Archiv für die Kategorie: Cisco Security Notice

By Harvey Jang Privacy is an evolving topic with diverse perspectives on how best to balance the rights and interests of consumers and companies. As allegations of data mishandling fill headlines, privacy is now front and center on everyone’s minds. While data has been the lifeblood of innovation and economic growth, there has also been excessive data collection, lax security, and undisclosed sharing. Public opinion and new laws are starting to curtail some of this bad behavior – creating both compliance challenges and business/brand opportunities.
Respecting privacy is a balancing act between the companies collecting data and the consumers providing it. To earn and preserve (or in some cases regain) trust, companies must be transparent, fair, and accountable.
“Meaningful transparency” is a bit elusive, but certainly requires more than just a “legally compliant”, lengthy privacy notice. Transparency requires being open and honest about what data is collected, why it’s needed, how it’s used, the benefits to consumers and businesses, data sharing/sale, and how data protected throughout its lifecycle.
In turn, transparency drives fairness — the market (consumers, regulators, and plaintiffs‘ lawyers) will judge if a company’s practices are appropriate. It has become increasingly apparent that consumers do care about privacy and are taking action to protect it (e.g., switching vendors, calling for legislative action, lodging complaints with regulators, initiating legal action, etc.) — making privacy both a compliance obligation and a business imperative.
Accountability is about having the governance and controls in place to operationalize and demonstrate that the promises made about data processing activities are followed. Essentially, it’s making sure companies say what they do and do what they say (and no more).
At Cisco, we have both the legally required, comprehensive privacy statement published at www.cisco.com and Privacy Data Sheets with accompanying infographics providing more detail around the data in play when using specific products and services. These documents offer a plain language, visual representation of who, what, where, when, why, and how we protect privacy throughout the data lifecycle. These public documents are designed to eliminate surprise and give users comfort that their data is safe when using Cisco products and services.
While companies must respect and protect privacy, consumers also have an important role to play. There is no “one size fits all”. When it comes to sharing personal information, there’s a wide range in comfort level. Without being too paranoid, people must recognize the more they publish online, the more fodder is available for bad actors to exploit. Before we post things publicly, we need to think about both the intended use and how that same data may be misused (inadvertently or nefariously).
Here are some tips on keeping your family safe online. Download.

Source:: Cisco Security Notice

By Rajat Gulati The Changing Face of Cyber Security
Cyber Security is quite like an onion; it brings tears to your eyes! And we at Cisco have made it our mission to wipe those tears and put a smile back on your face.
But the onion analogy does not end there. Good Cyber Defense is architected in layers, much like the anatomy of the tear-jerking bulbous root. As the network expands beyond the traditional perimeter, so does the need to provide defense in depth. We all see the trend: The boundaries of the network are blurring, even as it is being called upon to process even larger amounts of data. To monitor the pulse of your network, you have to dig deeper to find answers to the questions such as “Who attacked us?” or “What was compromised, and when?”. Your security teams might break into a sweat dealing with this reality without help, as the attack surface continues to expand.
Gone are the days when a bouncer at the entrance of your bar (or your friend’s bar) could keep troublemakers out. Today, bad actors can seep in through other points of entry, or disguise (encrypt) themselves and walk right through the front door. They sometimes even enter in plain sight, especially if they are not on the most-wanted list (yet). How then do you protect against such elements from seeping through the cracks?
What you need, if you stay with the bar analogy just a little longer, is a ‘stealthy‘ manager monitoring the behavior of all entities on your premises, so that you can get alerted when something looks amiss. This trusted aid should be armed to receive inputs from multiple sources: all points of entry, as well as from folks working the floor itself.
Jump back now to the real world of IT infrastructure (unless you actually own a bar, you should still read on), and what you need is a method to monitor all your traffic, both inbound/ outbound and lateral, using a single analytical tool. By bringing together these critical sources of telemetry, you get a unified view of your perimeter and internal threats, not by manual or point-by-point correlation, but by automated and programmatic means. In this manner, you get complete end-to-end visibility into your network, with the ability to detect threats and indicators of compromise. Now, what if this capability was available without need for authoring lengthy configurations or complex rules, while requiring minimal care and feeding? All of this may to sound like a fantasy novel, but often times facts are stranger than fiction.
Welcome to Cisco Security Analytics and Logging
Cisco Security Analytics and Logging was born in the cloud, with simplicity and ease of use as a core design tenet. It has a self-evident name, and an equally simple goal in mind: aggregation of your disparate sources of telemetry into a single data store. Automated means of analysis (statistical, M/L and behavioral modelling) can then be performed on this combined data set, treating it as a single logical input. Since every aggregation effort must have a start point, Security Analytics and Logging’s kick-off candidates are the most voluminous telemetry producers in networks today:
Firewall logs, which keep track of every connection made, and well as any incidents encountered (IPS/IDS or File/ Malware), mostly at the perimeter.
Internal traffic telemetry produced by connections between network elements such as endpoints, switches, wireless access points, routers, etc. on your premises.
To bring together perimeter and internal telemetry, Security Analytics and Logging integrates two avant-garde SaaS products in Cisco’s security portfolio:
Cisco Defense Orchestrator, a cloud-delivered, SaaS-based solution that cuts complexity for consistent management of policies across Cisco security products.

