Using Amazon Web Services? Cisco Stealthwatch Cloud has all your security needs covered

By Jeff Moncrief Like many consumers of public cloud infrastructure services, organizations that run workloads in Amazon Web Services (AWS) face an array of security challenges that span from traditional threat vectors to the exploitation of more abstract workloads and entry points into the infrastructure.
This week at AWS re:Inforce, a new feature for AWS workload visibility was announced – AWS Virtual Private Cloud (VPC) Traffic Mirroring. This feature allows for a full 1:1 packet capture of the traffic flowing within and in/out of a customer’s VPC environment. This allows for vendors to provide visibility into the entire AWS traffic, and the ability to perform network and security analytics. Cisco Steathwatch Cloud is able to fully leverage VPC Traffic Mirroring for transactional network conversation visibility, threat detection and compliance risk alerting.
Stealthwatch Cloud is actually unique in that we have had this level of traffic visibility and security analytics deep within an AWS infrastructure for a number of years now with our ability to ingest AWS VPC Flow Logs. VPC Flow Logs allow for a parallel level of visibility in AWS without having to deploy any sensors or collectors. This method of infrastructure visibility allows for incredibly easy deployment within many AWS VPCs and accounts at scale in a quick-to-operationalize manner with Stealthwatch Cloud’s SaaS visibility and threat detection solution. In fact, you can deploy Stealthwatch Cloud within your AWS environment in as little as 10 minutes!
Additionally, we are seeing that the majority of customer traffic in, out and within a VPC is encrypted. Stealthwatch Cloud is designed from the ground up to assume that the traffic is encrypted and to model every entity and look for threats leveraging a multitude of data points regardless of payload.
Stealthwatch Cloud takes the AWS visibility and protection capability even deeper by leveraging the AWS API to retrieve a wide array of telemetry from the AWS backend to tell a richer story of what’s actually going on throughout the AWS environment, far beyond just monitoring the network traffic itself. We illuminate API keys, user accounts, CloudTrail audit log events, instance tags, abstract services such as Redshift, RDS, Inspector, ELBs, Lambdas, S3 buckets, Nat Gateways and many other services many of our customers are using beyond just VPCs and EC2 instances.
Here is a screenshot from the customer portal with just a sample of the additional value Stealthwatch Cloud offers AWS customers in addition to our network traffic analytics:

The following screenshot shows how we are able to extend our behavioral anomaly detection and modeling far beyond just EC2 instances and are able to learn “known good” for API keys, user accounts and other entry points into the environment that customers need to be concerned about:

Combine this unique set of rich AWS backend telemetry with the traffic analytics that we can perform with either VPC Flow Logs or VPC Traffic Mirroring, and we are able to ensure that customers are protected regardless of where the threat vector into their AWS deployment may exist – at the VPC ingress/egress, at the AWS web login screen or leveraging API keys. Cisco is well aware that our customers are using a broad set of services in AWS that stretch from virtual machines to serverless and Kubernetes. Stealthwatch Cloud is able to provide the visibility, accountability and threat detection across the Kill Chain in any of these environments today.
Try today!
Interested in Cisco Stealthwatch Cloud? You can try it today with our no-risk, 60-day free trial. To sign up, click here or visit us on the AWS Marketplace.

Source:: Cisco Security Notice

Threat Roundup for June 21 to June 28

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 21 and June 28. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More at Talosintelligence.com

ReferenceTRU06282019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice

Gute Gründe für Cisco Services

Gute Gründe für Cisco Services

Oft werden wir gefragt, ob der Abschluss eines Cisco Servicevertrages Sinn macht, oder ob das lediglich Geld kostet und eigentlich gar nicht benötigt wird. Sicher sind diese Services nicht umsonst zu bekommen, aber der Gegenwert ist groß. Wir beantworten hier gesammelt Fragen, die uns in diesem Zusammenhang gestellt wurden.

Cisco Services sind uns zu teuer.

Bei der Entscheidung für oder gegen einen Cisco Service Vertrag, sollten Sie unbedingt die Kosten für mögliche Ausfallzeiten und die Behebung des Problems berücksichtigen. Die Lösung eines einzelnen Problems kann schnell die Kosten des gesamten Vertrages übersteigen. Falls der höhere, finanzielle Invest zu Anfang des Vertrages ein Thema sein sollte oder eine monatliche Zahlweise gewünscht ist, so könnte Cisco Capital eine praktikable Lösung darstellen.

 

Wir haben doch eine Garantie. Reicht das nicht aus?

