Archiv für die Kategorie: Cisco Security Notice

By Gabrielle Bridgers Gartner’s Market Guide for Email Security 2019 reaffirms that an increasing number of organizations are migrating their email platforms to the cloud. According to Gartner, “by 2021, Gartner expects 70% of public and private companies to be using cloud email services.”1 But, that access to email from anywhere and on any device means it is essential that organizations protect themselves from increasingly prevalent threats.
To combat threats most effectively, Gartner recommends that, “Security and risk management leaders must adopt a continuous adaptive risk and trust assessment mindset to protect inboxes from exposure to increasingly sophisticated threats”. Gartner states further, “Adopt a CARTA strategic approach to email security by layering inbound, outbound, and internal detection and remediation capabilities.” The CARTA inspired email security architecture is dynamic and robust. Instead of simply protecting at the perimeter, this architecture is always evaluating and detecting, and subsequently, learning and changing.
In that vein, and because email is such a prominent attack vector, Gartner specifically states that “Security professionals have known for years that, due to its importance as an attack vector, email security requires a layered approach.” We believe Cisco’s Cloud Email Security (CES) fully represents this model of protection. The foundation of the solution is Talos, a globally recognized threat research team providing real time threat intelligence. Using that telemetry, CES responds to evolving threats and keeps cloud-based email safe and productive by stopping phishing, spoofing, business email compromises and other cyber threats. Additional subscription services provide the complementary layers that create the comprehensive protection the solution provides. We believe, exemplifying Gartner’s CARTA approach, these layers address the four key areas of protection and according to Gartner, “Email security refers collectively to the prediction, prevention, detection and response framework used to provide attack protection and access protection for email.” These subscription products include multifactor authentication using Duo, Advanced Malware Protection (AMP), Advanced Phishing Protection and Domain Protection.
We believe, the CES solution mirrors Gartner’s guidance of layering inbound, outbound, and internal detection and remediation capabilities.

To help determine which combination of cloud email security products might work best for any organization, we believe, a thorough analysis of existing email security products to understand the current solution’s capabilities completely. Gartner recommends, “Leverage incumbent email security products by verifying and optimizing their capabilities and corresponding configurations. This will serve as the start of a gap analysis to determine where supplementation or replacement may be required.” The Cisco Threat Analyzer for Office 365 quickly detects security gaps in Office 365 email inboxes to provide visibility into threats that may have gone undetected and identify security vulnerabilities.
In addition, to support this growing cloud email platform user base, Cisco Email Security now has data centers with global coverage located in North America, Europe and Asia. These locations allow for local customers to satisfy data access and sovereignty requirements in their specific regions and provide the confidence that their data will remain within region. For those install base customers using an on premise or hybrid solution, this global coverage gives them the peace of mind for migrating from on premise to cloud email.
Understanding the gaps within a current system provide the clearest direction for implementing the most effective email security protections going forward. Cisco Cloud Email Security provides a method for that analysis and a robust layered solution for a comprehensive email security defense. As businesses transition to cloud, email capabilities bring new threats and opportunities that can only be addressed by a complimentary security solution from Cisco Email Security. This layered approach of products and services shows the power of the Cisco Security portfolio.

For the full findings from Gartner, read the report here. And if you’re ready to get started with Cisco Email Security consider our free, 45-day trial.

1 “Public companies‘ unstoppable march to cloud continues with almost 25% — of any size, industry and region — having moved to a cloud email platform. Application leaders can use this research to evaluate Google G Suite and Microsoft Office 365 as cloud email solutions, and to guide deployment plans.” (See “Survey Analysis: Cloud Email Adoption Growth Continues but With Large Regional/Industry Variations.”)
Gartner, Market Guide for Email Security, 6 June 2019, Peter Firstbrook, Neil Wynne

2Cisco 2019 Email Cybersecurity Report
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available for viewing by clicking this link.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Source:: Cisco Security Notice

