O.NET Notfallplan erfolgreich getestet

In der aktuellen Situation erhalten wir viele Anfragen dazu, wie wir bei Oberberg-Online einen reibungslosen Betrieb für unsere Kunden gewährleisten.

Selbstverständlich existieren in unserem Hause Notfallpläne. Unser Pandemie-Notfallplan wurde bereits einem Live-Test unterzogen und für gut befunden. Wir arbeiten mit unterschiedlichen Teams, die getrennt voneinander in der Zentrale und den mobilen Offices tätig sind. Gesicherte Zugriffe von außen und eine Einbindung aller mobilen Kollegen in die komplette Kommunikationsstruktur ermöglichen einen nahtlosen Betrieb aller Services, egal, wo wir für Sie unterwegs sind.

Das bedeutet, dass wir uns trotz der besonderen Lage im Normalbetrieb befinden und Sie alle Leistungen zuverlässig von uns erhalten.


Launching today: Security Stories podcast

By Hazel Burton Welcome to the first ever episode of Security Stories! Security Stories is a brand new podcast from the Cisco Security team in which we discuss the past, present and future of cybersecurity.

The podcast is mainly interview based, and we have some absolutely amazing people lined up to share their security stories over the coming episodes (we’ll have a new one for you every two weeks). From how they lead their teams, to how various experiences have shaped them, our guests don’t hold anything back! So if you want to get the inside track on what it takes to be a security leader today, you’ve come to the right place.

Episode 1: From the battle to the boardroom: Mick Jenkins OBE

Mick Jenkins, CISO for Brunel University London

Our guest interview today is Mick Jenkins, OBE. Mick spent many years in the military in counterterrorism and bomb disposal, he is a published author of several spy novels which touch on his military experiences, and he’s also the CISO of Brunel University London. He faced some tough challenges when he first took on that role, but with strong leadership and a very talented team, he came up with some very innovative and impactful solutions which he talks openly about during our chat.

As you’ll soon learn from the interview, Mick is an incredibly interesting person. We initially talked about his mountaineering adventures and how he got lost in Snowdonia as a teenager, and how this shaped his perceptions of risk and leadership.

On leadership:

“It’s all about providing a vision and a narrative that people can buy into. Whether I was in the military or now as a CISO, I watch leaders, and a common thread amongst the best ones is a real sense of positivity, energy, and a can do attitude: ‘This is going to happen.” But they also have an open sense of honesty, reality and empathy. For example one of the best leaders I ever saw was always honest with his team and would say “You know what guys? This is going to be painful. We’re going to have to hold on to the handle for a bit. But we will come through it, we will succeed, and we will win.” Success for me all comes down to the leadership and the teamwork. And that’s true no matter what industry you’re in.”

On building partnerships:

“I was clear that I couldn’t do it by myself. We needed two or three strategic partners or, as I call them, my critical friends. They’re the ones who sit over my shoulder and tap me from time to time and say, “Well, that can’t actually be done Mick. We need to do it this way”. I think that blend of critical friendship, strategic partnership and building a strong internal team helped me with my vision. Leaders always need to be challenged. I was always encouraged to challenge the boss, to never be afraid to do so, and to offer an option that was different to theirs. That was certainly ingrained into us as military officers and it’s something that I’ve always been careful to make sure the team can feel they can do with me. So it’s an up and down cascade of ideas because I’m high level. I’m strategic. My team are subject matter experts and they’ve been brilliant at engaging me in the conversation so that we get to our goal together.”

About the podcast
Why the title ‘Security Stories‘? Good question! There’s a story behind that…

We’re going to go back to when I was 21 (a long, long time ago…) and, fresh faced out of University, my first job as a graduate was to help establish a new campaign called ‘If we can, you can‘. It was all about encouraging more people who had an idea of a business, to be inspired to take this forward, and become an entrepreneur.

The philosophy behind ‘If we can, you can‘ is that by sharing the stories of existing entrepreneurs, you would feel part of the community. They will take a lot away from learning how others overcame challenges, what mistakes are commonly made, and how it really feels to grow a business from the ground up.

So, I got in my car and drove all around the North East of England (where I still live), with my video camera, and I sat down with hundreds of entrepreneurs. They talked to me about that ‘defining moment‘ that inspired them to bite the bullet, how they balanced risk, how they scaled and grew their idea, how they hired their first employee…and much much more.

