Eine neue Generation der weit verbreiteten 100er Serie der FortiGate geht an den Start. Die FortiGate 100F (wobei das F durchaus für flott stehen könnte) punktet z.B. mit dem nagelneuen SoC4, der von Fortinet als SD-WAN ASIC konzipiert wurde. Diese Vorteile bietet die FortiGate 100F:

  • SD-WAN optimierte Hardware dank SoC4
  • 20 Gbps Firewall Durchsatz
  • 700 Mbps Threat Protection Durchsatz
  • 2x 10 GE SFP+
  • Eingebautes redundantes Netzteil

Das Highlight ist hierbei, dass SD-WAN-Funktionalität direkt mit dem Thema Sicherheit vereint in einer Lösung geliefert wird.

Das Datenblatt zur FortiGate 100F finden Sie hier.

Über den Einsatz auch in Ihrem Hause sprechen wir sehr gerne mit Ihnen.

DSC_2012 klein
Frank Erlinghagen
02261 9155055
erlinghagen@oberberg.net
Dirk Zurawski
02261 9155051
zurawski@oberberg.net
DSC_2022 klein

Bastian Breidenbach

breidenbach@oberberg.net

By Talos Group Malware is constantly finding new ways to avoid detection. This doesn’t mean that some will never be detected, but it does allow adversaries to increase the period of time between initial release and detection. Flying under the radar for just a few days is enough to infect sufficient machines to earn a decent amount of revenue for an attack. Cisco Talos recently discovered a new campaign delivering the HawkEye Reborn keylogger and other malware that proves attackers are constantly creating new ways to avoid antivirus detection. In this campaign, the attackers built a complex loader to ensure antivirus systems to not detect the payload malware. Among these features is the infamous “Heaven’s Gate” technique — a trick that allows 32-bit malware running on 64-bit systems to hide API calls by switching to a 64-bit environment. In this blog, we will show how to analyze this loader quickly, and provide an overview of how these attackers deliver the well-known HawkEye Reborn malware. During our analysis, we also discovered several notable malware families, including Remcos and various cryptocurrency mining trojans, leveraging the same loader in an attempt to evade detection and impede analysis.
Read More >>

Source:: Cisco Security Notice

By John Dominguez If you’re still juggling a lot of cyber security tools, you’re not alone. Even as businesses make headway on trimming point-solutions, the recently released Cisco CISO Benchmark Report found that 14% of security leaders are managing more than 20 vendors. And 3% are dealing with over 50.
It’s easy for this to get out of hand. Customers tell us they acquired product A to solve problem A, product B to solve problem B, and so on. Before long, they’re overloaded with point-products that work independently and create tons of siloed data points. The products don’t draw connections between the data to help network administrators understand event context.
It’s almost like having alarm sensors from different security companies on every door to your home. It’s not better, simpler, or easier to manage.
Cisco is helping customers simplify their security ecosystems with powerful tools that work together to automatically thwart cyber attacks. The Cisco Integrated Security Portfolio includes Cisco Next-Generation Firewalls (NGFW) and Cisco Advanced Malware Protection (AMP) for Endpoints. These two tools automatically work together to provide comprehensive threat protection from the network edge to the endpoint. And using the Cisco Threat Response management console, you can take corrective action directly from a single interface.
The power of coordination
This powerful partnership starts with breach prevention. Stopping cyberattacks before they can embed themselves in your extended network is crucial. The Cisco NGFW and AMP for Endpoints both draw threat intelligence from the Cisco Talos Security Intelligence and Research Group to actively block threats in real time. Cisco NGFW monitors and blocks malicious traffic and files at the network perimeter, while Cisco AMP for Endpoints blocks malicious files at the endpoint point-of-inspection.
But what if an attacker or extremely sophisticated malware manages to creep inside? It can happen—cybercriminals are persistent, and malware gets smarter every day. This is where the coordination of Cisco NGFW and AMP can really make a difference. If NGFW sees a threat on the network, it’s contained there and blocked access to the endpoint. If AMP for Endpoints sees trouble on the endpoint, it is automatically quarantined there and blocked from traversing the network. Threat information and event data is shared amongst all Cisco security tools. The system works together so that if a threat is seen once, it is stopped everywhere. This provides continuous visibility across multiple attack vectors for rapid, automatic detection and response.
And the best part? This network and endpoint information is all aggregated in one place – the Cisco Threat Response management console. You can see all of this information in intuitive, configurable graphs for better situational awareness and quick conclusions. You can take corrective action and make decisions across your entire network from one management plane. You can block suspicious files, domains, and more—without having to log in to another product first. Want to see even more network or endpoint detail? One click and you’re inside Cisco AMP for Endpoints or the Cisco NGFW native console.
One proven, efficient system
We work with businesses every day to help them defend their networks and keep security management simple so their teams can be as efficient as possible. Cisco Next-Generation Firewalls and Cisco AMP for Endpoints, along with the Cisco Threat Response management console, offer breach prevention, continuous visibility, rapid detection, automated response, and efficient management from one console.
To learn more about Cisco NGFW and Cisco AMP for Endpoints, click here.