By Talos Group Modern automobiles contain hundreds of sensors and mechanics that communicate via computers to understand their surrounding environment. Those components provide real-time information to drivers, connect the vehicle to a global network, and in some cases use that telemetry to automatically drive the vehicle. Like any computer, those in vehicles are susceptible to threats, such as vulnerabilities in software, abuse via physical-access, or even allowing remote control of the vehicle, as recently demonstrated by Wired and a DARPA-funded team of researchers.
During a recent engagement, the Connected Vehicle Security practice identified a gap in tooling for automobile security assessments. With ease-of-use, modern car computing requirements, and affordability as motivating factors, the Connected Vehicle Security practice has built and is open-sourcing a hardware tool called “4CAN” with accompanying software, for the benefit of all automobile security researchers. We hope 4CAN will give researchers and car manufacturers the ability to test their on-board computers for potential vulnerabilities, making the vehicles safer and more secure for drivers before they even leave the lot.
Check out the complete FAQ here.

Source:: Cisco Security Notice

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Aug. 9 and Aug. 16. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More
Reference:
TRU08162019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice

By Scott Pope “Relax” and “security” are not often found in the same sentence. There is not much about the current threat environment that elicits relaxation.
But in this era of mindfulness and getting focused, Cisco has done just that. We have put a single-minded focus on integrating our own security portfolio so that we close attack vectors and decrease deployment complexity. And we have also forged pathways for integration with our security products so that your multi-vendor security environment can work in unison to focus on the same problem set, together.
Today we welcome 15 new industry partners with 20 new product integrations to the Cisco Security Technology Alliance(CSTA)–Cisco’s security development, integration and certification framework. CSTA is focused on enabling product integrations that deliver easier and better security in multi-vendor deployments. There are now over 175 development partners representing 300+ product-to-product integrations in CSTA. See details of the new partners and product integrations below.
Customers can integrate existing technology with Cisco security products to improve security telemetry, prioritize the urgent alerts, streamline workflows and get better security outcomes. No two customer environments are alike and that’s why we have built a customizable integration framework for nearly every product in the Cisco security portfolio. We’ve also got a talented services team that can help implement all of this, from a small integration to a turnkey solution.
In other big news, the Cisco Platform Exchange Grid (pxGrid) security integration framework is now the foundation of an IETF-approved Internet standard. Read all about it Here
Here’s a summary of what’s new:
New Cisco Advanced Malware Protection (AMP) for Endpoints Integrations
Using the Cisco AMP for Endpoints APIs partner integrations provide analysts with rich threat information and actions on endpoint events like retrieving endpoint information, hunting indicators on endpoints, searching events, etc. Panaseer, JASK, IBM BigFix and IBMResilient are 4 integrations that are now available for AMP for Endpoint customers to integrate with. These integrations collect all AMP for Endpoint event data via the streaming API for correlation or other uses.
New Cisco Cloud Security Integrations
The Cisco Cloud Security ecosystemalso expands with more integrations. BlueCat and NS1 are DDI solutions that integrate and share DNS context with Cisco Umbrella. EclecticIQ and JASK now integrate with Umbrella to enrich their domain context.
Bringing 3rd Party Threat Intelligence into Cisco Next-Gen Firewall
By ingesting threat intelligence from 3rd party threat feeds, Cisco Threat Intelligence Director (CTID) capabilities in the Cisco Firepower Next-Gen Firewall correlate threat intelligence with events in the Firepower Management Console, simplifying threat investigation. CTID has a new integration with Seclytics.
Multi-Vendor Threat Event & Platform Management for Cisco Next-Gen Firewall and ASA
Cisco Firepower and ASA have new partner integrations. AppviewX uses the ASA Management API to manage ASA policies. Firesec’s SOAR platform now supports both Firepower and ASA. Picus identifies security gaps and exposures now supports Firepower.
Cisco ISE Partners being added
The Cisco pxGrid ecosystem is adding 4 new partner integrations to its long list of integrations.
