Mit der Veröffentlichung der PBX V13 endet der Support für die PBX V10.
Die Versionen V11 und V12 stehen nach wie vor unter Service. Alle V10 Kunden mit gültigem Software Service Agreement können die neueren Lizenzen kostenfrei beziehen. Gerne stehen wir mit unserer Dienstleistung beim Upgrade zur Seite. Bitte sprechen Sie uns hierzu einfach an.
Marcus Schultes
By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between May 31 and June 7. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More at Talosintelligence.com
ReferenceTRU06142019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.
Source:: Cisco Security Notice
By Gary McNeil Standing at the shores of the Potomac, The Gaylord National Resort and Convention Center National Harbor is gearing up to host the 2019 Gartner Security and Risk Management Summit June 17-20. On in its 24th year, this event is the premier gathering of security, risk management and business continuity management leaders.
In the Digital Age, IT security is everyone’s business and Cisco is looking forward to continuing our tradition of being a Premier sponsor and sharing the latest innovations to improve your security posture and mitigate risk.
Whether you are a CISO looking to network with peers and improve your leadership skills or a security professional looking for practical advice – Cisco has a you covered.
Join us On-site for Private Meetings
Want to talk strategy? Cisco executives and subject matter experts will be available for private meetings. Please contact us to schedule a meeting.
Discount Code: Use priority code SECSP25 and receive $350 off your conference registration.
Cisco Booth 409
Will feature giveaways and demos including:
Featuring:
Endpoint Security
Advanced Malware Protection (AMP) and Cisco Threat Response
Secure Internet Gateway and SD-WAN
Cisco Umbrella, Cisco Cloudlock and Cisco Web Security Appliance (WSA)
Zero Trust
Duo Security, Now Part of Cisco
Network and Cloud Security Analytics
Stealthwatch
NGFW and NGIPS
Firepower and Cisco Defense Orchestrator
Workload Protection
Application and Workload Security
Networking Welcome Reception
Monday, June 17, 2019 | 5:45 p.m. – 7:30 p.m.
Location: Exhibit Showcase
Join us in the Exhibit Showcase for a special circus-themed reception where you can engage with your peers, Gartner Analysts, and exhibitors while enjoying delicious food and beverages, fun games, raffle drawings, and lively entertainment. Also, don’t miss a chance to get a sneak peak at the motorcycle we’ll be raffling off on Wednesday.
Hospitality Suite: Cisco Hog Wild
Wednesday, 5:45 p.m., National Harbor 5
All attendees are invited to cruise over for a night of blues, beer, BBQ, and a chance to win a 2019 Harley-Davidson Softtail Street Bob motorcycle!
Cisco Sessions
SPS13: The Tectonic Shift in Security
By: Gee Rittenhouse, Jeff Reed
Monday, June 17, 2019, 3:15–4 p.m. | Potomac C
Securing today’s modern work environment is increasingly complicated. As technology shifted to lean into the digital business transformation, a new architecture built for a multicloud environment was required. Cisco will discuss the multi-domain architecture needed to securely connect every user, on every device, on every network, to every application.
TH5: Threat Research – Fighting the Good Fight
By: Joel Esler
Monday, June 17, 2019, 1:15–1:40 p.m. | Theater 1, Exhibit Showcase, Prince George’s Hall D
Exploitable vulnerabilities exist. It’s a fact of life in the modern work environment. Attackers are achieving greater ROI with every attack. The counterpunch is threat intelligence. Cisco will discuss the future of threat, the evolving threat landscape and the inescapable need for automated threat intelligence as part of your security architecture.
ETSS3: Building Zero Trust Security Solutions
By: Wendy Nather, Ash Devata
Monday, June 17, 2019, 11:30 a.m.-12 p.m. | Chesapeake 3
Call it “zero trust” or “an initial step on the road to CARTA” – we know the classic design patterns of security have to change. In this session, we’ll talk about different ways to build on the fundamentals of “zero trust,” working together with partners in stages to create better and more usable security.
ETSS15: Future of the Firewall
By: Bret Hartman, Houda Soubra
Tuesday, June 18, 2019, 10:45–11:15 a.m. | Chesapeake 5
The digital transformation underway in many organizations poses an increasing challenge to security operations. Secure your hybrid environments of edge, end point and cloud with a single orchestrator solution to: Streamline policy design and enforcement; automate administrative tasks; improve accuracy; and reduce deployment time.
ETSS17: Designing Security for the Future of Your Network
By: Meg Diaz
Tuesday, June 18, 2019, 3:30–4 p.m. | Chesapeake 2
With the explosion of cloud apps, the move to highly distributed environments (SD-WAN, anyone?), and an increase in mobile workers, the threat landscape isn’t standing still. Learn more about what your peers are experiencing, a new approach to secure roaming users/branch locations, and how Cisco is evolving security to address these challenges in innovative ways.
