Using Amazon Web Services? Cisco Stealthwatch Cloud has all your security needs covered

By Jeff Moncrief Like many consumers of public cloud infrastructure services, organizations that run workloads in Amazon Web Services (AWS) face an array of security challenges that span from traditional threat vectors to the exploitation of more abstract workloads and entry points into the infrastructure.
This week at AWS re:Inforce, a new feature for AWS workload visibility was announced – AWS Virtual Private Cloud (VPC) Traffic Mirroring. This feature allows for a full 1:1 packet capture of the traffic flowing within and in/out of a customer’s VPC environment. This allows for vendors to provide visibility into the entire AWS traffic, and the ability to perform network and security analytics. Cisco Steathwatch Cloud is able to fully leverage VPC Traffic Mirroring for transactional network conversation visibility, threat detection and compliance risk alerting.
Stealthwatch Cloud is actually unique in that we have had this level of traffic visibility and security analytics deep within an AWS infrastructure for a number of years now with our ability to ingest AWS VPC Flow Logs. VPC Flow Logs allow for a parallel level of visibility in AWS without having to deploy any sensors or collectors. This method of infrastructure visibility allows for incredibly easy deployment within many AWS VPCs and accounts at scale in a quick-to-operationalize manner with Stealthwatch Cloud’s SaaS visibility and threat detection solution. In fact, you can deploy Stealthwatch Cloud within your AWS environment in as little as 10 minutes!
Additionally, we are seeing that the majority of customer traffic in, out and within a VPC is encrypted. Stealthwatch Cloud is designed from the ground up to assume that the traffic is encrypted and to model every entity and look for threats leveraging a multitude of data points regardless of payload.
Stealthwatch Cloud takes the AWS visibility and protection capability even deeper by leveraging the AWS API to retrieve a wide array of telemetry from the AWS backend to tell a richer story of what’s actually going on throughout the AWS environment, far beyond just monitoring the network traffic itself. We illuminate API keys, user accounts, CloudTrail audit log events, instance tags, abstract services such as Redshift, RDS, Inspector, ELBs, Lambdas, S3 buckets, Nat Gateways and many other services many of our customers are using beyond just VPCs and EC2 instances.
Here is a screenshot from the customer portal with just a sample of the additional value Stealthwatch Cloud offers AWS customers in addition to our network traffic analytics:

The following screenshot shows how we are able to extend our behavioral anomaly detection and modeling far beyond just EC2 instances and are able to learn “known good” for API keys, user accounts and other entry points into the environment that customers need to be concerned about:

Combine this unique set of rich AWS backend telemetry with the traffic analytics that we can perform with either VPC Flow Logs or VPC Traffic Mirroring, and we are able to ensure that customers are protected regardless of where the threat vector into their AWS deployment may exist – at the VPC ingress/egress, at the AWS web login screen or leveraging API keys. Cisco is well aware that our customers are using a broad set of services in AWS that stretch from virtual machines to serverless and Kubernetes. Stealthwatch Cloud is able to provide the visibility, accountability and threat detection across the Kill Chain in any of these environments today.
Try today!
Interested in Cisco Stealthwatch Cloud? You can try it today with our no-risk, 60-day free trial. To sign up, click here or visit us on the AWS Marketplace.

Source:: Cisco Security Notice

Using Amazon Web Services? Cisco Stealthwatch Cloud has all your security needs covered