The stories were often raw, often emotional, and always honest and open. They shared their stories with me because being an entrepreneur is no walk in the park. There are as many tough times as there are amazing times. So they wanted to share their experiences with me because those stories and insights might help someone who is going through the exact same challenges.

I started working in the Security industry about 10 years ago, and what has struck me most is how tough an industry this can be. We have one of the highest rates of burnout and fatigue, and people’s jobs are constantly on the line. However, it’s also one of the most fun and interesting industries to be part of, where innovations and new ideas can make a huge amount of difference to the world we live in.

Therefore the principle of ‘If we can, you can‘ very much applies to this podcast. If other security leaders can do it, so can you. And Security Stories is about sharing exactly how they’re doing it…

What’s in each episode?

As well as interviews, we have some regular features as well. ‘Threat of the month‘ is where we discuss a growing cyber threat and what organizations can do about it. In the first episode, we talk about Industrial IoT and this discussion is led by my co-host and Cisco security intelligence expert, Ben Nahorney.

And we also have a little bit of cybersecurity trivia for you in our ‘On this day‘ feature. This is where we talk about significant events in cybersecurity history which will guarantee that you will win any pub quiz out there, as long as it’s very niche.

And the 16th March just so happens to be a very significant date in security history, but you’ll have to listen to the podcast to find out what we’re talking about!

You can listen on Apple Podcasts, Google Podcasts, Spotify and Stitcher. Or you can listen right now!

After you’ve listened to the first episode (and hopefully you enjoyed it!) please do subscribe. We are releasing new episodes every two weeks, and our next guest will be Wendy Nather, Head of Advisory CISOs at Cisco Duo.

Just to give you a preview of that interview, I asked her what is the one thing she wishes could change in Security. Her response starts with ‘I’m going to come up something really radical, are you holding onto your seat?”

Thanks for listening, we’ll see you next time on the Security Stories podcast.

The post Launching today: Security Stories podcast appeared first on Cisco Blogs.

Source:: Cisco Security Notice

Threat Roundup for March 6 to March 13

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Mar 6 and Mar 13. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More
20200313-tru.json – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.
The post Threat Roundup for March 6 to March 13 appeared first on Cisco Blogs.

Source:: Cisco Security Notice

How to Defend Against Command-and-Control attacks: Don’t let your network turn into a Zombie