Source:: Cisco Security Notice

By Jeff Moncrief Like many consumers of public cloud infrastructure services, organizations that run workloads in Amazon Web Services (AWS) face an array of security challenges that span from traditional threat vectors to the exploitation of more abstract workloads and entry points into the infrastructure.
This week at AWS re:Inforce, a new feature for AWS workload visibility was announced – AWS Virtual Private Cloud (VPC) Traffic Mirroring. This feature allows for a full 1:1 packet capture of the traffic flowing within and in/out of a customer’s VPC environment. This allows for vendors to provide visibility into the entire AWS traffic, and the ability to perform network and security analytics. Cisco Steathwatch Cloud is able to fully leverage VPC Traffic Mirroring for transactional network conversation visibility, threat detection and compliance risk alerting.
Stealthwatch Cloud is actually unique in that we have had this level of traffic visibility and security analytics deep within an AWS infrastructure for a number of years now with our ability to ingest AWS VPC Flow Logs. VPC Flow Logs allow for a parallel level of visibility in AWS without having to deploy any sensors or collectors. This method of infrastructure visibility allows for incredibly easy deployment within many AWS VPCs and accounts at scale in a quick-to-operationalize manner with Stealthwatch Cloud’s SaaS visibility and threat detection solution. In fact, you can deploy Stealthwatch Cloud within your AWS environment in as little as 10 minutes!
Additionally, we are seeing that the majority of customer traffic in, out and within a VPC is encrypted. Stealthwatch Cloud is designed from the ground up to assume that the traffic is encrypted and to model every entity and look for threats leveraging a multitude of data points regardless of payload.
Stealthwatch Cloud takes the AWS visibility and protection capability even deeper by leveraging the AWS API to retrieve a wide array of telemetry from the AWS backend to tell a richer story of what’s actually going on throughout the AWS environment, far beyond just monitoring the network traffic itself. We illuminate API keys, user accounts, CloudTrail audit log events, instance tags, abstract services such as Redshift, RDS, Inspector, ELBs, Lambdas, S3 buckets, Nat Gateways and many other services many of our customers are using beyond just VPCs and EC2 instances.
Here is a screenshot from the customer portal with just a sample of the additional value Stealthwatch Cloud offers AWS customers in addition to our network traffic analytics:

The following screenshot shows how we are able to extend our behavioral anomaly detection and modeling far beyond just EC2 instances and are able to learn “known good” for API keys, user accounts and other entry points into the environment that customers need to be concerned about:

Combine this unique set of rich AWS backend telemetry with the traffic analytics that we can perform with either VPC Flow Logs or VPC Traffic Mirroring, and we are able to ensure that customers are protected regardless of where the threat vector into their AWS deployment may exist – at the VPC ingress/egress, at the AWS web login screen or leveraging API keys. Cisco is well aware that our customers are using a broad set of services in AWS that stretch from virtual machines to serverless and Kubernetes. Stealthwatch Cloud is able to provide the visibility, accountability and threat detection across the Kill Chain in any of these environments today.
Try today!
Interested in Cisco Stealthwatch Cloud? You can try it today with our no-risk, 60-day free trial. To sign up, click here or visit us on the AWS Marketplace.

Source:: Cisco Security Notice

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 21 and June 28. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More at Talosintelligence.com

ReferenceTRU06282019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice

Gute Gründe für Cisco Services

Oft werden wir gefragt, ob der Abschluss eines Cisco Servicevertrages Sinn macht, oder ob das lediglich Geld kostet und eigentlich gar nicht benötigt wird. Sicher sind diese Services nicht umsonst zu bekommen, aber der Gegenwert ist groß. Wir beantworten hier gesammelt Fragen, die uns in diesem Zusammenhang gestellt wurden.

Cisco Services sind uns zu teuer.