By Jeff Moncrief Like many consumers of public cloud infrastructure services, organizations that run workloads in Amazon Web Services (AWS) face an array of security challenges that span from traditional threat vectors to the exploitation of more abstract workloads and entry points into the infrastructure.
This week at AWS re:Inforce, a new feature for AWS workload visibility was announced – AWS Virtual Private Cloud (VPC) Traffic Mirroring. This feature allows for a full 1:1 packet capture of the traffic flowing within and in/out of a customer’s VPC environment. This allows for vendors to provide visibility into the entire AWS traffic, and the ability to perform network and security analytics. Cisco Steathwatch Cloud is able to fully leverage VPC Traffic Mirroring for transactional network conversation visibility, threat detection and compliance risk alerting.
Stealthwatch Cloud is actually unique in that we have had this level of traffic visibility and security analytics deep within an AWS infrastructure for a number of years now with our ability to ingest AWS VPC Flow Logs. VPC Flow Logs allow for a parallel level of visibility in AWS without having to deploy any sensors or collectors. This method of infrastructure visibility allows for incredibly easy deployment within many AWS VPCs and accounts at scale in a quick-to-operationalize manner with Stealthwatch Cloud’s SaaS visibility and threat detection solution. In fact, you can deploy Stealthwatch Cloud within your AWS environment in as little as 10 minutes!
Additionally, we are seeing that the majority of customer traffic in, out and within a VPC is encrypted. Stealthwatch Cloud is designed from the ground up to assume that the traffic is encrypted and to model every entity and look for threats leveraging a multitude of data points regardless of payload.
Stealthwatch Cloud takes the AWS visibility and protection capability even deeper by leveraging the AWS API to retrieve a wide array of telemetry from the AWS backend to tell a richer story of what’s actually going on throughout the AWS environment, far beyond just monitoring the network traffic itself. We illuminate API keys, user accounts, CloudTrail audit log events, instance tags, abstract services such as Redshift, RDS, Inspector, ELBs, Lambdas, S3 buckets, Nat Gateways and many other services many of our customers are using beyond just VPCs and EC2 instances.
Here is a screenshot from the customer portal with just a sample of the additional value Stealthwatch Cloud offers AWS customers in addition to our network traffic analytics:

The following screenshot shows how we are able to extend our behavioral anomaly detection and modeling far beyond just EC2 instances and are able to learn “known good” for API keys, user accounts and other entry points into the environment that customers need to be concerned about:

Combine this unique set of rich AWS backend telemetry with the traffic analytics that we can perform with either VPC Flow Logs or VPC Traffic Mirroring, and we are able to ensure that customers are protected regardless of where the threat vector into their AWS deployment may exist – at the VPC ingress/egress, at the AWS web login screen or leveraging API keys. Cisco is well aware that our customers are using a broad set of services in AWS that stretch from virtual machines to serverless and Kubernetes. Stealthwatch Cloud is able to provide the visibility, accountability and threat detection across the Kill Chain in any of these environments today.
Try today!
Interested in Cisco Stealthwatch Cloud? You can try it today with our no-risk, 60-day free trial. To sign up, click here or visit us on the AWS Marketplace.

Source:: Cisco Security Notice

Threat Roundup for June 21 to June 28

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 21 and June 28. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More at Talosintelligence.com

ReferenceTRU06282019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice

Threat Roundup for June 21 to June 28

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 21 and June 28. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More at Talosintelligence.com

ReferenceTRU06282019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice

Gute Gründe für Cisco Services

Gute Gründe für Cisco Services

Oft werden wir gefragt, ob der Abschluss eines Cisco Servicevertrages Sinn macht, oder ob das lediglich Geld kostet und eigentlich gar nicht benötigt wird. Sicher sind diese Services nicht umsonst zu bekommen, aber der Gegenwert ist groß. Wir beantworten hier gesammelt Fragen, die uns in diesem Zusammenhang gestellt wurden.

Cisco Services sind uns zu teuer.

Bei der Entscheidung für oder gegen einen Cisco Service Vertrag, sollten Sie unbedingt die Kosten für mögliche Ausfallzeiten und die Behebung des Problems berücksichtigen. Die Lösung eines einzelnen Problems kann schnell die Kosten des gesamten Vertrages übersteigen. Falls der höhere, finanzielle Invest zu Anfang des Vertrages ein Thema sein sollte oder eine monatliche Zahlweise gewünscht ist, so könnte Cisco Capital eine praktikable Lösung darstellen.

 

Wir haben doch eine Garantie. Reicht das nicht aus?

