a bridge.
Share your story on what you are making possible for our customers.

Source:: Cisco Security Notice

/von

Vulnerability Spotlight: Remote code execution vulnerabilities in Simple DirectMedia Layer

By Talos Group Simple DirectMedia Layer contains two vulnerabilities that could an attacker to remotely execute code on the victim’s machine. Both bugs are present in the SDL2_image library, which is used for loading images in different formats. There are vulnerabilities in the function responsible for loading PCX files. A specially crafted PCX file can lead to a heap buffer overflow and remote code execution in both cases.
In accordance with our coordinated disclosure policy, Cisco Talos worked with SDL to ensure that these issues are resolved and that an update is available for affected customers. Check out the Talos blog for all the details and coverage.

Source:: Cisco Security Notice

/von

FortiGate 100F – F wie flott

,

Eine neue Generation der weit verbreiteten 100er Serie der FortiGate geht an den Start. Die FortiGate 100F (wobei das F durchaus für flott stehen könnte) punktet z.B. mit dem nagelneuen SoC4, der von Fortinet als SD-WAN ASIC konzipiert wurde. Diese Vorteile bietet die FortiGate 100F:

  • SD-WAN optimierte Hardware dank SoC4
  • 20 Gbps Firewall Durchsatz
  • 700 Mbps Threat Protection Durchsatz
  • 2x 10 GE SFP+
  • Eingebautes redundantes Netzteil

Das Highlight ist hierbei, dass SD-WAN-Funktionalität direkt mit dem Thema Sicherheit vereint in einer Lösung geliefert wird.

Das Datenblatt zur FortiGate 100F finden Sie hier.

Über den Einsatz auch in Ihrem Hause sprechen wir sehr gerne mit Ihnen.

DSC_2012 klein
Frank Erlinghagen
02261 9155055
erlinghagen@oberberg.net
Dirk Zurawski
02261 9155051
zurawski@oberberg.net
DSC_2022 klein

Bastian Breidenbach

breidenbach@oberberg.net

/von

RATs and stealers rush through “Heaven’s Gate” with new loader

By Talos Group Malware is constantly finding new ways to avoid detection. This doesn’t mean that some will never be detected, but it does allow adversaries to increase the period of time between initial release and detection. Flying under the radar for just a few days is enough to infect sufficient machines to earn a decent amount of revenue for an attack. Cisco Talos recently discovered a new campaign delivering the HawkEye Reborn keylogger and other malware that proves attackers are constantly creating new ways to avoid antivirus detection. In this campaign, the attackers built a complex loader to ensure antivirus systems to not detect the payload malware. Among these features is the infamous “Heaven’s Gate” technique — a trick that allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment. In this blog, we will show how to analyze this loader quickly, and provide an overview of how these attackers deliver the well-known HawkEye Reborn malware. During our analysis, we also discovered several notable malware families, including Remcos and various cryptocurrency mining trojans, leveraging the same loader in an attempt to evade detection and impede analysis.
Read More >>

Source:: Cisco Security Notice

/von

Get a Security System, not a Security Smorgasbord

By John Dominguez If you’re still juggling a lot of cyber security tools, you’re not alone. Even as businesses make headway on trimming point-solutions, the recently released Cisco CISO Benchmark Report found that 14% of security leaders are managing more than 20 vendors. And 3% are dealing with over 50.
It’s easy for this to get out of hand. Customers tell us they acquired product A to solve problem A, product B to solve problem B, and so on. Before long, they’re overloaded with point-products that work independently and create tons of siloed data points. The products don’t draw connections between the data to help network administrators understand event context.
It’s almost like having alarm sensors from different security companies on every door to your home. It’s not better, simpler, or easier to manage.
Cisco is helping customers simplify their security ecosystems with powerful tools that work together to automatically thwart cyber attacks. The Cisco Integrated Security Portfolio includes Cisco Next-Generation Firewalls (NGFW) and Cisco Advanced Malware Protection (AMP) for Endpoints. These two tools automatically work together to provide comprehensive threat protection from the network edge to the endpoint. And using the Cisco Threat Response management console, you can take corrective action directly from a single interface.
The power of coordination
This powerful partnership starts with breach prevention. Stopping cyberattacks before they can embed themselves in your extended network is crucial. The Cisco NGFW and AMP for Endpoints both draw threat intelligence from the Cisco Talos Security Intelligence and Research Group to actively block threats in real time. Cisco NGFW monitors and blocks malicious traffic and files at the network perimeter, while Cisco AMP for Endpoints blocks malicious files at the endpoint point-of-inspection.
But what if an attacker or extremely sophisticated malware manages to creep inside? It can happen—cybercriminals are persistent, and malware gets smarter every day. This is where the coordination of Cisco NGFW and AMP can really make a difference. If NGFW sees a threat on the network, it’s contained there and blocked access to the endpoint. If AMP for Endpoints sees trouble on the endpoint, it is automatically quarantined there and blocked from traversing the network. Threat information and event data is shared amongst all Cisco security tools. The system works together so that if a threat is seen once, it is stopped everywhere. This provides continuous visibility across multiple attack vectors for rapid, automatic detection and response.
And the best part? This network and endpoint information is all aggregated in one place – the Cisco Threat Response management console. You can see all of this information in intuitive, configurable graphs for better situational awareness and quick conclusions. You can take corrective action and make decisions across your entire network from one management plane. You can block suspicious files, domains, and more—without having to log in to another product first. Want to see even more network or endpoint detail? One click and you’re inside Cisco AMP for Endpoints or the Cisco NGFW native console.
One proven, efficient system
We work with businesses every day to help them defend their networks and keep security management simple so their teams can be as efficient as possible. Cisco Next-Generation Firewalls and Cisco AMP for Endpoints, along with the Cisco Threat Response management console, offer breach prevention, continuous visibility, rapid detection, automated response, and efficient management from one console.
To learn more about Cisco NGFW and Cisco AMP for Endpoints, click here.