By Sana Yousuf Your network is increasingly targeted by cybercriminals. One of the most clever and damaging way they strike is through command and control attacks – a technique often executed over DNS. A command-and-control (also referred to as C&C or C2) server is an endpoint compromised and controlled by an attacker. Devices on your network can be commandeered by a cybercriminal to become a command center or a bonet (a term coined by a combination of the words “robot” and “network”) with the intention of obtaining full network control. Establishing C&C communications via a Trojan horse is an important step for them to move laterally inside your network, infecting machines with the intent to exfiltrate data.
Going After the Command-and-Control Servers
What does your new investigation workflow look like? Today we take a closer look at how a C&C server attack can gain a foothold into your network, and how Cisco can identify, detect and block this type of threat using an integrated approach to security.
Imagine a security analyst whose enterprise has invested in network traffic analysis. Let’s call him Sam. He works for large financial services organization with over 10,000 employees and more than 80,000 user accounts. It’s 6:00 PM on a Friday evening and Sam is getting ready to catch the latest Zombie apocalypse movie with his buddies. A notification pops up on his Cisco Umbrella console telling him that Umbrella has blocked malware from communicating with a C&C channel.
Sam investigates this threat using the Cisco Security
Sam is tired. He spends copious amounts of time running down rabbit holes every time his SIEM registers an alert as suspicious. He is ready for a faster, more effective way to block threats and protect his environment. He is excited to see if Cisco Umbrella, a secure internet gateway, will make his life easier. Cisco Umbrella offers both real-time threat Intelligence, as well as the capabilities to mitigate attacks across an organization in a split second. It acts as the first line of defense against internet-borne threats like C&C communications attempting to exfiltrate data. Sam knows a DNS block on the Umbrella can simply be a symptom of persistent malware on your endpoints. He investigates further.
Sam identifies the malicious domain that is the epicenter of a C&C activity using Umbrella. Umbrella automatically proxies, decrypts, and inspects all subsequent requests with AMP for Endpoint to make a determination about the threat. Sam can also choose to block newly seen domains outright on the console. Now, while Sam knows that not all newly seen domains are bad, he knows this could be part of an emerging malware campaign or associated with another threat. In this case, Sam sees that Umbrella is working and has successfully blocked the threat.
Figure1: Identify the C&C Domain in UmbrellaBut Sam is curious. He wants to know more. Sam decides to analyze the malicious code and try to identify samples in Threat Grid, Cisco’s dynamic file analysis solution that referenced this domain. Umbrella Investigate shows him samples in Threat Grid that referenced this domain. He drills down deeper.
Figure 2: Sightings in Threat Grid that referenced this domainUsing the Threat Grid console, Sam quickly realizes the file is malicious. He sees two internal targets that can be potentially compromised with this attack. If successful, this infected server could connect to another server, ready to receive commands and do the botnet owner’s bidding by compromising systems and exfiltrating your data.
Figure 3: The Aha! moment: The Malicious VerdictSam is close to the Aha moment! He drills down to understand the behavioral indicators in Threat Grid. He gets every scrap of detail about this threat artifact. And sure enough, there’s our C&C connection. Victory!
Figure 4: Discovery: There’s our C&C connection.But Sam wants more. Threat Grid also shows him the internal target that might need further analysis. It analyzes the files and suspicious behavior across his environment to deliver context-rich malware analytics and threat intelligence. Now that he is armed with insights into what the file is doing, he is ready to explore how this threat has impacted the network. Sam kick starts a threat investigation for observed internal targets in Cisco Threat Response using the Browser Plugin. The Plugin enables Sam to research any observable (e.g. Domain, IP-address, File-Hash, URL, etc.), on any HTML-based webpage, in Chrome. Interested in what Sam is doing? See how you can configure the plugin, here.
Sam now knows which systems inside our network have seen the malicious file. This information is provided by AMP for Endpoint, our cloud-delivered endpoint protection, detection and response solution, that helps you simplify this investigations with a broader context from endpoint, web, email, and network data.
Figure 5: The Pivot to Threat Response
Figure 6: Getting the Full Picture – the Relations Graph in Threat ResponseUpon investigation, Sam confirms that the malware is already correctly identified and blocked. With Cisco Threat Response, Sam can now achieve faster detections, simpler investigations, and immediate responses.
Figure 7: Malware Identified and BlockedFor all the Sam’s of the world, this analysis can be at your fingertips too. With Threat Grid, you can easily construct a query using the Orbital Advanced Search feature, a new advanced capability in Cisco AMP for Endpoints based on the behavior observed when the sample executed. This feature accelerates your hunt for threats and enables you to shrink the lifecycle of an incident– mitigating any or further damaging cost of the breach to your business.
Figure 8: Orbital Advanced Search Query in Threat GridThis Orbital query enables you to gain deeper visibility so you may discern whether this is an isolated incident in your network, or there are other devices that may have seen this in your network. Additionally, Threat Grid can shine a light on other techniques like code injection that attackers might be using based on key behavioral indicators of malware. Security teams can save time by quickly prioritizing attacks with the biggest potential impact. In our investigation, we have discovered important details about this attack, as well as the malicious, forged documents that the attackers are using.
Figure 9: Orbital Query, Figure 10: Potential Code Injection DetectedCisco Advanced Malware Protection (AMP) for Endpoints Prevents Fileless Attacks
AMP for Endpoints‘ Exploit Prevention engine prevents all variants of fileless malware without needing any prior knowledge of the attacks. There are thousands of threats attempting to embed malicious code that can take over your workflows. Sam makes sure that the Exploit Prevention engine is enabled in AMP to catch any such activity.
Sounds too good to be true. No way?
Figure 11: File is quarantinedAMP’s Exploit Prevention Engine remaps the runtime environment and its components (such as libraries and DLL entry and exit points) and places a decoy or a facade of these resources in their original locations. It then only let’s legitimate applications know their newly randomized address spaces. The end result is that legitimate processes continue to run seamlessly without experiencing any performance penalty, but anything else that attempts to execute in-memory can’t find its target, and therefore, cannot execute. Exploit Prevention’s remapping of the runtime environment effectively protects you against all variants of in-memory attacks, whether they are pre-existing or undiscovered zero-days deterministically. With that done, Sam is on his way to the movies.
Cisco’s Security Platform
Can you imagine flying an Airbus A380 without an air traffic controller? Cisco’s vision for a security platform is built from a simple idea that security solutions should act as a team, learning from each other, listening and responding as a coordinated unit. Our platform, Cisco SecureX,connects the breadth of Cisco’s integrated security portfolio and your entire security infrastructure for a consistent experience that unifies visibility, enables automation, and strengthens your security across your network, endpoints, cloud, and applications.
Try AMP for Endpoint
You could test out AMP for Endpoints and decide whether it’s right for you in under an hour. Don’t let C&C servers sit dormant in your environment and turn your computers become someone else’s malicious botnet!