ETSS23: Workload Security and Visibility
By: Vaishali Ghiya
Wednesday, June 19, 2019, 10:45–11:15 a.m. | Chesapeake 3
Technologies like virtualization, SDN are rapidly rolling out new applications and services. Modern applications no longer reside just within a company’s physical data center but also deploy across a multicloud environment. Learn how to 1) protect workloads 2) deliver a zero-trust security approach with deep visibility and multi-layered segmentation.
View the full agenda here. Don’t forget to download the conference app so that you don’t miss a beat!
Follow us and join the conversation on Twitter, Facebook, LinkedIn.
See you there!
Source:: Cisco Security Notice
By Player Pate
Why rapid attack containment and a short remediation cycle matter
When a new threat gets in the environment, a security incident could unfold very quickly. Detecting the compromise and taking control of the infected endpoint fast is not only critical to preventing the spread of the threat, it is also vital to shrinking the remediation cycle time and cost.
Lessons learned from the ‘Andromeda Strain‘
It only takes a single unknown threat getting a foothold in your network for a damaging incident to cause immeasurable harm to the business. Next thing you know, you’re living Michael Crichton’s “Andromeda Strain,” battling a contagious virus you don’t fully understand. And, like Crichton’s protagonists, you know that the longer you allow the threat to run wild, the more havoc it will wreak.
A little fun fact: when Crichton unleashed his fictional extraterrestrial virus bent on destroying Earth in the “The Andromeda Strain” 50 years ago, the best-seller launched his blockbuster career. The deadly outbreak in the novel started when a military satellite introduced the virus from space, leading scientists on a hair-raising quest to contain it. Andromeda killed nearly instantly. If it didn’t, it wouldn’t be worth a movie and a series years later, after all.
Destroying the mutating Andromeda microbe was a matter of life or death. Containing a rogue endpoint? Maybe not. But with every hour or day, an infection that roams inside your network is driving up your remediation costs. As the attack’s footprint grows, so does the potential of escalation to a full-blown data breach.
‘Time to remediation‘ the new name of the game
The days when mean time to detection (MTTD) was a top cybersecurity KPI have gone the way of legacy AV. Certainly, fast detection is imperative. But that’s not your inflection point. Especially if you’re finding yourself in an Andromeda-type scenario where you have no idea what you’re dealing with.
The containment phase is where you can start taking control from the bad guys and limiting the damage — and avoiding a long, expensive remediation cycle.
In our annual CISO benchmark survey, the number of respondents using MTTD as a metric has decreased from 61% in 2018 to 51% in 2019. For 48% of CISOs, mean time to remediate (MTTR) is the top indicator of cybersecurity posture, compared to 30% in 2018. This shift in focus to rapid incident response and mitigation indicates a strategic change, but a SANS incident response report suggests that it’s also a struggling point. Although 53% of the SANS respondents said they detected incidents within 24 hours, it took the majority (61%) two or more days to remediate.
Turning the table with Cisco AMP for Endpoints
The majority of security incidents, as well as data breaches, involve either malware or an evolved form like ransomware. SANS found that for 37% of organizations, containment takes at least two to seven days. How much mayhem can malware cause in that window? Think WannaCry.
With Cisco AMP for Endpoints, you can rapidly contain the attack by isolating an infected endpoint, so you can stop the threat from spreading. Drastically reducing the footprint of the attack, you can accelerate incident investigation and response, while shrinking remediation costs. Here’s how it works:
From the endpoint connector, isolate an infected endpoint through the cloud console.
The endpoint is removed from the network while maintaining communication with the cloud console — you have complete control of the host and the logging and forensic data.
Automatically trigger endpoint isolation through automation APIs.
Quickly reactivate the host once you return it to a clean state.
Dealing with the ‘comeback kid‘
Threat actors, sadly, don’t take a hint. Like way too many movies and TV shows from the ‘90s, they keep coming back.
Your job is to successfully contain and clean up an infection. The attacker’s “job” is to keep trying. In fact, in the SANS survey, 26% of respondents said they’ve been breached by the same actor more than once.
The challenge is two-fold. On one side is the increased threat complexity. On the other, according to an ESG Research survey, is the heterogenous nature of the defense tools and the manual processes. The survey found that 76% of security pros felt that threat detection and response is more difficult now than two years ago, primarily due to the volume and sophistication of the threats. Almost half agreed or strongly agreed that the process and tooling around detecting and responding to threats are limited, with 64% identifying manual processes as the challenge; and 66% struggled because of the multiple independent point tools.
A few highlights of how Cisco AMP for Endpoints can address these challenges:
Delivers prevention, detection and response capabilities in one solution.
Helps you respond to incidents in hours instead of days or months.