Die Garantie schützt ausschließlich bei Produktfehlern. Tatsächlich haben 95% der Supportanfragen bei uns und Cisco nichts mit Geräteausfällen zu tun, die von der Garantie abgedeckt werden. Mit einem Servicevertrag erhalten Sie den kompetenten technischen Support des Technical Assistant Center (TAC), schnelle Ersatzteillieferung (in 2 oder 4 Stunden oder am nächsten Werktag) und laufende Updates. Zudem haben Sie (oder Oberberg-Online in Ihrem Namen) Zugriff auf proaktive Diagnosen und auf die Wissensdatenbank auf Cisco.com. Im Fall der Fälle kann diese spezielle Unterstützung dabei helfen, Probleme schnellstmöglich zu beheben, um damit die Ausfallzeit so gering wie möglich zu halten.

 

Warum muss ich das Betriebssystem aktualisieren?

Auf dem Betriebssystem werden alle Cisco-Anwendungen ausgeführt. Anwendungen die auf einem veralteten Betriebssystem laufen, sind sehr anfällig für Hacker-Angriffe. Dadurch wird das gesamte Netzwerk gefährdet. Darüber hinaus bieten Betriebssystem-Updates immer die neuesten Funktionen. Nichts Anderes machen Sie ja auch bei Ihren Servern und Arbeitsplatz-PCs.

 

Wir schließen einfach nach Ablauf der Garantie einen Service-Vertrag ab

Die Cisco-Standardgarantie bietet nicht dieselben Vorteile und Sicherheiten wie ein Servicevertrag. LLW-Garantien (Limited Lifetime Warranty) sind zudem nur für ausgewählte Produkte verfügbar. Beispielsweise bietet eine LLW Garantie den Versand von Hardware-Ersatz innerhalb von 10 Tagen und bietet keinen technischen Support durch das Technical Assistant Center (TAC).

 

Ich brauche keinen Service. Ich habe Ersatzteile auf Lager.

Ausschließlich Ersatzteile vorrätig zu halten, ist nur die halbe Miete. Darüber hinaus müssen in System, Sicherheit und interne Experten investiert werden. Diese Kosten übersteigen schnell die Kosten eines Service-Vertrags.

 

Ergänzend zum Hersteller Service bietet Oberberg-Online den Abschluss ergänzender Services an. Damit übernehmen wir im Falle eines Falles die Abwicklung mit dem TAC für Sie, sorgen für Software-Updates und monitoren auf Wunsch die Verfügbarkeit Ihrer Infrastruktur. Zusammen bietet Ihnen das ein rundum sorglos Paket. Sprechen Sie uns einfach darauf an:

DSC_2022 klein
Bastian Breidenbach

breidenbach@oberberg.net

Dirk Zurawski
02261 9155051
zurawski@oberberg.net
DSC_2012 klein
Frank Erlinghagen
02261 9155055
erlinghagen@oberberg.net

Welcome Spelevo: New exploit kit full of old tricks

By Talos Group
Nick Biasini authored this post with contributions from Caitlyn Hammond.
Executive summary
Exploit kits are an ever-present and often forgotten threat on the landscape today. Their popularity seemed to peak several years ago with the success and eventual downfall of some of the best compromise platforms ever created, including the Angler Exploit Kit. These kits generated millions of dollars from their victims and they are still effective. One of their biggest appeals today is the removal of reliance on user assistance. Increasingly, on the crimeware landscape today, user assistance is required, whether it’s through blatant social engineering attacks like ongoing sextortion campaigns or through the countless malspam messages traversing the globe daily, users are required to help achieve infection. That is where exploit kits stand alone as an effective web-based platform for compromise that only requires users to surf the internet.
Today, Cisco Talos is unveiling the details of a new exploit kit campaign that proves exploit kits are still a threat and should be taken seriously by defenders: Spelevo. This recent campaign leveraged a compromised business-to-business site to deliver Spelevo, one of the first new kits we’ve seen in months.
Read More >>

Source:: Cisco Security Notice

Threat Roundup for June 14 to June 21

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between June 14 and June 21. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More >>
ReferenceTRU06212019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice

Cisco named a “Champion” in Canalys Cybersecurity Leadership Matrix 2019

By Steve Benvenuto Known as a leader in cybersecurity and technology insights for the channel, Canalys released their Cybersecurity Leadership Matrix for 2019. For this matrix, 15 cybersecurity companies were graded on momentum and channel performance over the past 12 months. Unique feedback from channel partners and Canalys analyst insights were used to rank the list of cybersecurity vendors. Of the 15 companies, five of the companies were named in the upper-right quadrant labeled “Champions.” As a team, we are excited to announce that Cisco was recognized as the company with the highest combination of momentum and rating.