Stop fileless malware attacks dead in their tracks
by test driving a free trial of AMP for Endpoint today.

The post How to Defend Against Command-and-Control attacks: Don’t let your network turn into a Zombie appeared first on Cisco Blogs.

Source:: Cisco Security Notice

Women at Cisco take on the Cyberstart Challenge – Will You?

By Michele Guel Last fall, close to a one hundred Cisco women across the globe participated in the CyberStart Challenge. Cisco is the first public company to test the platform, which involves solving a series of cybersecurity challenges with increasing levels of complexity. There are three verticals, called “Bases”), 29 levels, and 236 challenges covering a wide swath of cybersecurity from basic crypto to advanced forensic and reverse engineering! The gamified platform was originally targeted towards college students to allow them to discover their aptitude to excel in the field of cybersecurity and be inspired to pursue a career in the field. It has evolved into a well-architected, scalable platform that provides a fun and engaging way to learn cybersecurity. The game allows participants to learn on their own using the included “field manual”, collaborate with others on their team, learn through available Internet resources or just by experimenting. There are hints for each challenge; however, using the hints cost points.
At Cisco, we wanted to create an internal competition to encourage our Women in Cybersecurity community members to step out of their comfort zone and learn new areas of cybersecurity. By using CyberStart, we reasoned, they would discover that they could become more proficient in much-needed cyber skills. The internal competition involved local play in each of the major theaters (Americas, Europe, and Asia Pac) and then a “finals” round engaging the top three teams from each theater. After the competition we gave the participants an extra four weeks to complete as many additional challenges as possible. The carrot was a “challenge coin” for all who completed 70% or more of the challenges. We were very impressed to see that 29 teams or singles completed at least 72% of the challenges. A one-person team in Poland completed 96% of the challenges, and a two-person team in Raleigh NC completed ALL the challenges.
The feedback from the program was positive, and it created wider visibility about how exciting cybersecurity careers can be. Here are a few examples of the written comments from women who participated:
“Really, truly enjoyed it, something different!”
“The concept of having the goal you are moving to was motivational.”
“I love the idea to keep resolving the puzzles.”
“Different way to learn.”
“We really wanted to know the solutions!!! Sometimes we would all chat late at night trying to resolve the same challenge.”
“Python labs were really good, great for someone to start learning.”
“I did not know anything about cybersecurity, it was great way to learn new stuff and what kept me motivated was the challenge. I could not stop – sometimes even doing it late in the evening as I wanted to know the solution and find the flag.”
Many of the participants said they wished they had more time to play, and most played during non-working hours. A few dedicated women spent their holiday shutdown period mastering the challenges and having fun!
We hope to run more CyberStart competitions and increase participation each time. There are two benefits of such a program expansion: First, more and more Cisco employees will develop expanded knowledge, confidence, and hands-on mastery of cybersecurity skills that will be valuable in their work at Cisco.
Second, and potentially equally important, twenty-six states (including California and North Carolina) have encouraged teachers to use CyberStart in the schools as an enrichment activity. They see it as an excellent tool to open the door for young men and women to learn about the field, discover their aptitude, and be motivated to pursue a career in computer science, and/or cybersecurity. However, most high school teachers need a catalyst to get the program started, to overcome their concerns about not knowing enough about cybersecurity if students ask questions. The reality is that they don’t need any cybersecurity expertise; all the students need is in the game. But they do need something to get them started.
Cisco CyberStart participants could go out and help a teacher introduce the game to their students. As the number of teachers using CyberStart grows, they will substantially expand the pipeline of talent entering the field, especially young women and people of color. The CyberStart platform is a reliable gauge of the player’s curiosity, tenacity, and ability to master new technical information quickly and be able to apply it – characteristics shared by many top performers in cybersecurity – just the type of talent that Fortune 500 companies want to hire!
CyberStart was created by the SANS Institute. I have been a fan, supporter and partner with SANS for many years. We share a passion for building a pipeline of talent for the cybersecurity industry and increasing diversity in the industry at the same time. If you share the same passion, I encourage you (well, I challenge you) to learn more about the Cyberstart program and run a competition at your organization, school, or club. You can learn more about it here: https://www.sans.org/CyberStartUS.