Enables you to proactively hunt for the riskiest 1% of threats.
With retrospective security, it blocks threats as soon as they begin to act maliciously, even if they seemed benign when they entered the endpoint.
You only have to spot a threat once — with our shared intelligence and integrated security architecture, it is blocked anywhere else across the environment.
You never know when you’re facing your next Andromeda. Don’t delay – boost your ability to rapidly contain threats. Learn more or start today with the free trial of Cisco AMP for Endpoints.
Source:: Cisco Security Notice
By Don Meyer The applications we need to do business are no longer just residing in a single, physical data center. Sure, there are some applications running in your on-premises data center. But some are also running in offsite data centers. Or in your private cloud. Or on Amazon Web Services. Many are likely moving in between these various platforms on a regular basis – for example, from on-prem to cloud, and back.
Recent research conducted as part of our CISO Benchmark Survey indicates that organizations are deploying roughly a third of their new technology via physical infrastructure, a third virtually, and another third in the cloud. So how do we effectively control and secure this new, dynamic environment without hindering productivity and user experience?
Moving Security Closer to the Application
Due to the shifts in the way organizations deploy and access applications, the concept of application security must expand. It’s no longer just about testing for software vulnerabilities (though, that is of course part of it). Today’s application security must be multi-faceted, taking into account concepts including visibility, segmentation, access control, performance monitoring, and more. Many of the security concepts already applied to the network must now also be applied directly to the applications themselves.
This week at Cisco Live, we are unveiling our new approach to this challenge, called Cisco Application-First Security.
Cisco Application-First Security for 360°Application Protection
Cisco Application-First Security is designed to leave no stone unturned when it comes to protecting an application. It combines several of our security products into one holistic solution for making sure applications are protected no matter where they go and how they are used. Application-First Security allows organizations to:
See which applications are running and what they are doing – regardless of where they are – to baseline behaviors and uncover any software vulnerabilities or suspicious processes.
Enable automated microsegmentation and application whitelisting to minimize the spread of attacks laterally throughout the data center and network.
Enforce security policies at scale, for thousands of applications, and across hybrid, multi-cloud data centers – without impacting reliability and performance.
Cisco Application-First Security helps you secure your applications running anywhere at the speed of your business with protection that is continuous, adaptive, and closer to the applications. This Application-First Security model allows you to confidently move your business in any direction you demand with security being an enabler for your development teams. With greater insight and control over your applications, you are able to make intelligent decisions, achieve compliance, and reduce risk.
Our new Application-First Security solution consists of the following products:
Cisco Tetration
Cisco Tetration provides holistic workload protection for multi-cloud data centers. It automatically discovers and baselines application behaviors and dependencies, then generates policy for microsegmentation. Policies are enforced at scale, consistently across workloads. Tetration can also track behavior changes to keep the policy up to date as applications move and evolve.
The Tetration platform can also detect issues such as software vulnerabilities, process behavior anomalies, and malware. If issues are identified, it can proactively quarantine servers and block communication. Tetration enforces policy across thousands of applications and hundreds of millions of policy rules – and across bare metal servers, virtual machines, and containers.
Cisco Stealthwatch Cloud
Visibility into the rest of the network is just as critical as application visibility. Cisco Stealthwatch Cloud is a SaaS service that provides complete visibility into network and cloud traffic. It collects telemetry data across the entire network to automatically monitor traffic and identify anomalies that could signify risk – even in encrypted communications.
Stealthwatch can uncover both known and unknown, internal and external threats, improving incident detection and response. In addition to monitoring on-premises infrastructure and private clouds, Stealthwatch can monitor all public cloud environments including Amazon Web Services, Google Cloud Platform, and Microsoft Azure.
Duo Beyond
Duo Beyond from Duo Security (now a part of Cisco) allows you to: 1) identify corporate versus personal devices trying to connect to your environment, 2) block untrusted endpoints, and 3) give your users secure access to internal applications without using VPNs. Duo Beyond expands secure access past traditional, perimeter-based network security with the power to grant access to any application, to any user, from any device, while maintaining security.
With Duo Beyond, you can:
Differentiate between corporate and personal devices.
Limit sensitive data access to only corporate devices.
Limit remote access to specific applications without exposing the network.
AppDynamics
Security and performance go hand in hand. It’s crucial to verify that thorough security measures do not result in a slower network. That’s why our Application-First Security solution includes powerful application performance monitoring from AppDynamics, now a part of Cisco. AppDynamics provides details needed to quickly resolve issues, make user experience improvements, and ensure that applications are always meeting performance expectations – even in the most complex, multi-cloud environments.
Get Started
In today’s threat environment, no one solution can protect corporate infrastructure. Together, the above products provide the visibility and control needed to quickly identify and remediate attack attempts or other risks to application security. Application-First Security also works in conjunction with the rest of Cisco’s comprehensive security portfolio.