CyberX joins the IoT visibility partners providing enhanced visibility of IoT devices on the network. Nyansa Voyanceprovides IoT threat defense by using ISE to take RTC actions. Smokescreen joins the Deception technology vendors with its IllusionBLACKproduct integrating its decoys and ISE to take remediation actions. Panaseer Smart Inventorywhich provides visibility into risk integrates with ISE to enhance its context of the endpoints. Besides the above pxGrid partners, Noovus Apolois a custom application which integrates with ISE to provide Service Provider customers with an easier method to automate operational functions with ISE.
Cisco Security Connector (CSC) Integrations
Cisco Security Connectorfor Apple iOS provides organizations with the visibility and control they need to confidently accelerate deployment of mobile devices. CSC is the only Apple approved security application for supervised iOS devices, and integrates with best-in-class MDM/EMM platforms. CSC now adds support for InventIT’s MobiConnect.
Sharing Cisco Threat Grid Threat Intelligence
Using the powerful and insightful Cisco Threat Grid API, a new integration in the Cisco Threat Grid ecosystem being announced with Minerva.This integration simplifies threat investigation for our joint customers by incorporating Threat Grid threat intelligence directly into the Minerva platform.
Cisco Threat Response Integrations
Cisco Threat Response automates integrations across select Cisco Security products and accelerates key security operations functions: detection, investigation, and remediation. It also has support for 3rdParty products through its API. Signal Sciences a next-gen WAF and RASP solution now integrates with CTR.
For details on each partner integration in this announcement, please read through the individual partner highlights below.
Happy integrating!
More details about our new partners and their integrations:
[1]New Cisco Advanced Malware Protection (AMP) for Endpoints Integrations
We are announcing two new integrations with IBM Security:
The Cisco AMP4EP integration with IBM Big Fix enables customers to deploy, manage and upgrade AMP connectors quickly in one unified solution; for deeper visibility and control of endpoints. Security and infrastructure teams can track and upgrade AMP4EP across the environment and multiple operating systems (OS); and perform service-related tasks such as reboot computers, start and stop services, enable debug logging, cache clearing and creating support packages. The app includes graphic-rich reporting displaying overviews of the environment; where the AMP connectors are installed and different connector versions, across OS types.
The Cisco AMP4EP integration with IBM Resilient combines enrichment and containment in one consolidated tool; providing the actionable insights needed to accelerate threat detection and incident response. Analysts within Resilient can investigate AMP4EP events for possible malicious activities. Security teams can then automatically pull findings into an incident, rapidly drill down on a threat detected for further analysis and quickly quarantine any malware detected.
JASK ASOC platform seamlessly ingests logs and alerts from Cisco AMP4EP. With this out-of-the-box integration, mutual customers enjoy better context of the endpoint alerts created by AMP4EP. As a SIEM, JASK correlates this data with all other data-sources in the SOC – network, logs, IAM, Threat Intel feeds and more. JASK then automates the triage process by creating Insights – correlated, aggregated, prioritized group of alerts – serving as a real call-for-action for the SOC analyst. This is all done in a cloud-native environment that allows infinite scalability.
The Panaseer Platform enables CISOs and security leaders to quantify business risk and get a grip on RoI. And, by giving analysts the power to model data at scale and freeing IT teams from firefighting it drives continuous, enterprise-wide improvement. The Panaseer Platform fully integrates with Cisco AMP for Endpoints to extract device and event information, feeding the Anti-Malware and Device Inventory data models and enabling end-users to summarize and explore the performance and coverage of AMP for Endpoints.
[2]New Cisco Cloud Security Integrations
Cisco Umbrella uses DNS to block malicious queries at the network boundary and in the cloud, providing a strong external defense. BlueCat offers similar control at the device level by acting as the “first hop” recursive server, applying security policies to DNS activity right at the source of a query. The integration provides source IP and other contextual data from BlueCat to Cisco Umbrella. Data sharing between the two applications provides a consistent, unified approach to DNS-based security which touches every relevant point on the network.
The EclecticIQ Platform is an analyst-centric threat intelligence platform based on STIX/TAXII. By integrating with Umbrella analysts can quickly discern threats and attribution intelligence from observables used in active campaigns as the cloud-based enricher provides information relating domains, IP addresses and file hashes. The integration enables analysts to dynamically build a repository of intelligence relating to domain activity.