The post Women at Cisco take on the Cyberstart Challenge – Will You? appeared first on Cisco Blogs.

Source:: Cisco Security Notice

Are You Going About the Talent Shortage Wrong? It’s Time to Stop MacGyvering

By Barry Fisher We all know the stats. The security workforce shortage is impacting two-thirds of organizations, while the gap — currently at 4 million — continues to grow. Security teams are short-staffed, to the point where a 25% say the inability to keep with the workload is a root cause of security incidents.
The conversation typically focuses on challenges like the growing demand outpacing supply. Forrester even goes as far as saying that much of the problem is “self-inflicted” — and one reason is that employers “expect to hire MacGyver but pay like McDonalds.”
We’re looking at the problem wrong.
In the words of MacGyver himself, “there always seems to be a way to fix things.” But this is the wrong fix.
Yes, the talent shortage is real. But there’s another reason why organizations have a shortage of skilled talent. Every new technology added to your security infrastructure not only adds complexity but is resource intensive, not to mention the decreased efficacy in detecting and preventing threats.
So clearly throwing bodies at the problem has not worked here. Talk about a self-inflicted cycle.
The disconnect between technology, ­people, and processes
We could always count on MacGyver to come up with an ingenious way to solve a problem. In one instance, he took out a flashlight spring to fix a compressor, while saying, “When something’s broken, the easiest thing to do is just throw it away and forget about it. But if you step back and take a look at what you’ve got, sometimes you find a totally different way of making it work.”
To apply this idea to security, it’s time to step back and take a look at what you have — not just technology but also people and processes — and find a totally different way to make them work. Together.
The appeal of the move from products to platform has flooded the industry with platform solutions that end up integrating two or more products together. These platforms that simply layer technology to deal with your most pressing security concern aren’t effectively eliminating the complexity that your teams have to deal with. Adding more technologies may seem like the most straightforward approach to reduce alert fatigue but it’s not necessarily the right solution.
You need a platform embedded into your security technologies that empowers your security teams to make decisions based on complete and actionable insights. At the end of the day, the goal needs to be simply to create a seamless, simpler, more consistent experience that allows a threat to be detected in one area of the enterprise and be blocked everywhere else – from the data center, network, and cloud, to email, the web, endpoints, and everywhere in between. We believe that you can do so by leveraging integration, automation, and analytics to ensure that your technologies are working for you.
Making NetOps and ITOps an extension of SecOps
At Cisco, our approach is to bridge technology, people, and processes. We’ve taken the time to build the mortar into your entire security infrastructure—the new security platform called Cisco SecureX. It doesn’t just connect to Cisco products; it transforms your infrastructure from a series of disjointed solutions into a fully integrated environment. This transforms your security teams from business blockers to business enablers empowered to scale and meet the needs of tomorrow.
Instead of telling our customers they need to hire more experts to manage their security solutions, we want to help them mitigate the talent shortage by uniting teams, solutions, and processes into a consistent experience.
To that end, we asked the question: How can we reduce the ITOps and NetOps reliance on SecOps, and stop the bottlenecks these teams create for each other? How can SecOps, ITOps, and NetOps collaborate with unified workflows?
Let’s say the IT help desk receives a ticket about a slow-running computer. In a typical organization, the workflow may look like this:
The technician connects remotely into the server and sees that the process is using up memory, but there’s not enough visibility to identify the root cause of the problem.
Next step is to involve SecOps and NetOps to gain more context. Since those teams don’t share context, they may not be able to pinpoint the exact issue either.
After an hour or more of troubleshooting and working with SecOps and NetOps, the ITOps‘ answer is to reimage the slow computer.
We wanted to break down these kinds of siloes that the teams work in, and at the same time make security more efficient. And Cisco SecureX does just that. At RSA 2020 this year we introduced Cisco SecureX – a new way for users to experience Cisco’s Security portfolio. Cisco SecureX streamlines our customers‘ operations with unified visibility across their security portfolio and provides out-of-box integrations, powerful security analytics, and automated workflows to speed threat detection and response.
With SecureX, this is how the workflow would look like in the same scenario:
The Security Analyst uses the SecureX dashboard — with access to a list of all users, devices, and apps — to investigate a malicious cryptomining attempt that was exploiting vulnerabilities on your endpoint and server-based applications.
After identifying the problem, the analyst uses analytics to uncover where cryptomining activity may be occurring in your organization. Armed with a holistic understanding of the threat, the analyst now proceeds to block network connections to web sites known to participate in mining cryptocurrencies and isolates the endpoint host using SecureX’s threat response application.
Once he accesses the computer remotely to confirm that the cryptomining app connection was terminated, he simply reconnects the endpoint to the network.
Cisco SecureX unifies visibility, enables automation and strengthens security.
The entire sequence takes just 10 minutes instead of an hour or more, without involving SecOps and NetOps. SecureX provides all of your security teams – SecOps, NetOps, and ITOps personalized views of the same shared context, enabling them to collaborate better than ever before. This means they can more easily harmonize your security policies and drive stronger outcomes.
How SecureX helps mitigate the skills gap
Now, I’m not saying that SecureX solves the talent shortage on a global scale. The reality is that digital transformation, coupled with the growing threat landscape, will continue to place more demand on organizations to hire additional talent.
What SecureX can do, however, is start solving that self-inflicted problem we talked about earlier — the one caused by unnecessary complexities we as an industry have created. With no disrespect to our resourceful hero, we want to stop you from MacGyvering your security with dozens of point tools — and finally close the gap between your technology, people, and processes.
Want to see for yourself how you can do that? Sign up for our SecureX Waitlist and learn more about SecureX here.
The post Are You Going About the Talent Shortage Wrong? It’s Time to Stop MacGyvering appeared first on Cisco Blogs .