Stealthwatch Cloud, a cloud-delivered, SaaS-based solution that provides end-to-end visibility, behavioral analysis, and threat detection across your private network, public cloud, and hybrid environments.

Now, you might wonder “Why stop there”? We hear you, and you are right; we are NOT stopping here. Rather, this is just the start. Security Analytics and Logging is being built out as an aggregator of data, to provide intelligence derived from desperate points in the network, treating them as a pool for analysis. The discerning mind will differentiate this as being different from the outcomes of say a SOAR, which correlates processed data, rather than crunching raw data. In this manner, the output of Cisco Security Analytics and Logging’s analyzed outcomes become a source of input for other Incident Response (IR) tools.
Tell me why we need this:
Bringing machine-scale analysis to human-scale understanding
This is how I would explain it to my Grandmother: Information is Power. The more information I can gather, the better equipped I am to arrive at the correct conviction of a threat. While I can gather convictions from numerous trusted inspectors, I can also gather my own raw data straight from the source and build my own point of view. The disadvantage of relying on others‘ convictions alone is that each of them may have a limited view of the world; perimeter only, endpoint only, content only, etc. What if I gathered all the information for myself, treating these various sources as sensors, and made my own conviction in addition? Am I better or worse off?
My smart grandmother would say, “Well, that depends on your ability to process all that information intelligently”. And she would be right; You need a best of breed analysis engine to do your intelligent tasks. It is for this reason that Security Analytics and Logging is powered by Stealthwatch Cloud’s advanced entity behavioral modeling and threat detection engine. We use a combination of behavioral modeling, multilayered machine learning, and global threat intelligence to automatically detect threats. For those amongst you who are already familiar with the magic of Stealthwatch Cloud, I know you must be eager to end the conversation with my grandmother, order Security Analytics and Logging, and head to your friend’s bar. Stay a little longer, and I promise that you will be on your way.
Visibility, Visibility, Visibility
It all starts with visibility. You cannot protect what you cannot see. Often times, you don’t even realize what it is that you should be monitoring. Therefore, when it comes to visibility, there are some more advanced questions that need to be addressed. These questions may come up in a conversation with your security budget office. We shall speak to some of those now:
Question 1 – Tell me what ‘accretive‘ outcomes I achieve by sending firewall logs to Security Analytics and Logging for Analysis?
That is a great question. First of all, behavioral threat detections are based on baselining of network behavior based on established patterns. This is widely considered a more dynamic way of detecting threats than static rules or content-based inspection methods. It may come as no surprise to anyone that notwithstanding the most robust IPS/DPI inspection policies and rules, suspicious behaviors continue to be detected inside networks. The key word to understand here is ‘accretive‘; it is by no means suggested that Cisco Security Analytics and Logging attempts to be or will ever replace other sensors such as firewalls. It does however certainly enhance the efficacy of the said sensors, by allowing correlation of anomalous behavior within your network, with the traffic that is associated with it. Such analysis may point to a potential data exfiltration or a compromised insider. As stated before, Security Analytics and Logging enables you to additionally monitor traffic generated between your internal network elements (endpoint to access points, between switches and routers, etc.). Your firewall may not be in the path of this traffic, so may not be able to provide the depth of visibility needed for making high-fidelity convictions.
Question 2 – Apart from Security alerts based on correlation of my firewall logs and Network traffic, does Cisco Security Analytics and Logging provide any other outcomes?
It certainly does. One of the primary use cases of storing NGFW logs is providing a historical and live view of said logs. NetSec operators love (?) sitting in front of these views and scrolling to troubleshoot based on connections that have occurred at a particular time with a particular IP address. With filters on search, Security Analytics and Logging fulfills this use case, providing real-time visibility of what is happening at your firewalls. What is more, this view is rendered within the CDO (Cisco Defense Orchestrator) user interface. Furthermore, since CDO is the curator of firewall tenants analyzed by Security Analytics and Logging, it is simpler to view logs in the portal that is used to manage those very devices.
Question 3 – If I am an existing Stealthwatch Cloud customer using my private network monitoring, what accretive value can I derive from Security Analytics and Logging?
Let’s break this down. A firewall connection log has visibility beyond what just network elements can provide. An example for this could be blocked connections, which will immediately show up in the event viewer in CDO. Filtering by all ‘blocks‘, the operator can plainly see the policies that was responsible for the block. This is just one example of numerous workflows /sources that contribute to enhanced visibility that results from Security Analytics and Logging.
Better efficacy with smarter security
With our new offering, get ready to leverage effective policy management with CDO powered by Stealthwatch Cloud’s advanced behavioral analytics, for total network visibility and faster breach detection. You can now make better security policy management decisions with greater visibility and threat detection capabilities across the firewall and network. As the biggest security company in the world, Cisco has committed itself to solving platform-level challenges that span all the points in your network.
The good news is that Cisco Security Analytics and Logging, is just starting up. The intent is to foster a new security paradigm, one that reduces risk and makes compliance easier; one that fuses your business and security architecture, that frees your workforce to focus their valuable time and energy on business objectives. This will empower them to think less about threats, and more about opportunities.
Time now to enjoy that drink. Cheers.
Click here to learn more about Cisco Security Analytics and Logging for more details on how we are raising the bar on network security.