JASK ASOC platform seamlessly ingests logs and alerts from CISCO Umbrella. With this out-of-the-box integration, our mutual customers enjoy the better context of the DNS & IP layer, proxy and C&C alerts created by CISCO Umbrella: as a SIEM, JASK correlates this data with all other data sources in the SOC – endpoint, network, logs, IAM, Threat Intel feeds and more. JASK then automates the triage process by creating Insights – correlated, aggregated, prioritized group of alerts – serving as a real call-for-action for the SOC analyst. This is all done in a cloud-native environment that allows infinite scalability.

NS1 is a modern DDI solution that integrates with Cisco Umbrella to offer a unified solution to support agile application deployment and delivery while protecting your most critical assets. Easy to use and simple to manage, the integration allows customers to get the best of intelligent DNS traffic steering behind the firewall while protecting outbound queries with Umbrella security. Designed to be API-first, NS1 delivers flexible, next-generation DNS solutions that solve complex performance, traffic management, and automation challenges. With Cisco Umbrella’s predictive and analytical approach to security, DNS becomes a control plane for the modern enterprise.
[3]New Cisco Threat Intelligence Director (CTID) for Firepower Integrations
Seclytics uses science to identify the origin of attacks 51+ days before they strike. We use patent-pending science to hunt adversaries in the wild during their precrime setup stages, resulting in over 5,000 unique adversary profiles to date. Continuous surveillance ensures we know when they go live on day zero and remove the element of surprise – leveling the playing field for the first time. Our SaaS-based platform uniquely provides prevention at the precrime stage, at zero day when they go live and beyond. The Seclytics Attack Prediction feed has been certified to work with Cisco Firepower’s Threat Intelligence Director benefiting joint customers. To see how Seclytics uses Science to save you time, money and risk, please visit Seclytics.
[4] New Cisco Firepower Next-Gen Firewall Integrations
AppViewX has integrated with Cisco ASA beginning from version 8.4 till the latest 9.9.2 version. Similar to other vendor firewalls once Cisco ASA is added in the inventory, all the Security policies, Objects, NAT rules are downloaded and saved in AppViewX database. Users can view, compare all the downloaded configuration through the centralized AppViewX console and any configuration changes can be done. AppViewX has the intelligence to find out any configuration changes done in Cisco ASA and updates the database with the help of Syslogs.
Firesec is a Security Analysis and Orchestration platform. It is designed solve problems of these personas – CISO, Security Consultant, Security Auditor and Network Administrator. It is an automated solution for security configuration analysis and compliance readiness. It supports a wide variety of firewalls and helps enhance the security of your network as well as significantly speed up compliance to standards such as PCI DSS, CI Security Benchmarks etc., It offers flexible options to perform network device configuration analysis and has both manual and automatic mechanisms to collect the configuration information from Cisco ASA version 8 and up, Cisco IOS version 12.0 and up, Cisco Firepower version 6.
Picus Platform continuously assesses corporate defenses to reveal security gaps, provides a measurement dashboard clearly displaying the live security status and goes beyond current offerings in the market to proactively suggest fixes and mitigate threats. When Picus identifies a potential exposure on a Cisco Firepower platform in a customer environment, options for quick mitigation actions are immediately provided. This approach assures that Cisco Firepower feature set and policy options are fully and continually utilized, and that the best possible resilience is offered against emerging cyber-threats in real-time.
[5]New Cisco pxGrid Integrations
Using patented technology, CyberX provides IoT & ICS Asset Discovery, Risk & Vulnerability Management, Continuous IoT & ICS Threat Monitoring, Incident Response & Threat Hunting, Unified IT/OT security monitoring and governance, and IoT & ICS Threat Intelligence. Network administrators and SOC analysts who use Cisco ISE and CyberX together bring identity management and security policy creation capabilities in ISE to assets in the IoT and ICS environments.