Source:: Cisco Security Notice

/von

Using Amazon Web Services? Cisco Stealthwatch Cloud has all your security needs covered

By Jeff Moncrief Like many consumers of public cloud infrastructure services, organizations that run workloads in Amazon Web Services (AWS) face an array of security challenges that span from traditional threat vectors to the exploitation of more abstract workloads and entry points into the infrastructure.
This week at AWS re:Inforce, a new feature for AWS workload visibility was announced – AWS Virtual Private Cloud (VPC) Traffic Mirroring. This feature allows for a full 1:1 packet capture of the traffic flowing within and in/out of a customer’s VPC environment. This allows for vendors to provide visibility into the entire AWS traffic, and the ability to perform network and security analytics. Cisco Steathwatch Cloud is able to fully leverage VPC Traffic Mirroring for transactional network conversation visibility, threat detection and compliance risk alerting.
Stealthwatch Cloud is actually unique in that we have had this level of traffic visibility and security analytics deep within an AWS infrastructure for a number of years now with our ability to ingest AWS VPC Flow Logs. VPC Flow Logs allow for a parallel level of visibility in AWS without having to deploy any sensors or collectors. This method of infrastructure visibility allows for incredibly easy deployment within many AWS VPCs and accounts at scale in a quick-to-operationalize manner with Stealthwatch Cloud’s SaaS visibility and threat detection solution. In fact, you can deploy Stealthwatch Cloud within your AWS environment in as little as 10 minutes!
Additionally, we are seeing that the majority of customer traffic in, out and within a VPC is encrypted. Stealthwatch Cloud is designed from the ground up to assume that the traffic is encrypted and to model every entity and look for threats leveraging a multitude of data points regardless of payload.
Stealthwatch Cloud takes the AWS visibility and protection capability even deeper by leveraging the AWS API to retrieve a wide array of telemetry from the AWS backend to tell a richer story of what’s actually going on throughout the AWS environment, far beyond just monitoring the network traffic itself. We illuminate API keys, user accounts, CloudTrail audit log events, instance tags, abstract services such as Redshift, RDS, Inspector, ELBs, Lambdas, S3 buckets, Nat Gateways and many other services many of our customers are using beyond just VPCs and EC2 instances.
Here is a screenshot from the customer portal with just a sample of the additional value Stealthwatch Cloud offers AWS customers in addition to our network traffic analytics:

The following screenshot shows how we are able to extend our behavioral anomaly detection and modeling far beyond just EC2 instances and are able to learn “known good” for API keys, user accounts and other entry points into the environment that customers need to be concerned about:

Combine this unique set of rich AWS backend telemetry with the traffic analytics that we can perform with either VPC Flow Logs or VPC Traffic Mirroring, and we are able to ensure that customers are protected regardless of where the threat vector into their AWS deployment may exist – at the VPC ingress/egress, at the AWS web login screen or leveraging API keys. Cisco is well aware that our customers are using a broad set of services in AWS that stretch from virtual machines to serverless and Kubernetes. Stealthwatch Cloud is able to provide the visibility, accountability and threat detection across the Kill Chain in any of these environments today.
Try today!
Interested in Cisco Stealthwatch Cloud? You can try it today with our no-risk, 60-day free trial. To sign up, click here or visit us on the AWS Marketplace.

Source:: Cisco Security Notice

/von

Threat Roundup for June 21 to June 28

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 21 and June 28. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More at Talosintelligence.com

ReferenceTRU06282019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice

/von

Gute Gründe für Cisco Services

,

Gute Gründe für Cisco Services

Oft werden wir gefragt, ob der Abschluss eines Cisco Servicevertrages Sinn macht, oder ob das lediglich Geld kostet und eigentlich gar nicht benötigt wird. Sicher sind diese Services nicht umsonst zu bekommen, aber der Gegenwert ist groß. Wir beantworten hier gesammelt Fragen, die uns in diesem Zusammenhang gestellt wurden.