Source:: Cisco Security Notice

Five ways to detect early signs of a breach using the network

By Megha Mehta While organizations would ideally like to do everything they can to block a cybersecurity attack, the reality is that internal and external threats targeting your network can find a way to infiltrate and cause a major breach. So how can you answer questions like – Have we been compromised? What did it impact? The answer is continuous network monitoring for early threat detection. Every cyber threat touches the network so being able to detect malicious activity as soon as it occurs can prevent a threat from turning into a high impact incident.
Cisco Stealthwatch provides enterprise-wide visibility, from the private network to the public cloud by collecting network telemetry. It then applies advanced security analytics in the form of behavioral modeling and machine learning to pinpoint anomalies and further reduce them to critical alerts in order to detect advanced threats in real-time. With a single, agentless solution, you get comprehensive threat monitoring, even in encrypted traffic.
In this post, I would like to provide some examples of threats Stealthwatch has been able to uncover in our customers‘ environments that enabled them to take actions to stop a breach:

Traffic to suspicious geographies – With nation-state actors increasingly targeting organizations to disrupt operations, steal trade secrets, or maintain clandestine access in the network, it is necessary to be able to detect geographically unusual access. Behavior like a US employee suddenly logging in from an country she has never connected from before, or a large amount of traffic to a suspicious country that your organization has no business in – Stealthwatch alerts on all that.

Insecure network protocols – The use of insecure protocols makes your organization vulnerable to attacks. But your network is so big, complex and ever-changing. How do you find when and where violations to your corporate security policy are occurring? With Stealthwatch, you can set up custom monitoring to alert on any communication based on applications, ports, destinations, and dozens of other characteristics. For example, Server Message Block (SMB) traffic from outside of the organization was how the WannaCry campaign was executed. Another scenario is being able to identify if the Network Time Protocol (NTP) is being exploited by attackers to route your server time queries elsewhere.