Nyansa Voyance IoT Security solution is an agentless security platform for IoT and unmanaged critical devices that collects data passively. Voyance integrates with Cisco ISE via pxGrid for active threat containment, by isolating the host machines where malicious activity has been observed.

Noovus Apolo is a front-end web application that automate operational functions when ISE is the RADIUS/AAA server. Integrating via the Cisco ISE ERS API, Apolo allows a non-admin user to automatically update user’s passwords, personal information, notify alarms and others.
Panaseer is the first Continuous Controls Monitoring platform to give CISOs visibility of all assets, and the confidence that security controls are working effectively. Panaseer’s integration with Cisco ISE supplements Panaseer’s Smart Inventory with network contextual data. Panaseer uses device attribute information from a variety of sources to create a comprehensive baseline with which to accurately measure the coverage of their security controls, enabling visibility into their greatest risks.

Smokescreen is a deception platform which uses a combination of machine learning and deception to detect cyberattacks that bypass the protection mechanisms. Smokescreen integrates with Cisco ISE via pxGrid for active threat containment, by isolating the host machines where malicious activity has been observed.
[6] New Cisco Security Connector Integrations
InventIT’s MobiConnect manages the Cisco Security Connector application with and its associated functions, Cisco Umbrella and Cisco AMP Clarity to supervised iOS device. Cisco Umbrella and Cisco AMP Clarity with MobiConnect can provide a view of application behavior and protects devices against malicious sites. MobiConnect can deploy Cisco Security Connector applications and profile to devices.
[7]New Cisco Threat Grid Integration
Minerva Labs‘ innovative endpoint security solution protects enterprises from today’s stealthiest attacks without the need to detect threats first, all before any damage has been done. The company’s Anti-Evasion Platform deceives malware by controlling how it perceives its environment, blocking unknown threats that evade existing defenses. Without relying on signatures, models or behavioral patterns, the Anti-Evasion Platform causes malware to disarm itself, thwarting it before the need to engage costly security resources. Minerva’s Anti-Evasion Platform integrates with Threat Grid to automatically identify mutex-based infection markers to protect endpoints.
[8] New Cisco Threat Response Integrations
With its next-gen WAF and RASP solution, Signal Sciences protects over 10,000 applications and over a trillion production requests per month. Signal Sciences‘ patented architecture provides organizations working in a modern development environment with comprehensive and scalable threat protection and security visibility. With the integration, an analyst can analyze and correlate event data using context from Cisco Threat Response; open a case to collect and store key investigative information, orchestrate resources for incident response, and manage and document progress and findings; and take corrective actions in other Cisco products to remediate and address the threats across the security stack by monitoring, filtering, and blocking known attackers.

