Archiv für die Kategorie: RSS Feeds

By Hazel Burton Today we launch our 2019 Threats of the Year report; a look back at the major tools and tactics that cybercriminals have exploited over the past year.
Based on original research conducted for our ‘Threat of the Month‘ blog series, we look into the impact of directed attacks against specific organizations, and how we can defend ourselves against these types of attack.
We also look at non-direct attacks – the attacks that are more of a numbers game for cybercriminals. In this case they are looking to hit as many victims as possible, without regard for the organizations or individuals that they affect.
Finally, we look at the cybercriminal ‘toolkit‘. From remote access trojans, to hiding threats in encrypted traffic, we’ve seen various innovations in how cybercriminals have evaded detection this year.
As we look towards the end of the year (and decade), we also sought perspectives from Cisco Security experts looking back at 2019. When asked what one particular threat stood out this year, and to offer a New Year’s resolution for 2020 that all organizations could consider adopting, here’s what they said:
Martin Lee, Talos (Cisco Threat Intelligence)
This year will be remembered as the year when we saw that DNS data, as well as TLS certificates, could be ‘fake news‘.
Although sporadic malicious activity had previously compromised DNS data, the discovery of the Sea Turtle campaign showed that DNS information could be compromised wholesale by attackers taking over top-level registries.
Consequently, legitimate domain-validated TLS certificates were granted to the attackers – since they controlled the domain’s DNS entries, meaning that the impersonation checking within TLS connections was subverted also. Attackers could thus divert a user from accessing a legitimate system to connect them to a malicious server while presenting a valid TLS certificate to authenticate the connection.
New Year’s resolution for 2020
Enable multi-factor authentication on every system that can support it. Passwords have never been a 100 percent effective or a secure mechanism for authenticating users. You can add two-factor authentication (2-FA) to all your system accounts so that even if someone steals or cracks your password, they can’t impersonate you to gain access to valuable data.
Andrea Kaiser, Cisco Umbrella (Protecting the DNS layer)
Malspam, or malicious unwanted email is still the predominant method used to cast a wide net and get up close and personal with the most vulnerable part of a network: users.
In 2019 we saw the Emotet botnet continue to spread malicious payloads and grow its victim base, expanding its malware-as-a-service tactic. Trickbot, Qakbot, IcedID, and Gootkit all spread through malicious document attachments as some of the payloads pushed by the Emotet botnet in 2019.
Emotet added the ability to hijack email threads by injecting responses into old or ongoing conversations from users‘ email. The new response can include links or malicious attachments to download Emotet.
This is all possible due to Emotet’s ability to steal email content and mail account credentials. The initial access and further propagation of the botnet relies on the distribution of malspam. This past year showed that we need to be vigilant in looking for targeted social engineering attacks in our inboxes.
New Year’s resolution for 2020
Social engineering is a threat that can affect you regardless of it being used as a tactic of malware. It can be used in any social setting to gain sensitive information. Often times, all one needs to start the process is a tiny bit of information about a person – such as the year you graduated or the city in which you were born. That one seed of information can lead to a path to compromise your personal data. My recommendation for your New Year’s resolution is to limit the online availability of your personal information. Take a look out our Consumer Data Privacy report to learn more.
Patrick Garrity, Cisco Duo (Access/Multi-Factor Authentication Security)
For those of us in access security (endpoint and MFA), we’re concerned about exploits targeting device operating system and browser software.
This year, two major examples affected the Google Chrome browser, including a zero-day vulnerability impacting all major operating systems, including Windows, Apple’s MacOS and Linux.
The vulnerability was a ‘use-after-free‘ type, which is a memory corruption flaw that allows a threat actor to exploit modified data in the memory of a machine and escalate privileges on that machine. This means if a user opens a PDF in a compromised Chrome browser, an attacker can hijack the browser to gain access to their machine.
While Google quickly released a patch to protect against this vulnerability, it’s an important example to highlight the importance of gaining visibility into your users‘ endpoints running out-of-date software and browsers.
New Year’s Resolution for 2020
Make sure your devices are up to date by regularly obtaining visibility into the security status of your users‘ devices. Then notify users of their out-of-date software and enforce policies that require software updates before allowing access to applications. Or, block access from any device that doesn’t meet your organization’s policies or requirements.
To find out more about these and other threats of 2019, download the Cisco 2019 Threats of the Year report.
Sign up here to receive our Threat of the Month blog series.
We will be holding a Cisco Live chat on this threat report on 17th December at 9am PST. Tune in on Cisco.com or via any of our social channels – Twitter, Facebook, Youtube and our Security Community.
We encourage you to use this retrospective report in any security-focused board meetings or business planning sessions you might be holding over the next few months to guide you on planning the security tools and processes needed for 2020. You can also use it as a resource to help explain how your current security posture would perform with any such attacks, and identify any gaps.
The post A Look Back at the Major Cyber Threats of 2019 appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Ben Munroe Four million. According to the latest study, that’s the approximate number of cybersecurity jobs around the world that still need to be filled by skilled professionals. With the current cybersecurity workforce measured at 2.8 million, it would need to grow by 145 percent for us to catch up. The same study done last year indicated a shortage of nearly 3 million professionals – meaning the number has already grown by more than one million people in a year. This poses so many questions. Chief among them: Is it real?
To put this into further perspective, the entire population of the City of Los Angeles is roughly 4 million. Therefore, in order to fill our current skills gap, every single person who lives in L.A. would need to work in the cybersecurity industry (plus a few more). Four million is also greater than the entire population of many countries – including Iceland, Qatar, Jamaica, and Mongolia, just to name a few. So, yeah, it’s a large number.
Have we created too many tools that all need managing, generating more alerts than can be attended to? Is it even possible to find, train, hire, and retain such a massive number of new security professionals?
Many have suggested widening the candidate pool and providing more training to alleviate this colossal problem. While these are of course logical solutions that we should definitely be pursuing, they will never increase our workforce by 145 percent. It’s just not feasible.
So should we just give up and let the bad actors win? Absolutely not. What we need to do is focus on a new solution. Yes, people are an essential piece of the puzzle, but we also have technology and processes to augment our talent.
The Business of Complexity
Historically, the security industry has innovated like crazy to keep up with attackers (and will continue to do so). We see a problem, and we build a box.
For example, malware starting to run amok through your environment? Time to buy some anti-malware technology. Your employees getting duped by phishing attacks? Better look into anti-phishing measures! Expanding into the cloud? What’s the best cloud security solution on the market? And so on…
While innovation is necessary and wonderful, it has created unmanageable complexity for many organizations. For each new product we create, we require more people to manage it. Therefore, instead of proactively protecting your environment, you’re frantically toggling between countless security applications all day just to triage the biggest issues. Or you’re spending all your time trying to integrate disparate solutions on your own.
VC funding in the cybersecurity space totaled $5.3 billion in 2018, up 20 percent from $4.4 billion in 2017. More venture capital means more companies, means more tools, and potentially more job openings. This does not seem like it’s moving in the right direction.
According to Cisco’s 2019 CISO Benchmark Study, 79 percent of respondents find it challenging to orchestrate security alerts from multiple vendors‘ products. And almost a third of respondents said they were suffering from “cyber fatigue” – meaning they have all but given up on trying to stay ahead of malicious threats and bad actors. Yikes! So, what can we do about this challenge without adding millions of people to our workforce?
A Platform Approach to Security
At Cisco, we’re continuing to innovate our respective security technologies to keep pace with attackers. And at the same time, we’re placing greater emphasis on making these technologies more effective and easier to work with. We’re calling it our platform approach to security – because a platform supported by a dozen pillars is stronger than just the pillars themselves.
Through this platform approach, we are leveraging integration, automation, and machine learning so that our technologies are working for you – not the other way around. The technologies you purchase to secure your environment should be making things easier for you, not harder.
Yes, we offer a lot of security products, because let’s face it, there are many different types of threats out there and infinite ways for them to get in. But let’s not lose sight of the forest for the trees. At the end of the day, the goal is a seamless, holistic security platform that allows a threat to be detected in one area of the enterprise and be blocked everywhere else – from the data center, network, and cloud, to email, the web, endpoints, and everywhere in between. We want to build a system whose components talk to one another and work together as a team to thwart attackers.
The Proof Is in the Platform
We have been ramping up towards this platform with some of our previous security portfolio synergies. For example, where the Cisco AnyConnect VPN leaves off, Cisco Umbrella kicks in – protecting users whether they are on or off the network. Additionally, Cisco AMP for Endpoints stretches across the portfolio to automatically receive actionable intelligence on worldwide threats from sources like Cisco Talos, Threat Grid, and Umbrella, and to integrate with our multi-factor authentication (MFA) solution, Duo. These are just a few of the integrations that already exist among our product set.
Now, we’re taking our platform approach towards the front end to make the integrated portfolio easier to use with Cisco Defense Orchestrator (CDO) and Cisco Threat Response (CTR). Security teams can now harmonize policies for a multitude of devices – from next-generation firewalls to Meraki – through a single cloud portal using Cisco Defense Orchestrator. We’re enabling customers to maintain consistent policies across firewalls and into the cloud, starting with support for Amazon Web Services (AWS). You can learn more here.
Additionally, organizations can now leverage coordinated incident response across the entire Cisco Security platform with Cisco Threat Response (CTR), which comes free with many of our security products. CTR leverages our integrated security architecture to make threat investigations faster, simpler, and more effective.