Get started on the path to effective, application-first security. And find out how South Africa’s oldest bank powers and protects its data center and applications with Cisco – decreasing problem resolution time from tens of hours to just minutes.
“In addition to security, visibility, and availability, Cisco technologies give all of us the ability to sleep at night.” – First National Bank, South Africa
Subscribe to our Cisco Live blog series to stay updated on all of our Cisco Live 2019 announcements.
Source:: Cisco Security Notice
By Dr. Gee Rittenhouse The market consideration and adoption of software-defined WAN represents the largest WAN transformation in recent history. Organizations are turning to SD-WAN to improve connectivity, reduce costs, and simplify management at their branch locations. In fact, a recent research study from the Enterprise Strategy Group (ESG) found that 4 out of 5 organizations report using SD-WAN in some capacity already. Instead of backhauling all traffic through the corporate network, the research also indicated that 79 percent of organizations are shifting to direct internet access (DIA) for all or some remote and branch offices.* With DIA, enterprises can accelerate their digital transformation with faster access to cloud applications and workloads. While the benefits are clear, this also introduces new security challenges.
The shift to SD-WAN creates new security challenges
Security has to be top of mind as you transform your network with SD-WAN and move to DIA. Branch offices and roaming users are more vulnerable to attacks, and attackers quickly exploit weaknesses. Based on the ESG research, 68 percent of branch offices and roaming users were the source of compromise in recent attacks. And as organizations move to more DIA, this becomes an even greater risk. Scaling security at every location often means more appliances to ship and manage, more policies to separately maintain, which translates into more money and resources needed.
But it doesn’t have to be that way. SD-WAN makes your networking simple and that’s the way that your security should be, too. You need security that can effectively scale across all locations, provide simple management, and enable you to easily add security services as needed.
Extend protection from the network to branch offices to roaming users with powerful cloud security
At Cisco, we want to make sure you have choices with your preferred security solution. Last November, we announced that we built a set of security capabilities into our SD-WAN devices to provide a complete on-prem solution. Now, we are delivering additional feature functionality to Umbrella, our market leading security cloud platform, to deliver a complete secure internet gateway (SIG) so you can secure your SD-WAN from the cloud. When it comes to protecting your SD-WAN, Cisco provides the flexibility you need whether on-prem, in the cloud, or both. Regardless of your deployment choice, we have you covered.
Built on top of the fastest and most reliable infrastructure, Umbrella provides simple deployment and management. In a single cloud platform, it unifies multiple layers of security—including DNS, secure web gateway, firewall, and cloud access security (CASB). It also acts as your secure onramp to the internet by offering secure internet access and controlled SaaS usage across all locations and roaming users. And we continue to deeply integrate Umbrella with Cisco SD-WAN to deliver ease of use that is unmatched across the industry.
As a leader in both networking and security, only Cisco can deliver a truly secure experience. We’re committed to offering security that is integrated into our network solutions, with simple configuration and unified policies that can be easily enforced across your entire enterprise, in every location, and anywhere users travel. As demonstrated by our expanding capabilities, we continue to make huge investments in our R&D to rapidly make our cloud security even stronger.
As you make the transition to SD-WAN and DIA, you can trust Cisco to bring together the best in SD-WAN with the most effective, most reliable, and simplest cloud security to protect it. This is just the start of the journey!
If you’re ready to learn more, visit umbrella.cisco.com/sd-wan. And if you are attending Cisco Live U.S., stop by the Umbrella booth in the World of Solutions to get a demo.
*ESG Research Survey, Cisco Secure Internet Gateway Survey, January 2019
Source:: Cisco Security Notice
Der neue FortiExtender 40D-AMEU ist da, jetzt mit dem Wireless Chip E7455 des renommierten Herstellers Sierra Wireless.
Der FortiExtender ermöglicht es Ihnen, eine drahtlose Backup-Verbindung für Ihre Infrastruktur einzusetzen. Dies ist wichtig für all jene Kunden, die auf die Verfügbarkeit der Internetverbindung angewiesen sind. Dabei kann der FortiExtender wie im Schaubild gezeigt eingesetzt werden:
In Verbindung mit einer FortiGate realisieren wir für Sie automatisierte, dynamische Funk-Backups. Das Prinzip haben wir in einem Artikel bereits beschrieben.
Gab es früher oftmals Probleme bei der Auswahl eines passenden LTE-Modems, sollten diese durch die Verwendung des Sierra Wireless Chipsatzes E7455 der Vergangenheit angehören, denn dieser ist für einen weltweiten Einsatz konzipiert und kann unterschiedliche Frequenzbänder bedienen.
Mehr zu unseren Backup-Lösungen erfahren Sie gerne auch im persönlichen Gespräch mit uns.