Canalys cybersecurity analysis leverages route-to-market, end-user and technology deployment insights to determine top cybersecurity vendors. Their analysis focuses on five security segments: endpoint security, network security, data security, vulnerability and security analytics, and web and email security.
Based off these criteria, Canalys labeled Cisco as a champion due to “not only its leading market share, but its ongoing investment in partner profitability, offering higher front-end margins to encourage cross-product integration sales.” Canalys offers two great insights: Cisco’s ongoing investment in partners, and Cisco’s cross-production integrations.
As Canalys mentions, Cisco Security is a leader in market share, and with the investments in partners and products, Cisco Security continues to show market leader in momentum. Of the fifteen vendors, Cisco Security places second in momentum behind Juniper, but Juniper is not in the top quadrant for rating. Cisco received the highest rating out of all 15 vendors. No company can combine the momentum Cisco is experiencing with the high product rating. As Canalys mentions, much of this can be attribute to a strong investment in partners who are able to deliver personalized security solutions to end-consumers at scale.
Second, Canalys highlights Cisco’s cross-product integration sales. No cybersecurity company offers an extensive, integrated security portfolio like Cisco. In reality, security solutions require strong solutions covering the entire breadth of the five segments Canalys focuses on. Fragmenting your security portfolio with average solutions in each segment leads to an average solution. Deploying market-leading solutions in each segment that integrate seamlessly together however, results in a market-leading, holistic cybersecurity posture like Cisco Security’s.
Canalys further mentions that software security solutions will continue to increasingly dominate the market. As this trend increases, Cisco integrations become more valuable with unifying tools like Cisco Threat Response, or with cloud-based firewall management tools like Cisco Defense Orchestrator. Both solutions empower IT departments by providing the tools to automate policy enforcement, threat detection, and threat response.
Overall, this is exciting news for the entire Cisco Security team. We are dedicated to our partners‘ success and profitability, and these results from Canalys further prove that Cisco Security is a growth driver for our partners. See all of the latest promotionsand incentiveswe have available here. Stay in the know on all things Cisco Security by checking out our Security Hub or Selling Security for Partners site.
For more on Canalys’s Cybersecurity Leadership Matrix 2019, find their report here.

Source:: Cisco Security Notice

7 Questions about the Firewall: A Chat with Cisco featuring Gartner

By John Dominguez The firewall remains the front line of cyber-defense for most organizations. The firewall protects an organization’s network, and that function isn’t going away anytime soon. Remember when people used to say, “the firewall is dead”? The numbers tell a different story. Gartner forecasts that this market will grow from $12.5 billion in 2018 to $16.2 billion in 2023. That’s one of the single largest product markets in all of cybersecurity.
Many security and networking teams are also starting to use the firewall as the main hub to manage and orchestrate other security tools. In the past, advanced services used to be delivered via separate security appliances or software. But now, many next-generation firewalls include built-in threat intelligence feeds, intrusion prevention, advanced malware protection, URL filtering, identity services and more. It makes sense. Why pivot between multiple security tools when your firewall could do most of it.
This trend of consolidated services within the firewall also runs parallel to a much broader trend in cybersecurity – vendor consolidation and the transition to a “platform” approach to cybersecurity. Security and networking teams want an integrated, seamless security “system” instead of having to juggle multiple, disparate security tools. For years, they’ve been buying individual security products to solve specific problems. Protect the network – buy a firewall. Stop advanced threats – buy an intrusion prevention system or advanced malware system. Block malicious websites – buy a web security appliance. And so on. It didn’t matter what vendor they came from. You’d buy the best tool for the job that was available on the market.
The problem with this approach is how to efficiently operationalize all of those different products. More products require more people to manage them. If the products don’t automatically share information or work together to solve security problems (because they come from different vendors), then manual intervention is required. Is this starting to sound complex? It is. And it’s the reason network and security teams began to seek out integrated security “platforms” that make management easier.
In a recently published video, featured Gartner analyst Nat Smith and Cisco SVP Gee Rittenhouse discuss these trends in the firewall marketplace, and how they could impact your team’s approach to cyberdefense.

Source:: Cisco Security Notice

Supportende für Innovaphone PBX V10

Mit der Veröffentlichung der PBX V13 endet der Support für die PBX V10.

Die Versionen V11 und V12 stehen nach wie vor unter Service. Alle V10 Kunden mit gültigem Software Service Agreement können die neueren Lizenzen kostenfrei beziehen. Gerne stehen wir mit unserer Dienstleistung beim Upgrade zur Seite. Bitte sprechen Sie uns hierzu einfach an.