Source:: Cisco Security Notice

By Bryan Doerr At Cisco, our customers drive what we do in security. Stealthwatch provides customers around the clock visibility, and a system that keeps up with changes in their IT environments. In a survey that was sent to over 10,000 Stealthwatch customers, we were able to identify what sorts of security challenges are top of mind. Next, we examined how we could address these issues in the most helpful way. Stealthwatch provides users a comprehensive look into their security network. It reaches every port, host and every single individual threat that poses a security breach. Here is a breakdown of the most important takeaways from our research:
1. Lack of visibility was the top challenge that led our customers to Stealthwatch
Lack of visibility, insider threats, and the inability to conduct in-depth network analysis were the top three challenges for our customers and lack of visibility led the group. Those reasons haven’t changed much over the 17 years Stealthwatch has been in the market! Stealthwatch provides visibility across the enterprise network, from on-premises to cloud deployment. Further, it applies behavioral modeling and machine learning to generate alerts like data hoarding and data exfiltration, both of which are key indicators of insider threats. Stealthwatch is also able to store network telemetry long-term so that a security team can easily investigate incidents that have occurred in the past. As a result, Stealthwatch helps customers face these challenges head on. 74% of Stealthwatch customers agreed that Stealthwatch is a must have component of their network security. This number means we are doing our job!
2. Customers want a solution that integrates into their network and security stack
Our customers love the synergy between Cisco technologies. In fact, 67% believe that this is the #1 reason to choose Stealthwatch. Integration with Cisco products ensures that customers maximize their investment and ensure optimal operation of their network. Comprehensive visibility, ability to analyze encrypted traffic without decryption, and scalability were some other reasons why customers chose Stealthwatch. Stealthwatch consumes various types of telemetry from the network, endpoint, cloud and data center, and uses advanced analytics infused with Cisco Talos threat intelligence to find hidden threats. The survey identified Encrypted Traffic Analytics and integration with Identity Services Engine (ISE) as Stealthwatch’s most important features. The new Visibility Assessment app, which provides visibility into the overall network health, was also highly rated. In addition to summarizing traffic and conditions on the network, this app allows generation of a PDF security status report for senior management who typically don’t use the Stealthwatch dashboard.
3. Multi cloud and hybrid cloud are becoming increasingly common, bringing new security challenges
More than 95% of Stealthwatch on-premises respondents have deployed or are planning to deploy one or more cloud platforms spanning across Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. Our SaaS (software-as-a-service) offer, Stealthwatch Cloud, can monitor all these environments by consuming native cloud telemetry such as VPC (Virtual Private Cloud) flow logs and NSG (Network Security Group) flow logs. In addition to disruption in service, cloud-related breaches can result in huge bills due to its pay-as-you-go pricing model. Customers understand that they need to secure their cloud network. Stealthwatch Cloud allows them to use a single security tool to do so. Customers identified unauthorized access, data loss, insider threats and misconfigurations as common cloud security challenges. Stealthwatch Cloud detects all these incidents.
4. Forensic analysis to determine the source and impact of the threat is one of the key use cases
Because Stealthwatch casts such a wide net on an organization’s network, it can address a number of different use cases. Interestingly, the top one mentioned by customers was the ability to investigate sources of threats through network audit trails. Stealthwatch can store network telemetry for long periods, allowing for forensic analysis related to past and current events. The intuitive flow search capability and included contextual information related to threat detections are presented within the user interface (UI), which helps accelerate incident response.
Other ways in which Stealthwatch helps our customers is the visibility it provides across users, devices and applications connecting to the network – who are they and what they are doing. Using this visibility, Stealthwatch can detect advanced threats quickly before they turn into a high-impact breach. Customers also love the fact that they can extend their existing network investments to improve security by seamlessly integrating Stealthwatch into their environment. Additionally, many customers use Stealthwatch to simplify their segmentation strategy. With the visibility it provides, Stealthwatch can help define effective security policies and trigger events when policies are violated using custom security events. Allowing customers to check assumptions related to normal network traffic is a key segmentation benefit offered by Stealthwatch.
5. Stealthwatch discovers a broad spectrum of security threats for our customers.
Lastly, customers provided feedback on the kind of things Stealthwatch has discovered in their environments:
Threats in encrypted traffic like malware/spyware (C&C) connections
Cryptomining activity
WannaCry campaigns
Configuration changes
Legacy devices that were thought to be disconnected from the network
Suspicious behavior
Security policy violations

The Stealthwatch team is committed to improving based on feedback from our customers. We thank all of our survey respondents.
You can find the detailed customer research and testimonials from this year as well as past surveys here.
To learn more about Stealthwatch, go to: https://cisco.com/go/stealthwatch or sign up for our free visibility assessment.

Source:: Cisco Security Notice

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Oct 11 and Oct 18. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More
Reference:
TRU10182019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Oct 4 and Oct 11. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More
Reference:
TRU10112019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice