Archiv für die Kategorie: Cisco Security Notice

By Don Meyer The applications we need to do business are no longer just residing in a single, physical data center. Sure, there are some applications running in your on-premises data center. But some are also running in offsite data centers. Or in your private cloud. Or on Amazon Web Services. Many are likely moving in between these various platforms on a regular basis – for example, from on-prem to cloud, and back.

Recent research conducted as part of our CISO Benchmark Survey indicates that organizations are deploying roughly a third of their new technology via physical infrastructure, a third virtually, and another third in the cloud. So how do we effectively control and secure this new, dynamic environment without hindering productivity and user experience?
Moving Security Closer to the Application
Due to the shifts in the way organizations deploy and access applications, the concept of application security must expand. It’s no longer just about testing for software vulnerabilities (though, that is of course part of it). Today’s application security must be multi-faceted, taking into account concepts including visibility, segmentation, access control, performance monitoring, and more. Many of the security concepts already applied to the network must now also be applied directly to the applications themselves.
This week at Cisco Live, we are unveiling our new approach to this challenge, called Cisco Application-First Security.
Cisco Application-First Security for 360°Application Protection
Cisco Application-First Security is designed to leave no stone unturned when it comes to protecting an application. It combines several of our security products into one holistic solution for making sure applications are protected no matter where they go and how they are used. Application-First Security allows organizations to:
See which applications are running and what they are doing – regardless of where they are – to baseline behaviors and uncover any software vulnerabilities or suspicious processes.
Enable automated microsegmentation and application whitelisting to minimize the spread of attacks laterally throughout the data center and network.
Enforce security policies at scale, for thousands of applications, and across hybrid, multi-cloud data centers – without impacting reliability and performance.

Cisco Application-First Security helps you secure your applications running anywhere at the speed of your business with protection that is continuous, adaptive, and closer to the applications. This Application-First Security model allows you to confidently move your business in any direction you demand with security being an enabler for your development teams. With greater insight and control over your applications, you are able to make intelligent decisions, achieve compliance, and reduce risk.
Our new Application-First Security solution consists of the following products:
Cisco Tetration
Cisco Tetration provides holistic workload protection for multi-cloud data centers. It automatically discovers and baselines application behaviors and dependencies, then generates policy for microsegmentation. Policies are enforced at scale, consistently across workloads. Tetration can also track behavior changes to keep the policy up to date as applications move and evolve.
The Tetration platform can also detect issues such as software vulnerabilities, process behavior anomalies, and malware. If issues are identified, it can proactively quarantine servers and block communication. Tetration enforces policy across thousands of applications and hundreds of millions of policy rules – and across bare metal servers, virtual machines, and containers.
Cisco Stealthwatch Cloud
Visibility into the rest of the network is just as critical as application visibility. Cisco Stealthwatch Cloud is a SaaS service that provides complete visibility into network and cloud traffic. It collects telemetry data across the entire network to automatically monitor traffic and identify anomalies that could signify risk – even in encrypted communications.
Stealthwatch can uncover both known and unknown, internal and external threats, improving incident detection and response. In addition to monitoring on-premises infrastructure and private clouds, Stealthwatch can monitor all public cloud environments including Amazon Web Services, Google Cloud Platform, and Microsoft Azure.
Duo Beyond
Duo Beyond from Duo Security (now a part of Cisco) allows you to: 1) identify corporate versus personal devices trying to connect to your environment, 2) block untrusted endpoints, and 3) give your users secure access to internal applications without using VPNs. Duo Beyond expands secure access past traditional, perimeter-based network security with the power to grant access to any application, to any user, from any device, while maintaining security.
With Duo Beyond, you can:
Differentiate between corporate and personal devices.
Limit sensitive data access to only corporate devices.
Limit remote access to specific applications without exposing the network.

AppDynamics
Security and performance go hand in hand. It’s crucial to verify that thorough security measures do not result in a slower network. That’s why our Application-First Security solution includes powerful application performance monitoring from AppDynamics, now a part of Cisco. AppDynamics provides details needed to quickly resolve issues, make user experience improvements, and ensure that applications are always meeting performance expectations – even in the most complex, multi-cloud environments.
Get Started
In today’s threat environment, no one solution can protect corporate infrastructure. Together, the above products provide the visibility and control needed to quickly identify and remediate attack attempts or other risks to application security. Application-First Security also works in conjunction with the rest of Cisco’s comprehensive security portfolio.
Get started on the path to effective, application-first security. And find out how South Africa’s oldest bank powers and protects its data center and applications with Cisco – decreasing problem resolution time from tens of hours to just minutes.

“In addition to security, visibility, and availability, Cisco technologies give all of us the ability to sleep at night.” – First National Bank, South Africa
Subscribe to our Cisco Live blog series to stay updated on all of our Cisco Live 2019 announcements.

Source:: Cisco Security Notice

By Jolene Tam Overwhelmed by the sheer volume of security alerts and potential threats hitting your SOC? Security risks have never been greater, with networks expanding into the cloud, the explosion of mobile and IoT devices, and increasingly sophisticated threats. On top of that, disparate security tools make it tougher to find and remediate threats, especially when you’re under attack and time matters most.
So how can you stay ahead of threats? Enter Cisco Threat Response, a tool that was created to help SOC analysts simplify and speed threat detection, investigation, and remediation from a single interface.
This week at Cisco Live, we’re excited to share continued innovations from Threat Response designed to make your life even easier.
1. Introducing our integration with Cisco Firepower NGFW
You may know that Threat Response is already integrated across multiple Cisco Security products – AMP for Endpoints, Threat Grid, Umbrella, and Email Security. In the coming weeks, you will be able to analyze and triage high priority IPS alerts in Threat Response and enrich these IPS events alongside data from other integrated products. This means streamlined threat investigations with a fuller picture of the impact across your network, all from a single console.
Join us at Cisco Live to get a preview of this exciting integration. You can see a live NGFW with Threat Response integrated demo at the Cisco Security booth in the World of Solutions. In the meantime, check out this new episode of ThreatWise TV that showcases how Firepower events are integrated into Threat Response.
2. Learn how to enhance your existing SIEM and SOAR tools with open APIs
Threat Response isn’t trying to replace the SIEM or SOAR you’ve already got; rather you can leverage our open APIs for 3rd-party integrations to complement your existing security stack. Script up your own integrations to automate data enrichment and response actions across multiple security products, all in a single interface for a seamless workflow.
At Cisco Live, get your learn on and get hands-on in the DevNet Zone:
DEVNET-2505– Automate your threat hunting workflow with Cisco Threat Response APIs – Presented by Christopher Van Der Made.
DEVWKS-2639– Security Research and Response Workflows with APIs – Workshop with Neil Patel.
3. Use our browser plug-ins to access threat intel and kick off investigations now
Still haven’t leveraged our APIs or you’re using non-Cisco security products? Don’t worry, you can still use Cisco Threat Response thanks to our browser plug-ins for Chrome and Firefox. In seconds, you’ll be able to pull threat intelligence to get verdicts on observables and start investigations.
You can see the Threat Response browser plug-in in action in demos and breakout sessions at Cisco Live. We’ll show you how you can pull threat data from sources like Talos and take actions without native integrations.
Demos across the Cisco Security booth in World of Solutions.
BRKSEC-2433– Threat hunting and incident response with Cisco Threat Response – Breakout session with Ben Greenbaum.
Additionally, you can check out Threat Response elsewhere on the ground in San Diego:
More integrated demos at the Cisco Security booth in World of Solutions
AMP for Endpoints
Email Security
Umbrella theater sessions: Umbrella Investigate, Umbrella and AMP for Endpoints
Hands-on Labs
LABSEC-1012– Threat intelligence, security investigation, incident response with Cisco Threat Response – Sunil Kumar and Vivek Singh
LTRSEC-2200– You Got Hacked! Here is What to Do (AMP4E, TG, Splunk, CTR, CTA)
– Karel Simek, Michal Svoboda, Ben Greenbaum
Roadmap
CCP-1302– Roadmap: Endpoint Security – Cisco Customer Connection Program session with Snehal Patel (CCP membership required – it’s free to join, sign up here)
Come see why there’s so much buzz around Threat Response at Cisco Live this week. Holler at me on Twitter @jolenetam if you’ll be around! Until then, learn more at http://cisco.com/go/ctr.

Source:: Cisco Security Notice

By Ben Nahorney Let’s be honest: administering email is a pain. Routing issues, disk quotas, bouncebacks, the times when users can send but not receive emails, receive but not send, or they flat out cannot send or receive—the list goes on.
It’s no wonder that email-hosting services like Office 365 have become so popular. Such cloud-based email services remove a lot of the headaches caused by email configuration. They even include basic security features, meant to keep users safe from the latest threats.
They also provide options to simplify the user experience. Users can go directly to an Office 365 web page, enter their company credentials and log right into their email accounts from anywhere they like.
Take all this into account, add the reduction in costs that cloud email solutions often bring, and it sounds like the perfect solution. As a result, the use of services like Office 365 has skyrocketed.
Attackers have taken notice
Of course, its popularity has led to malicious attacks. Attackers are crafting and launching phishing campaigns targeting Office 365 users. The attackers attempt to steal a user’s login credentials with the goal of taking over the accounts. If successful, attackers can often log into the compromised accounts, and perform a wide variety of malicious activity:
Spread malware, spam, and phishing emails from within the internal network.
Carry out tailored attacks such as spear phishing and Business Email Compromise.
Target partners and customers.
At first glance, this may not seem very different than external email-based attacks. However, there is one critical difference: The malicious emails sent are now coming from legitimate accounts. For the recipient, it’s often even someone that they know, eliciting trust in a way that would not necessarily be afforded to an unknown source. To make things more complicated, attackers often leverage “conversation hijacking,” where they deliver their payload by replying to an email that’s already located in the compromised inbox.
Figure 1 – An example Office 365 phishing email.
Reconnaissance attacks
However, there’s so much more that an attacker can do besides sending emails. Once an attacker has access to a legitimate mailbox, they can also do the following:
Obtain global company email address lists.
Scan mailbox for other credentials, personal information, or company information.
Attempt to gain further access to company resources.
These activities can go unnoticed, simply because the attacker is gathering information while logged in using authorized credentials. This gives the attacker time for reconnaissance: a chance to observe and plan additional attacks. Nor will this type of attack set off a security alert in the same way something like a brute-force attack against a webmail client will, where the attacker guesses password after password until they get in or are detected.
The attack chain
The methods used by attackers to gain access to an Office 365 account are fairly straightforward. The phishing campaigns usually take the form of an email from Microsoft. The email contains a request to log in, claiming the user needs to reset their password, hasn’t logged in recently, or that there’s a problem with the account that needs their attention. A URL is included, enticing the reader to click to remedy the issue.
The chain of events usually plays out like this:
Attacker sends a phishing email that appears to come from Microsoft or another trusted source.
User clicks on link in the email, which brings them to a page mimicking the Office 365 login page.
User enters login credentials, which are scooped up by the attackers.
The fake page does nothing, says that the login is incorrect, or redirects the user to the real Office 365 login page.
Given this series of events, the user would be none-the-wiser that their credentials had been stolen.

Figure 2 – Office 365 login vs. phishing login. Can you spot the difference?
The frequency of attacks
How successful are these attacks? While it’s unlikely anyone but the attackers would have data on the number of stolen credentials, or overall success rate, we can draw a few conclusions by looking at the phishing emails.
Agari Data Inc. is one company that monitors a variety of data points surrounding phishing campaigns. In fact, in their quarterly Email Fraud and Identity Deception Trends report, they often look at brand impersonation trends and provided some fresh numbers for us.
Over the last few quarters, there has been a steady increase in the number of phishing emails impersonating Microsoft. While Microsoft has long been the most commonly impersonated brand, it now accounts for more than half of all brand impersonations seen in the last quarter.
Figure 3 – Brand Impersonation Phishing Emails masquerading as “Microsoft”
Cloud email security efficacy
To its credit, Microsoft has baked a number of security technologies into its Office 365 offerings. However, given how these types of phishing attacks take place off their network, there is very little that can be done from within the cloud to protect against it. If an attacker gains valid credentials and uses them, how can you tell the difference based on a login attempt?
Fortunately, there are several steps you can take to further protect your email:
Use multi-factor authentication. If a login attempt requires a secondary authorization before someone is allowed access to an inbox, this will stop many attackers, even with phished credentials.
Deploy advanced anti-phishing technologies. Some machine-learning technologies can use local identity and relationship modeling alongside behavioral analytics to spot deception-based threats.
Run regular phishing exercises. Regular, mandated phishing exercises across the entire organization will help to train employees to recognize phishing emails, so that they don’t click on malicious URLs, or enter their credentials into malicious websites. For instance, Duo offers a free phishing simulation tool, called Duo Insight.