Marcus Schultes

schultes@oberberg.net

DSC_2022 klein
Jörg Wegner
02261 9155052
wegner@oberberg.net
Dirk Zurawski
02261 9155051
zurawski@oberberg.net

Threat Roundup for June 7 to June 14

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between May 31 and June 7. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More at Talosintelligence.com
ReferenceTRU06142019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

Source:: Cisco Security Notice

Top Security and Risk Management Trends Unveiled at Gartner Security and Risk Management Summit 2019

By Gary McNeil Standing at the shores of the Potomac, The Gaylord National Resort and Convention Center National Harbor is gearing up to host the 2019 Gartner Security and Risk Management Summit June 17-20. On in its 24th year, this event is the premier gathering of security, risk management and business continuity management leaders.
In the Digital Age, IT security is everyone’s business and Cisco is looking forward to continuing our tradition of being a Premier sponsor and sharing the latest innovations to improve your security posture and mitigate risk.
Whether you are a CISO looking to network with peers and improve your leadership skills or a security professional looking for practical advice – Cisco has a you covered.
Join us On-site for Private Meetings
Want to talk strategy? Cisco executives and subject matter experts will be available for private meetings. Please contact us to schedule a meeting.
Discount Code: Use priority code SECSP25 and receive $350 off your conference registration.

Cisco Booth 409
Will feature giveaways and demos including:
Featuring:
Endpoint Security
Advanced Malware Protection (AMP) and Cisco Threat Response
Secure Internet Gateway and SD-WAN
Cisco Umbrella, Cisco Cloudlock and Cisco Web Security Appliance (WSA)
Zero Trust
Duo Security, Now Part of Cisco
Network and Cloud Security Analytics
Stealthwatch
NGFW and NGIPS
Firepower and Cisco Defense Orchestrator
Workload Protection
Application and Workload Security

Networking Welcome Reception
Monday, June 17, 2019 | 5:45 p.m. – 7:30 p.m.
Location: Exhibit Showcase
Join us in the Exhibit Showcase for a special circus-themed reception where you can engage with your peers, Gartner Analysts, and exhibitors while enjoying delicious food and beverages, fun games, raffle drawings, and lively entertainment. Also, don’t miss a chance to get a sneak peak at the motorcycle we’ll be raffling off on Wednesday.
Hospitality Suite: Cisco Hog Wild
Wednesday, 5:45 p.m., National Harbor 5
All attendees are invited to cruise over for a night of blues, beer, BBQ, and a chance to win a 2019 Harley-Davidson Softtail Street Bob motorcycle!

Cisco Sessions
SPS13: The Tectonic Shift in Security
By: Gee Rittenhouse, Jeff Reed
Monday, June 17, 2019, 3:15–4 p.m. | Potomac C
Securing today’s modern work environment is increasingly complicated. As technology shifted to lean into the digital business transformation, a new architecture built for a multicloud environment was required. Cisco will discuss the multi-domain architecture needed to securely connect every user, on every device, on every network, to every application.

TH5: Threat Research – Fighting the Good Fight
By: Joel Esler
Monday, June 17, 2019, 1:15–1:40 p.m. | Theater 1, Exhibit Showcase, Prince George’s Hall D
Exploitable vulnerabilities exist. It’s a fact of life in the modern work environment. Attackers are achieving greater ROI with every attack. The counterpunch is threat intelligence. Cisco will discuss the future of threat, the evolving threat landscape and the inescapable need for automated threat intelligence as part of your security architecture.

ETSS3: Building Zero Trust Security Solutions
By: Wendy Nather, Ash Devata
Monday, June 17, 2019, 11:30 a.m.-12 p.m. | Chesapeake 3
Call it “zero trust” or “an initial step on the road to CARTA” – we know the classic design patterns of security have to change. In this session, we’ll talk about different ways to build on the fundamentals of “zero trust,” working together with partners in stages to create better and more usable security.

ETSS15: Future of the Firewall
By: Bret Hartman, Houda Soubra
Tuesday, June 18, 2019, 10:45–11:15 a.m. | Chesapeake 5
The digital transformation underway in many organizations poses an increasing challenge to security operations. Secure your hybrid environments of edge, end point and cloud with a single orchestrator solution to: Streamline policy design and enforcement; automate administrative tasks; improve accuracy; and reduce deployment time.

ETSS17: Designing Security for the Future of Your Network
By: Meg Diaz
Tuesday, June 18, 2019, 3:30–4 p.m. | Chesapeake 2
With the explosion of cloud apps, the move to highly distributed environments (SD-WAN, anyone?), and an increase in mobile workers, the threat landscape isn’t standing still. Learn more about what your peers are experiencing, a new approach to secure roaming users/branch locations, and how Cisco is evolving security to address these challenges in innovative ways.

ETSS23: Workload Security and Visibility
By: Vaishali Ghiya
Wednesday, June 19, 2019, 10:45–11:15 a.m. | Chesapeake 3
Technologies like virtualization, SDN are rapidly rolling out new applications and services. Modern applications no longer reside just within a company’s physical data center but also deploy across a multicloud environment. Learn how to 1) protect workloads 2) deliver a zero-trust security approach with deep visibility and multi-layered segmentation.

View the full agenda here. Don’t forget to download the conference app so that you don’t miss a beat!

Follow us and join the conversation on Twitter, Facebook, LinkedIn.
See you there!

Source:: Cisco Security Notice