Cisco Threat Response

Your Experience Simplified, Your Success Accelerated, Your Future Secured
How will this new approach benefit you? At a high level, we envision this platform enabling customers to:
Reduce complexity with an integrated and open platform that strengthens operations, gets out of the way, and gives you back time.
Champion innovation with a powerful, pervasive platform that keeps you safe as your business pursues what’s ahead.
Future-proof your security strategy and reduce risk with a platform you can rely on, backed by unparalleled resources and expertise.
So that’s what we’ve been up to. And we’ll keep pushing, because the journey is far from over. We’re committed to creating a platform that delivers a better security experience and protects what’s now and what’s next.
In case you missed it, we recently held a virtual summit to officially launch our security platform. Catch the replay and find additional resources here.
The post It’s Time for Security to Work as a Team appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Don Meyer Network security professionals today clearly understand that there is no longer just one perimeter surrounding the enterprise. Rather, security and network management now extend across multiple, overlapping perimeters, each of which usually has its own firewall and related network equipment.
For security teams and network admins, this translates into the need to oversee and coordinate policy on a potentially large number of separate devices. Cisco Defense Orchestratoris a cloud-based application that enables admins to consistently manage and harmonize policies across a variety of Cisco security products as well as cloud-native tools such as AWS Security Groups.
Users of Cisco Defense Orchestrator shared their experiences with the product on IT Central Station. Their reviews reveal a solution that is appreciated for its simplicity and efficiency. Users also noted that Cisco Defense Orchestrator makes their teams more productive, particularly when managing policies across Cisco ASA, FTD and Meraki MX devices.
The Simplicity of Cisco Defense Orchestrator
Cisco Defense Orchestrator is known for enabling streamlined security policy management across an extended network. As Jairo M., Network and Security Specialist at a small tech services company, explained, “The initial setup was really straightforward. If the person setting this up has knowledge of firewalls and switches, it’s pretty simple. It took about two hours for us to deploy.”
Todd E., CTO at a small tech services company, similarly noted, “In terms of visibility and getting everybody involved, it was simple, scalable, and saved them tons of time, which in turn saved them money. Its effect on firewall builds and daily management of firewalls is that it’s super-simple on new deployments.”
Efficiency in Centralization
IT Central Station members remarked that Cisco Defense Orchestrator has made their teams more efficient. According to Mohamed N., an I.T. Manager at a consumer goods company with over 5,000 employees, “This efficient, time-saving, centralized device manager is easy to deploy and requires minimal administrative IT resources.” Todd E. spoke to this point as well, noting, “The simplicity, efficiency, and effectiveness of it are valuable. It’s efficient, simple, and there’s the visibility on the security side. Deployment is fast. As a security person, I love the visibility and the ease of use when doing my upgrades.”
Team Productivity and Support for ASA, FTD and Meraki MX
Network managers and security teams want to manage security policies across multiple Cisco products, including ASA, FTD and Meraki MX devices. The outcome is consistent security across the network. Isiac S., Network Administrator at a manufacturing company with over 200 employees, praised Cisco Defense Orchestrator in this context. He said, “Its support for ASA, FTD, and Meraki MX helps maintain consistent security.”
Todd E. addressed the team productivity aspects of this capability. He said, “When it comes to making bulk changes across common tasks, like policy management and image upgrades, one of the biggest complaints that I had from a lot of network engineers, was that everything was GUI, that Cisco had gone to GUI. But they can do bulk changes on the CLI. That was a big win for them, being able to do that across all the ASAs without having to log into every single ASA and make changes. They can do a lot of bulk changes on the fly. It’s a huge time-saver.”
Other notable comments on this issue included:
“Its support for ASA, FTD, and Meraki MX devices could potentially free up staff to do other work, although I have not tried the FTD or the MX.” – Andreas F., Systems Engineer at a tech services company
“The biggest part of ROI is the improvement to the operations. Our clients with CDO are having fewer issues. Things are just not going down. People are more productive.” – Todd E.
“The solution has made our security team more productive because it allows us to have more people do the same kind of work, and they take less time doing it. It catches what could have been mistakes on our part.” – A Systems Architect at a university with over 1,000 employees
“The solution’s support for ASA, FTD, and Meraki MX devices helps free up staff time for other work.” – Jairo M.
“Defense Orchestrator has made my network team more productive, since it’s the network team which manages it.” – Richard B., Network and Data Centre Platform Manager at a manufacturing company with over 1,000 employees
“Now, with one simple click, we select the devices and set it to update on a given day, and save different configurations. It’s pretty simple and a great feature for us. Whenever we have found any problems in the devices and we want to create a new policy that applies to ten or 20 companies, we select the devices and we send the same commands to all those devices at once.” – Jairo M.