Die Garantie schützt ausschließlich bei Produktfehlern. Tatsächlich haben 95% der Supportanfragen bei uns und Cisco nichts mit Geräteausfällen zu tun, die von der Garantie abgedeckt werden. Mit einem Servicevertrag erhalten Sie den kompetenten technischen Support des Technical Assistant Center (TAC), schnelle Ersatzteillieferung (in 2 oder 4 Stunden oder am nächsten Werktag) und laufende Updates. Zudem haben Sie (oder Oberberg-Online in Ihrem Namen) Zugriff auf proaktive Diagnosen und auf die Wissensdatenbank auf Cisco.com. Im Fall der Fälle kann diese spezielle Unterstützung dabei helfen, Probleme schnellstmöglich zu beheben, um damit die Ausfallzeit so gering wie möglich zu halten.

 

Warum muss ich das Betriebssystem aktualisieren?

Auf dem Betriebssystem werden alle Cisco-Anwendungen ausgeführt. Anwendungen die auf einem veralteten Betriebssystem laufen, sind sehr anfällig für Hacker-Angriffe. Dadurch wird das gesamte Netzwerk gefährdet. Darüber hinaus bieten Betriebssystem-Updates immer die neuesten Funktionen. Nichts Anderes machen Sie ja auch bei Ihren Servern und Arbeitsplatz-PCs.

 

Wir schließen einfach nach Ablauf der Garantie einen Service-Vertrag ab

Die Cisco-Standardgarantie bietet nicht dieselben Vorteile und Sicherheiten wie ein Servicevertrag. LLW-Garantien (Limited Lifetime Warranty) sind zudem nur für ausgewählte Produkte verfügbar. Beispielsweise bietet eine LLW Garantie den Versand von Hardware-Ersatz innerhalb von 10 Tagen und bietet keinen technischen Support durch das Technical Assistant Center (TAC).

 

Ich brauche keinen Service. Ich habe Ersatzteile auf Lager.

Ausschließlich Ersatzteile vorrätig zu halten, ist nur die halbe Miete. Darüber hinaus müssen in System, Sicherheit und interne Experten investiert werden. Diese Kosten übersteigen schnell die Kosten eines Service-Vertrags.

 

Ergänzend zum Hersteller Service bietet Oberberg-Online den Abschluss ergänzender Services an. Damit übernehmen wir im Falle eines Falles die Abwicklung mit dem TAC für Sie, sorgen für Software-Updates und monitoren auf Wunsch die Verfügbarkeit Ihrer Infrastruktur. Zusammen bietet Ihnen das ein rundum sorglos Paket. Sprechen Sie uns einfach darauf an:

DSC_2022 klein
Bastian Breidenbach

breidenbach@oberberg.net

Dirk Zurawski
02261 9155051
zurawski@oberberg.net
DSC_2012 klein
Frank Erlinghagen
02261 9155055
erlinghagen@oberberg.net

Welcome Spelevo: New exploit kit full of old tricks

By Talos Group
Nick Biasini authored this post with contributions from Caitlyn Hammond.
Executive summary
Exploit kits are an ever-present and often forgotten threat on the landscape today. Their popularity seemed to peak several years ago with the success and eventual downfall of some of the best compromise platforms ever created, including the Angler Exploit Kit. These kits generated millions of dollars from their victims and they are still effective. One of their biggest appeals today is the removal of reliance on user assistance. Increasingly, on the crimeware landscape today, user assistance is required, whether it’s through blatant social engineering attacks like ongoing sextortion campaigns or through the countless malspam messages traversing the globe daily, users are required to help achieve infection. That is where exploit kits stand alone as an effective web-based platform for compromise that only requires users to surf the internet.
Today, Cisco Talos is unveiling the details of a new exploit kit campaign that proves exploit kits are still a threat and should be taken seriously by defenders: Spelevo. This recent campaign leveraged a compromised business-to-business site to deliver Spelevo, one of the first new kits we’ve seen in months.
Read More >>

Source:: Cisco Security Notice

Welcome Spelevo: New exploit kit full of old tricks

By Talos Group
Nick Biasini authored this post with contributions from Caitlyn Hammond.
Executive summary
Exploit kits are an ever-present and often forgotten threat on the landscape today. Their popularity seemed to peak several years ago with the success and eventual downfall of some of the best compromise platforms ever created, including the Angler Exploit Kit. These kits generated millions of dollars from their victims and they are still effective. One of their biggest appeals today is the removal of reliance on user assistance. Increasingly, on the crimeware landscape today, user assistance is required, whether it’s through blatant social engineering attacks like ongoing sextortion campaigns or through the countless malspam messages traversing the globe daily, users are required to help achieve infection. That is where exploit kits stand alone as an effective web-based platform for compromise that only requires users to surf the internet.
Today, Cisco Talos is unveiling the details of a new exploit kit campaign that proves exploit kits are still a threat and should be taken seriously by defenders: Spelevo. This recent campaign leveraged a compromised business-to-business site to deliver Spelevo, one of the first new kits we’ve seen in months.
Read More >>

Source:: Cisco Security Notice

Threat Roundup for June 14 to June 21

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 14 and June 21. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More >>
ReferenceTRU06212019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice

Threat Roundup for June 14 to June 21

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 14 and June 21. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More >>
ReferenceTRU06212019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice

Cisco named a “Champion” in Canalys Cybersecurity Leadership Matrix 2019

By Steve Benvenuto Known as a leader in cybersecurity and technology insights for the channel, Canalys released their Cybersecurity Leadership Matrix for 2019. For this matrix, 15 cybersecurity companies were graded on momentum and channel performance over the past 12 months. Unique feedback from channel partners and Canalys analyst insights were used to rank the list of cybersecurity vendors. Of the 15 companies, five of the companies were named in the upper-right quadrant labeled “Champions.” As a team, we are excited to announce that Cisco was recognized as the company with the highest combination of momentum and rating.

Canalys cybersecurity analysis leverages route-to-market, end-user and technology deployment insights to determine top cybersecurity vendors. Their analysis focuses on five security segments: endpoint security, network security, data security, vulnerability and security analytics, and web and email security.
Based off these criteria, Canalys labeled Cisco as a champion due to “not only its leading market share, but its ongoing investment in partner profitability, offering higher front-end margins to encourage cross-product integration sales.” Canalys offers two great insights: Cisco’s ongoing investment in partners, and Cisco’s cross-production integrations.
As Canalys mentions, Cisco Security is a leader in market share, and with the investments in partners and products, Cisco Security continues to show market leader in momentum. Of the fifteen vendors, Cisco Security places second in momentum behind Juniper, but Juniper is not in the top quadrant for rating. Cisco received the highest rating out of all 15 vendors. No company can combine the momentum Cisco is experiencing with the high product rating. As Canalys mentions, much of this can be attribute to a strong investment in partners who are able to deliver personalized security solutions to end-consumers at scale.
Second, Canalys highlights Cisco’s cross-product integration sales. No cybersecurity company offers an extensive, integrated security portfolio like Cisco. In reality, security solutions require strong solutions covering the entire breadth of the five segments Canalys focuses on. Fragmenting your security portfolio with average solutions in each segment leads to an average solution. Deploying market-leading solutions in each segment that integrate seamlessly together however, results in a market-leading, holistic cybersecurity posture like Cisco Security’s.
Canalys further mentions that software security solutions will continue to increasingly dominate the market. As this trend increases, Cisco integrations become more valuable with unifying tools like Cisco Threat Response, or with cloud-based firewall management tools like Cisco Defense Orchestrator. Both solutions empower IT departments by providing the tools to automate policy enforcement, threat detection, and threat response.
Overall, this is exciting news for the entire Cisco Security team. We are dedicated to our partners‘ success and profitability, and these results from Canalys further prove that Cisco Security is a growth driver for our partners. See all of the latest promotionsand incentiveswe have available here. Stay in the know on all things Cisco Security by checking out our Security Hub or Selling Security for Partners site.
For more on Canalys’s Cybersecurity Leadership Matrix 2019, find their report here.

Source:: Cisco Security Notice