Bei der Entscheidung für oder gegen einen Cisco Service Vertrag, sollten Sie unbedingt die Kosten für mögliche Ausfallzeiten und die Behebung des Problems berücksichtigen. Die Lösung eines einzelnen Problems kann schnell die Kosten des gesamten Vertrages übersteigen. Falls der höhere, finanzielle Invest zu Anfang des Vertrages ein Thema sein sollte oder eine monatliche Zahlweise gewünscht ist, so könnte Cisco Capital eine praktikable Lösung darstellen.

 

Wir haben doch eine Garantie. Reicht das nicht aus?

Die Garantie schützt ausschließlich bei Produktfehlern. Tatsächlich haben 95% der Supportanfragen bei uns und Cisco nichts mit Geräteausfällen zu tun, die von der Garantie abgedeckt werden. Mit einem Servicevertrag erhalten Sie den kompetenten technischen Support des Technical Assistant Center (TAC), schnelle Ersatzteillieferung (in 2 oder 4 Stunden oder am nächsten Werktag) und laufende Updates. Zudem haben Sie (oder Oberberg-Online in Ihrem Namen) Zugriff auf proaktive Diagnosen und auf die Wissensdatenbank auf Cisco.com. Im Fall der Fälle kann diese spezielle Unterstützung dabei helfen, Probleme schnellstmöglich zu beheben, um damit die Ausfallzeit so gering wie möglich zu halten.

 

Warum muss ich das Betriebssystem aktualisieren?

Auf dem Betriebssystem werden alle Cisco-Anwendungen ausgeführt. Anwendungen die auf einem veralteten Betriebssystem laufen, sind sehr anfällig für Hacker-Angriffe. Dadurch wird das gesamte Netzwerk gefährdet. Darüber hinaus bieten Betriebssystem-Updates immer die neuesten Funktionen. Nichts Anderes machen Sie ja auch bei Ihren Servern und Arbeitsplatz-PCs.

 

Wir schließen einfach nach Ablauf der Garantie einen Service-Vertrag ab

Die Cisco-Standardgarantie bietet nicht dieselben Vorteile und Sicherheiten wie ein Servicevertrag. LLW-Garantien (Limited Lifetime Warranty) sind zudem nur für ausgewählte Produkte verfügbar. Beispielsweise bietet eine LLW Garantie den Versand von Hardware-Ersatz innerhalb von 10 Tagen und bietet keinen technischen Support durch das Technical Assistant Center (TAC).

 

Ich brauche keinen Service. Ich habe Ersatzteile auf Lager.

Ausschließlich Ersatzteile vorrätig zu halten, ist nur die halbe Miete. Darüber hinaus müssen in System, Sicherheit und interne Experten investiert werden. Diese Kosten übersteigen schnell die Kosten eines Service-Vertrags.

 

Ergänzend zum Hersteller Service bietet Oberberg-Online den Abschluss ergänzender Services an. Damit übernehmen wir im Falle eines Falles die Abwicklung mit dem TAC für Sie, sorgen für Software-Updates und monitoren auf Wunsch die Verfügbarkeit Ihrer Infrastruktur. Zusammen bietet Ihnen das ein rundum sorglos Paket. Sprechen Sie uns einfach darauf an:

DSC_2022 klein
Bastian Breidenbach

breidenbach@oberberg.net

Dirk Zurawski
02261 9155051
zurawski@oberberg.net
DSC_2012 klein
Frank Erlinghagen
02261 9155055
erlinghagen@oberberg.net

By Talos Group
Nick Biasini authored this post with contributions from Caitlyn Hammond.
Executive summary
Exploit kits are an ever-present and often forgotten threat on the landscape today. Their popularity seemed to peak several years ago with the success and eventual downfall of some of the best compromise platforms ever created, including the Angler Exploit Kit. These kits generated millions of dollars from their victims and they are still effective. One of their biggest appeals today is the removal of reliance on user assistance. Increasingly, on the crimeware landscape today, user assistance is required, whether it’s through blatant social engineering attacks like ongoing sextortion campaigns or through the countless malspam messages traversing the globe daily, users are required to help achieve infection. That is where exploit kits stand alone as an effective web-based platform for compromise that only requires users to surf the internet.
Today, Cisco Talos is unveiling the details of a new exploit kit campaign that proves exploit kits are still a threat and should be taken seriously by defenders: Spelevo. This recent campaign leveraged a compromised business-to-business site to deliver Spelevo, one of the first new kits we’ve seen in months.
Read More >>

Source:: Cisco Security Notice

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 14 and June 21. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More >>
ReferenceTRU06212019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice

By Steve Benvenuto Known as a leader in cybersecurity and technology insights for the channel, Canalys released their Cybersecurity Leadership Matrix for 2019. For this matrix, 15 cybersecurity companies were graded on momentum and channel performance over the past 12 months. Unique feedback from channel partners and Canalys analyst insights were used to rank the list of cybersecurity vendors. Of the 15 companies, five of the companies were named in the upper-right quadrant labeled “Champions.” As a team, we are excited to announce that Cisco was recognized as the company with the highest combination of momentum and rating.