Cisco Services sind uns zu teuer.

Bei der Entscheidung für oder gegen einen Cisco Service Vertrag, sollten Sie unbedingt die Kosten für mögliche Ausfallzeiten und die Behebung des Problems berücksichtigen. Die Lösung eines einzelnen Problems kann schnell die Kosten des gesamten Vertrages übersteigen. Falls der höhere, finanzielle Invest zu Anfang des Vertrages ein Thema sein sollte oder eine monatliche Zahlweise gewünscht ist, so könnte Cisco Capital eine praktikable Lösung darstellen.

 

Wir haben doch eine Garantie. Reicht das nicht aus?

Die Garantie schützt ausschließlich bei Produktfehlern. Tatsächlich haben 95% der Supportanfragen bei uns und Cisco nichts mit Geräteausfällen zu tun, die von der Garantie abgedeckt werden. Mit einem Servicevertrag erhalten Sie den kompetenten technischen Support des Technical Assistant Center (TAC), schnelle Ersatzteillieferung (in 2 oder 4 Stunden oder am nächsten Werktag) und laufende Updates. Zudem haben Sie (oder Oberberg-Online in Ihrem Namen) Zugriff auf proaktive Diagnosen und auf die Wissensdatenbank auf Cisco.com. Im Fall der Fälle kann diese spezielle Unterstützung dabei helfen, Probleme schnellstmöglich zu beheben, um damit die Ausfallzeit so gering wie möglich zu halten.

 

Warum muss ich das Betriebssystem aktualisieren?

Auf dem Betriebssystem werden alle Cisco-Anwendungen ausgeführt. Anwendungen die auf einem veralteten Betriebssystem laufen, sind sehr anfällig für Hacker-Angriffe. Dadurch wird das gesamte Netzwerk gefährdet. Darüber hinaus bieten Betriebssystem-Updates immer die neuesten Funktionen. Nichts Anderes machen Sie ja auch bei Ihren Servern und Arbeitsplatz-PCs.

 

Wir schließen einfach nach Ablauf der Garantie einen Service-Vertrag ab

Die Cisco-Standardgarantie bietet nicht dieselben Vorteile und Sicherheiten wie ein Servicevertrag. LLW-Garantien (Limited Lifetime Warranty) sind zudem nur für ausgewählte Produkte verfügbar. Beispielsweise bietet eine LLW Garantie den Versand von Hardware-Ersatz innerhalb von 10 Tagen und bietet keinen technischen Support durch das Technical Assistant Center (TAC).

 

Ich brauche keinen Service. Ich habe Ersatzteile auf Lager.

Ausschließlich Ersatzteile vorrätig zu halten, ist nur die halbe Miete. Darüber hinaus müssen in System, Sicherheit und interne Experten investiert werden. Diese Kosten übersteigen schnell die Kosten eines Service-Vertrags.

 

Ergänzend zum Hersteller Service bietet Oberberg-Online den Abschluss ergänzender Services an. Damit übernehmen wir im Falle eines Falles die Abwicklung mit dem TAC für Sie, sorgen für Software-Updates und monitoren auf Wunsch die Verfügbarkeit Ihrer Infrastruktur. Zusammen bietet Ihnen das ein rundum sorglos Paket. Sprechen Sie uns einfach darauf an:

DSC_2022 klein
Bastian Breidenbach

breidenbach@oberberg.net

Dirk Zurawski
02261 9155051
zurawski@oberberg.net
DSC_2012 klein
Frank Erlinghagen
02261 9155055
erlinghagen@oberberg.net
/von

Welcome Spelevo: New exploit kit full of old tricks

By Talos Group
Nick Biasini authored this post with contributions from Caitlyn Hammond.
Executive summary
Exploit kits are an ever-present and often forgotten threat on the landscape today. Their popularity seemed to peak several years ago with the success and eventual downfall of some of the best compromise platforms ever created, including the Angler Exploit Kit. These kits generated millions of dollars from their victims and they are still effective. One of their biggest appeals today is the removal of reliance on user assistance. Increasingly, on the crimeware landscape today, user assistance is required, whether it’s through blatant social engineering attacks like ongoing sextortion campaigns or through the countless malspam messages traversing the globe daily, users are required to help achieve infection. That is where exploit kits stand alone as an effective web-based platform for compromise that only requires users to surf the internet.
Today, Cisco Talos is unveiling the details of a new exploit kit campaign that proves exploit kits are still a threat and should be taken seriously by defenders: Spelevo. This recent campaign leveraged a compromised business-to-business site to deliver Spelevo, one of the first new kits we’ve seen in months.
Read More >>

Source:: Cisco Security Notice

/von

Threat Roundup for June 14 to June 21

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 14 and June 21. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More >>
ReferenceTRU06212019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice

/von