On the horizon
Cloud email services like Office 365 aren’t going anywhere. Given the many advantages that they present, there’s no reason they should. The fact is, given the current threat landscape, it’s often necessary to leverage additional security.
Based on a recent study conducted by ESG on behalf of Cisco, more than 80 percent of respondents reported that their organization is using SaaS email services. However, 43 percent of respondents still found that, after the move, they required secondary security technologies in order to shore up their email defenses.
At the end of the day, there are still valid needs for IT teams to set policies, gain visibility and control, utilize sandboxes, and leverage external blocking capabilities. Cloud email offers a lot of advantages, but to fully deliver on its promise, there is still a role for IT to ensure it is as secure as it can be.
Interested in reading more on email security? We’re about to launch the next installment in our Cybersecurity Report Series. “Email: Click with Caution, How to protect against phishing, fraud, and other scams” will be released early next month! Stay tuned…
Like this post? Subscribe to the Threat of the Month blog series and get alerted when the next blog post is released.
The post Office 365 phishing appeared first on Cisco Blog.

Source:: Cisco Security Notice

By Talos Group One year ago, Cisco Talos first disclosed the existence of VPNFilter on May 23, 2018. The malware made headlines across the globe, as it was a sophisticated piece of malware developed by a nation state, infecting half a million devices, and poised to cause havoc. Yet the attack was averted. This is the story of VPNFilter, and the catastrophe that was averted.
Read More >>
The post One year later: The VPNFilter catastrophe that wasn’t appeared first on Cisco Blog.

Source:: Cisco Security Notice

By Robert Waitman It’s been an eventful year since the EU’s General Data Protection Regulation, or GDPR, became enforceable one short year ago on May 25, 2018. One of the biggest impacts of the GDPR has been the way in which it has altered the conversation about data privacy. Data privacy has become an increasingly global issue, and the GDPR and other similar regulations have been a forcing factor in getting companies and countries to begin taking customer privacy more seriously and strengthening their risk posture
A new Cisco white paper, Privacy Gains: Business Benefits of Privacy Investment, co-authored with the Beacon Group, looks at the ways privacy is driving value for enterprises worldwide, beyond complying with regulatory standards. The paper analyzes and details the benefits of privacy and contemplates the future state of data privacy.
Based on global survey data from the Cisco 2019 Data Privacy Benchmark Study, and Beacon’s qualitative conversations with select data privacy leaders worldwide, the paper identifies top business benefits realized through privacy investments including better agility and innovation, operational efficiencies, and competitive advantage, and fewer, less costly, data breaches. As one CEO put it, “Good privacy and being compliant can vastly reduce the risk of a data breach.”

The paper also sheds light on the challenges that privacy professionals face across disparate geographies and how they see privacy creating value. Our conversations with business leaders reveal that privacy-related sales delays are frequently caused by issues or misalignment during the vendor contracting process. Specifically, when companies‘ privacy practices or policies are subpar, or they are unwilling to share their current practices, the result can be delays in contract signing or even product redesigns. Furthermore, privacy leaders across the globe clearly articulated the ways in which privacy creates business value for their organizations, and the message is clear: good privacy is good for business.
Our Recommendations
Invest in a comprehensive privacy program and determine the outcomes you want. Then figure out how to curate data to help achieve your business objectives. Untended and uncurated assets can become liabilities. When you actively curate data, you not only achieve compliance, but also efficiency, effectiveness and profitability.
Embed privacy-awareness into your culture using employee training and awareness programs to communicate the value of privacy to all levels of your organization.
Be transparent and accountable. Demonstrate your commitment to protecting and respecting personal data, no matter where it comes from or where it flows.
For a look at Cisco’s eventful privacy journey over the past few years, check out this infographic.

More Information
Cisco and Beacon Privacy Gains White Paper
Cisco 2019 Data Privacy Benchmark Study
Cisco Data Protection and Privacy
The post GDPR One Year On: What Have We Learned? appeared first on Cisco Blog.

Source:: Cisco Security Notice