Source:: Cisco Security Notice

By Andrew Turner In my last blog, I examined the state of cybercrime, fraud, and the losses associated with it. It was also in that blog that I brought up a particular threat that has caused more than $1 billion dollars in losses last year and shows no signs of slowing down. So, what is this increasingly expensive and evolving threat? Ransomware? Insider Threats? Nation-State Attacks?
Email.
That’s right, the technology that was new and exciting in the 1990s that has now become a standard part of our day-to-day lives. But cybercrime is a business, and when you can make this much money this easily why would you change? After all, every business has email so there’s no need to research if your potential victim is susceptible to the threat vector. In many ways, it’s the most ubiquitous of all potential attacks (except for DNS, as it’s so widely deployed). This is in part, one of the reasons email attacks remain an evergreen source of profit for cybercriminals.
After all, when there are so many new technologies, techniques, and threats rolling out onto the enterprise from shiny new areas like cloud and IoT, who wants to focus on the more mundane things like email? And yet, we continue to see threat actors target this legacy attack vector, with the FBI estimating losses of $1.4 billion in 2018 alone!
So now that we’re aware of how big of a target and money maker email is for cybercriminals, what do we do to defend ourselves? Well, it all starts with a shield dropped in front of your email in the form of the Secure Email Gateway (SEG). This shield helps identify and protect against phishing, ransomware, and fraud, as well as the classic spam and graymail.
Now some of you may have had SEGs deployed in the past and have since moved to a cloud email provider. As a result, you might think you don’t need them anymore. In fact, the 2019 CISO benchmark study showed the number of people using email security declined from 56% to 41% within the last 5 years. And this is a good example of where a lack of focus on current and continuing threat from email can be an issue. With any solution in the cloud, email or otherwise, it is important to bear in mind what the roles and responsibilities of the cloud provider and you, as the customer are. In a large number of cases, the cloud provider’s primary focus is on the scalability and availability of the platform, followed by the security of the platform and the infrastructure itself to ensure there are no breaches between tenants. The actual security of the customer data being held in the cloud remains a tertiary or in some cases unimportant concern for the cloud provider.
After all, we have all seen many examples of cloud databases or other sensitive customer data stores that have been left wide open because of enterprises failing to understand what the responsibility of the cloud provider is and what is their responsibility. As an example, GrayhatWarfare built a searchable database in 2018 of open S3 buckets that has already grown from its original number of 48,623 to 90,523!
Furthermore, our adversaries are continuing to ramp up their efforts. In the latest Cisco Cybersecurity Report, Talos threat researchers discovered that the number of new phishing domains has increased 64% from January through March 2019. It’s critical that if you are going to take advantage of the benefits of cloud email that you fully and completely understand what exactly you are getting in terms of security for your actual users. Ask difficult questions of your providers, do not accept vague assurances, and conduct detailed proof testing as you would for any other procurement decision. Remember that it is perfectly possible to move to a cloud email solution and also deploy additional SEGs to protect it. It’s not an either/or deployment model and you should evaluate your defense strategy on that basis. In a 2018 ESG study on email, 43% of existing cloud email users said they felt they needed to add supplementary security controls from a third-party.
In fact, Cisco’s email solutions have been designed from the ground up to be flexible in their deployment. Whether your needs are for an on-premise SEG, a cloud-based email solution, or to augment your existing cloud email providers security, the Cisco Email Security portfolio has you covered. This flexibility was just recognized in the recent Forrester wave report that called out this exact point when mentioning Cisco as a leader in securing email.
Furthermore, we recognize the challenges around understanding the effectiveness of your existing email solutions and have endeavored to make it easy for you to work with our technology and people to quantify your current solution’s capabilities and its risk. After all, as Sun Tzu said the 6th century BC, “If you know yourself and you know the enemy, you need not fear the result of a hundred battles.” As true then as it is now for a company running a 90’s era technology like email alongside more modern-day network innovations like the cloud!
It is the realities of such hybrid technology deployments that drive us to leverage the latest developments within the email portfolio. Whether it’s encryption technologies such as DANE, spoofing protection from SPF/DMARC, or leveraging machine learning and artificial intelligence to prevent advanced phishing, Cisco is committed to meeting the challenge of securing email for today and the future.
In the next blog I’ll be going through some of these technologies and how they protect you, your employees, and your business. And if you’re looking for further reading on some of the latest attack techniques and trends associated with email security, I recommend you read the latest Email Cybersecurity Report.
Did this post resonate with you? Did your organization migrate to the cloud fully aware of the security capabilities within your solution? I welcome your comments below.

Source:: Cisco Security Notice