IoT/OT device compromise – The “things” connected to the network such as medical devices, factory thermal controls, video cameras, production and assembly robotics, etc. are especially at risk and attackers are increasingly exploiting them to gain access to the rest of the network. Because no form of antivirus or endpoint security can be installed on them, they must be primarily protected through network monitoring. Being able to detect unauthorized access to these devices is key. For example, Stealthwatch once found that a vending machine was being exploited by attackers to launch a DDoS attack within a school that caused their learning systems to go down. Another organization had their Internal Protocol (IP) camera surveillance systems compromised.

Restricted application access – We have seen many instances in the past year where an organization’s compute resources have been used for illicit cryptomining. In one of our previous blogs, we discussed in detail how Stealthwatch is able to detect this activity, even if it’s browser-based and not running a mining application on the user’s device. Stealthwatch has also uncovered access to Torrent websites. Accessing restricted applications, whether it’s by external actors or by unwitting/malicious insiders, violates organizational policies and increases risk of a breach.

Misconfigured cloud accounts – Stealthwatch also monitors cloud environments, using the same approach of collecting and analyzing telemetry without any probes or agents. One of the major causes of a breach within the cloud comes from misconfigured assets. Overly permissive access control lists or security groups, or a stale access key can be exploited by attackers to gain access to cloud accounts. In fact, attackers used the same approach in the recent breach of a major bank that was hosted on AWS.

These are just some of the types of incidents that a network traffic analysis (NTA)/network detection and response (NDR) solution like Stealthwatch can detect. Stealthwatch collects telemetry from all parts of the network and provides enough contextual information along with the alert to easily investigate the traffic, and then take immediate action to respond to the threat. Our customers are always amazed at the things they were missing before deploying Stealthwatch to monitor their network. To gain confidence in your security effectiveness, sign up for our free 2-week visibility assessment today!
In this post, we discussed how real-time detection of a security event can aid in effective breach defense. To learn about other ways in which Cisco can help with breach defense, go to: https://www.cisco.com/c/en/us/solutions/security/breach-readiness-response/index.html
The post Five ways to detect early signs of a breach using the network appeared first on Cisco Blogs .

Source:: Cisco Security Notice

UPDATE – Corona-Tipps für Unternehmen

In Zeiten, in denen viele Unternehmen und Mitarbeiter verunsichert sind, oder über Notfallpläne im Falle einer Quarantäne nachdenken, haben wir ein paar Corona-Tipps für Unternehmen zusammengestellt, die das dezentrale Arbeiten vereinfachen und sicher gestalten:

UPDATE 26.03.2020:

Unser Partner G DATA stellt drei kostenfreie Trainings zum Thema „Sicher arbeiten im Home-Office“ bereit. Eine Registrierung ist hier erforderlich.

Die Sorge vor einer Infektion mit dem Corona-Virus wächst und immer mehr Unternehmen lassen ihre Mitarbeiter von zu Hause arbeiten. Häufig nutzen sie dafür ihren privaten PC – ein offenes Tor für Cyberkriminelle, die es auf ihre Firmendaten abgesehen haben.

Dafür stellt G DATA kostenfreie 180-Tage-Lizenzen der G DATA Internet Security für Windows und Mac für Home-Office-User zur Verfügung. Fragen Sie uns nach Ihrer 180-Tage-Lizenz für Ihre Mitarbeiter im Home-Office.


Mit unserem Partner Fortinet ermöglichen wir sichere Verbindungen vom Home-Office in das Unternehmensnetz.

Dabei wird auf dem Notebook des Mitarbeiters der FortiClient als VPN-Software installiert und mit der zentralen FortiGate Firewall des Unternehmens verbunden. Je nach Rechtezuweisung kann der Mitarbeiter damit von zu Hause auf alle ihm erlaubten Ressourcen im Unternehmen zugreifen und somit arbeiten, als wäre er vor Ort. Für gesteigerte Sicherheit sorgt dabei die optionale 2-Faktor-Authentifizierung mittels FortiToken Mobile. Hier wird über eine App auf dem Smartphone des Mitarbeiters ein Einmal-Passwort erzeugt, dass nur für kurze Zeit gültig ist und somit ein hohes Maß an Sicherheit bietet.