Canalys cybersecurity analysis leverages route-to-market, end-user and technology deployment insights to determine top cybersecurity vendors. Their analysis focuses on five security segments: endpoint security, network security, data security, vulnerability and security analytics, and web and email security.
Based off these criteria, Canalys labeled Cisco as a champion due to “not only its leading market share, but its ongoing investment in partner profitability, offering higher front-end margins to encourage cross-product integration sales.” Canalys offers two great insights: Cisco’s ongoing investment in partners, and Cisco’s cross-production integrations.
As Canalys mentions, Cisco Security is a leader in market share, and with the investments in partners and products, Cisco Security continues to show market leader in momentum. Of the fifteen vendors, Cisco Security places second in momentum behind Juniper, but Juniper is not in the top quadrant for rating. Cisco received the highest rating out of all 15 vendors. No company can combine the momentum Cisco is experiencing with the high product rating. As Canalys mentions, much of this can be attribute to a strong investment in partners who are able to deliver personalized security solutions to end-consumers at scale.
Second, Canalys highlights Cisco’s cross-product integration sales. No cybersecurity company offers an extensive, integrated security portfolio like Cisco. In reality, security solutions require strong solutions covering the entire breadth of the five segments Canalys focuses on. Fragmenting your security portfolio with average solutions in each segment leads to an average solution. Deploying market-leading solutions in each segment that integrate seamlessly together however, results in a market-leading, holistic cybersecurity posture like Cisco Security’s.
Canalys further mentions that software security solutions will continue to increasingly dominate the market. As this trend increases, Cisco integrations become more valuable with unifying tools like Cisco Threat Response, or with cloud-based firewall management tools like Cisco Defense Orchestrator. Both solutions empower IT departments by providing the tools to automate policy enforcement, threat detection, and threat response.
Overall, this is exciting news for the entire Cisco Security team. We are dedicated to our partners‘ success and profitability, and these results from Canalys further prove that Cisco Security is a growth driver for our partners. See all of the latest promotionsand incentiveswe have available here. Stay in the know on all things Cisco Security by checking out our Security Hub or Selling Security for Partners site.
For more on Canalys’s Cybersecurity Leadership Matrix 2019, find their report here.

Source:: Cisco Security Notice

By John Dominguez The firewall remains the front line of cyber-defense for most organizations. The firewall protects an organization’s network, and that function isn’t going away anytime soon. Remember when people used to say, “the firewall is dead”? The numbers tell a different story. Gartner forecasts that this market will grow from $12.5 billion in 2018 to $16.2 billion in 2023. That’s one of the single largest product markets in all of cybersecurity.
Many security and networking teams are also starting to use the firewall as the main hub to manage and orchestrate other security tools. In the past, advanced services used to be delivered via separate security appliances or software. But now, many next-generation firewalls include built-in threat intelligence feeds, intrusion prevention, advanced malware protection, URL filtering, identity services and more. It makes sense. Why pivot between multiple security tools when your firewall could do most of it.
This trend of consolidated services within the firewall also runs parallel to a much broader trend in cybersecurity – vendor consolidation and the transition to a “platform” approach to cybersecurity. Security and networking teams want an integrated, seamless security “system” instead of having to juggle multiple, disparate security tools. For years, they’ve been buying individual security products to solve specific problems. Protect the network – buy a firewall. Stop advanced threats – buy an intrusion prevention system or advanced malware system. Block malicious websites – buy a web security appliance. And so on. It didn’t matter what vendor they came from. You’d buy the best tool for the job that was available on the market.
The problem with this approach is how to efficiently operationalize all of those different products. More products require more people to manage them. If the products don’t automatically share information or work together to solve security problems (because they come from different vendors), then manual intervention is required. Is this starting to sound complex? It is. And it’s the reason network and security teams began to seek out integrated security “platforms” that make management easier.
In a recently published video, featured Gartner analyst Nat Smith and Cisco SVP Gee Rittenhouse discuss these trends in the firewall marketplace, and how they could impact your team’s approach to cyberdefense.

Source:: Cisco Security Notice