To read more Cisco Defense Orchestrator reviews, visit IT Central Station.
The post Driving Efficiency and Productivity with Cisco Defense Orchestrator appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Don Meyer Network managers and security teams are facing a double-edged challenge: networks are growing far more complex and expanding across multiple perimeters just as threat vectors become increasingly difficult to detect and threats grow more sophisticated. The Next-Generation Firewall (NGFW) offers a solution. According to Cisco ASA reviews and Cisco Firepower NGFW reviews on IT Central Station, they enable greater visibility into the network and applications while improving threat mitigation.
Visibility into Traffic and the Application Layer
“Before Firepower, we didn’t have any visibility about what attack was happening or what’s going on from the inside to outside or the outside to inside,” explained Ali A., a Technical Manager who uses Cisco Firepower NGFW at a comms service provider with more than 1,000 employees. He added, “After Firepower and the reporting that Firepower generates, I can see what’s going on: which user visits the malicious website, or which user uploaded or downloaded malicious code, and what the name of the code is and from which country. This is very useful and helpful for me to detect what’s going on. It enables me to solve any problem.”
Burak Y., an IT System Administrator who uses Cisco ASA at a transportation company, is dealing with a dynamic IT landscape which requires, in his view, “Security policy, controls, and visibility to be better than ever.” Mohammad R., a Security Officer at a government agency, praised ASA because it “gives us visibility into potential outbreaks as well as malicious users trying to access the site.” Iz, an Assistant Manager (Infrastructure) who uses Cisco Firepower at a small business, commented, “It has improved the security posture and visibility of our traffic.”
Visibility into applications is a critical need for network and security managers. Applications are frequent targets of malicious actors because they present an effective way to gain unauthorized access to data. Hackers also like to disrupt organizations by crippling their apps. To prevent these potentialities, Cisco NGFWs must “support application visibility,” noted a Senior Data Scientist who uses Firepower at a tech services company. He praised Firepower because it can support “application visibility and control.”
Eduardo V., an IT Infrastructure Specialist who uses Cisco Firepower at a transportation company, further addressed this need by saying, “It provides us with application visibility and control. We can see, on the dashboard, all the applications that are most used and which are under some sort of risk or vulnerability.” This matters because, “It helps a lot when we need to check some situation or issue that could be related to any attack or any violation. We can see that there are one or two or three applications that are the top-consuming applications. We can use this information to analyze if there is a deviation or if it’s something that we need to consider as normal behavior and increase the bandwidth on the site.”
Policy Management
IT Central Station members describe the importance of policy management in their selection and use of an NGFW. In this regard, according to David S., owner of a small tech company, “Cisco has better application granularity, a more flexible means of policy creation, and easier to use controls and more powerful reports than its predecessors.” Tony P., a Business Development Executive who uses Cisco ASA, further noted, “The firewall and policy side are easy to use.” A Network & Security Administrator at a financial services firm uses Cisco ASA to enforce security policy.
For Joel S., a Senior Network Engineer who uses Cisco ASA at a retailer with more than 1,000 employees, “Policy rulesets are key. The majority of what I do is create rules and work with the customers to make sure that things are getting in and out of the environment. Eduardo V. shared, “It’s not just the visibility of things, but the management of application behavior is very important. If I see that, for example, Facebook is consuming too much bandwidth, I can make a policy on the console here and deploy it to our remote offices. So the application visibility feature is one of the key parts of the solution.”
Threat Detection and Mitigation
Security managers rely on NGFWs to be their first line of defense against incoming threats and malicious exfiltration of data. As Paul C., a Security Architect who uses Cisco Firepower at a comms service provider with over 10,000 employees, noted, “FTD’s ability to provide visibility into threats is very good, if the traffic is clear.” He added, “You can stop new threats very quickly because you can get the threat intelligence deployed to all your IPSs in less than two hours. Cisco works closely with Talos and anything that Talos finds is provided in the threat intelligence of the FTDs if you have the license.”
To this point, a Regional Manager of Pre Sales at a tech services company was pleased that Cisco ASA “helps us to identify key, persistent threats so we can set policies accordingly.” An IT Manager who uses Cisco ASA with FirePOWER at a construction company spoke to this issue as well, saying he valued it for Intrusion protection. He said, “We were able to determine when we are being attacked. We needed a way to monitor threat protection and not cause latency. The product has the ability to be a consumer of threat intelligence, and be a contributor showing the maturity in threat protection posture.”
To read more Cisco NGFW reviews from real, unbiased users, visit IT Central Station.
The post The Advantages of Next-Generation Firewalls (NGFWs) appeared first on Cisco Blogs.

Source:: Cisco Security Notice