Die passenden mobilen Endgeräte stellen wir mit unserem Partner Fujitsu zur Verfügung. Wie in einem aktuellen Fall gezeigt, sind wir momentan auch kurzfristig noch lieferfähig. Dabei stehen neben der Kaufoption auch Leasing, oder Hardware-as-a-Service als Optionen bereit.

Kommunikation ist jedoch im Normalfall nicht nur auf E-Mails beschränkt, sondern ein vollwertiger mobiler Arbeitsplatz umfasst auch Telefonie, Video, Instant Messaging, Präsenzinformationen u.v.m.
Hierbei unterstützen wir Sie mit unseren Partnern Cisco und Innovaphone.

Dabei ist es egal, ob Sie eine Cloud-Telefonanlage bevorzugen, oder ob Sie Ihre Mitarbeiter an die eigene Anlage im Unternehmen anbinden möchten. Wir haben die passende Lösung, damit auch Ihre mobilen Nutzer, oder Mitarbeiter im Home-Office als ganz normale Teilnehmer Ihrer Anlage auftreten – mit offizieller Firmenrufnummer und interner Durchwahl.

Wenn es darüber hinaus gehend um standortübergreifende Zusammenarbeit geht, ist Cisco Webex eine hervorragende Wahl. Durch die Präsenz in vielen Ländern der Welt ist Cisco Webex eine hervorragende Lösung zur Zusammenarbeit.


Webex kann als Plattform von den allermeisten Endgeräten aus genutzt werden, egal ob Desktop, Notebook, Tablet, oder Smartphone.

AKTUELLE AKTION: Unser Partner Cisco stellt eine zeitlich unbefristete Einzellizenz kostenfrei zur Verfügung.

Bei darüber hinausgehenden Anforderungen kann die Webex-Lösung natürlich auch um Videokonferenzsysteme, oder Smartboards erweitert werden.

Für die Notfallprävention in Sachen Corona, aber auch für ganz einfach mehr Flexibilität und zukunftsfähigeres Arbeiten, bieten wir die unterschiedlichsten Möglichkeiten für Unternehmenskunden an.

Sprechen Sie mit uns und lassen Sie uns gemeinsam das passende Konzept für Ihr Business erarbeiten.


Daniel Wenzlau
02261 9155054
Dirk Zurawski
02261 9155051
DSC_2012 klein
Frank Erlinghagen
02261 9155055

As the Number of Remote Workers Rises, Cisco Supports Customers with Expansion of Free Security Offerings

By Dr. Gee Rittenhouse Helping employees, customers and partners in a time of need is one of Cisco’s core values. Right now, COVID-19 is forcing many people around the world to work remotely. This is putting a sudden strain on both IT and security teams who are being tasked with providing support for an unprecedented number of offsite workers and their devices.
Recently, Cisco Webex expanded its free offerings to allow employees to stay connected to their teams and continue their business operations. Today, Cisco is broadening this offer to include security for remote employees by providing extended free licenses and expanded usage counts at no extra charge for three of our key security technologies that are designed to protect remote workers anywhere, anytime and on any device.
Cisco Umbrella protects users from malicious Internet destinations whether they are on or off the network. Because it is delivered from the cloud, Umbrella makes it easy to protect users everywhere in minutes. With this offer, existing customers can exceed their user limit to support an increase in remote workers, and new customers can access a free license.
Duo Security enables organizations to verify users‘ identities and establish device trust before granting access to applications. By employing a zero-trust model, it decreases the attack surface and reduces risk. With this offer, existing customers can exceed their user limit to support an increase in remote workers, and new customers can access a free license.
Cisco AnyConnect Secure Mobility Client empowers employees to work from anywhere on company laptops or personal mobile devices. It also provides the visibility and control security teams need to identify who and which devices are accessing their infrastructure. Existing AnyConnect customers can exceed their user limit to support an increase in remote workers, and new customers can access a free license. To get started, existing and new customers should talk with a Cisco representative or partner to get the requested usage counts.
These offers will be available from now until July 1, 2020. Supporting our customers and partners remains a top priority, and we hope these proactive steps help companies manage the business impact and keep employees safe during this evolving situation.
The post As the Number of Remote Workers Rises, Cisco Supports Customers with Expansion of Free Security Offerings appeared first on Cisco Blogs .

Source:: Cisco Security Notice