Cisco Identity Services Engine wins…again!

/in /von

By Paul Burdette Last week, for the fourth time in the last five years, Cisco Identity Services Engine (ISE) was recognized as the top solution in the Trust Awards category for Best NAC Solution at the 2020 SC Awards. The announcement was made on Tuesday, February 25, 2020 during the 24th annual SC Awards gala in San Francisco, presented by SC Media, a CyberRisk Alliance company.

Receiving this award during the RSA Conference, where the world goes to talk security, is a great achievement and a testament to our team, which has been pushing innovation within ISE and leading the network access control (NAC) market for almost ten years. We thank SC Media for this honor, and we see this award as further validation that Cisco ISE is the linchpin solution for zero trust in the workplace, in both IT and OT environments.
How did we do it?
Winning this award is no small feat. SC Media has been arming cybersecurity professionals with unbiased information and analysis for over thirty years. They are respected in the industry, and here at Cisco.
When asked why Cisco, and why ISE, Illena Armstrong, VP, editorial, SC Media said – “Our judges considered many strong candidates this year for the Trust Awards category, but a select few stood out, excelling in key areas such as functionality, innovation, scalability, ease of use, cost of ownership, return on investment, and customer friendliness. Cisco (and Identity Services Engine) truly emerged as a heavy hitter in a crowded field of players.”
Garnering these accolades from the market and your peers is always great. But at Cisco, when we win, our customers win, because we know we are solving their top security challenges, and that is awesome! Cisco ISE has been helping customers gain the visibility they need to enable secure access and control since 2011. This level of continual innovation only furthers the endorsement of our more than 30,000 customers around the globe.
According to Shannon Cranko, Principal Engineer with Dimension Data, Cisco ISE “is the most comprehensive and complete NAC product that exists, with the ability to scale without buying additional products and licensing.”
What makes ISE so cool?
SC Media attributed this award in part to Cisco ISE’s extensive ecosystem for automated solution integration – with technologies such as Cisco Stealthwatch as well as third-party solutions. Through our standards-based integration platform, called pxGrid, ISE adds an actionable arm of policy enforcement to passive security solutions, accelerating their value and enabling an unprecedented level of dynamic threat containment to limit the lateral movement of threats like ransomware.
According to SC Media, “Cisco ISE users can expect a positive impact on economics and an impressive return on investment.” It cites a Forrester report, which found that organizations using ISE have seen savings of about $1.9 million, and that some have achieved 120 percent ROI with a payback period of just 12 months.
Protecting the future with ISE
As with most Cisco Security solutions, ISE is highly scalable, supporting a staggering 2 million concurrent endpoint sessions. Achieving scale is critical as our customers take on IoT and are bringing more and more connected devices into both their IT and OT environments.
Also, ISE is not just enabling zero trust in the workplace with secure access and control for today’s network. As our customers migrate to embrace the ease of automation and management within Cisco’s DNA Center, ISE is the centerpiece for policy enforcement within SD-Access. So, when customers choose ISE for network visibility and segmentation, and to contain threats, they are also choosing to add future value and simplify their secure network operations. And this is why ISE is so well positioned to continue dominating the market well into the future.
For more information
The ISE age is far from over! We are looking ahead and aim to be a trusted partner for years to come, offering an integral solution from one of the world’s top security companies. More exciting announcements for ISE and Cisco Security are coming in the months ahead. Visit our Cisco ISE page for more information. We would love to give you a demo of this award-winning solution.
The post Cisco Identity Services Engine wins…again! appeared first on Cisco Blogs .

Source:: Cisco Security Notice

Threat Roundup for February 28 to March 6

/in /von

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Feb 28 and Mar 6. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More
Reference:
20200306-tru.json – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.
The post Threat Roundup for February 28 to March 6 appeared first on Cisco Blogs .

Source:: Cisco Security Notice

Enforce Endpoint Compliance and Cyber Hygiene With Duo Device Trust

/in /von

By Ganesh Umapathy Cisco’s recently released their 2020 CISO Benchmark Report that makes several key recommendations for security professionals to achieve a zero trust vision. The following are a couple of recommendations that are relevant to the discussion in this blog regarding device trust:
More than half (52%) of the respondents said that mobile devices are now very or extremely challenging to defend. Solution: Have an up-to-date asset inventory that distinguishes between managed and unmanaged devices, providing a hygienic check on them as part of an integrated IT and security function.
Forty-six percent of organizations (up from 30% in last year’s report) had a security incident caused by an unpatched vulnerability. Solution: Organizations should maintain an up-to-date inventory of all devices in their environment and perform a risk analysis for any missing patches
Enterprise IT networks have changed significantly in the last few years. Businesses are leveraging cloud and mobile technologies to enable faster digital transformation. At the same time, IT teams need to optimize for cost and productivity.
From a cybersecurity standpoint, this means enabling secure and direct access to business applications for a diverse set of users – remote workers, vendors and contractors; and their devices that typically reside outside of the control of corporate EMM (enterprise mobility management) and MDM (mobile device management) solutions.
Enforcing security policy compliance seamlessly across managed, BYOD and 3rd-party devices poses a significant challenge for the security team. In most cases, IT security teams lack the insights and an enforcement mechanism when making an access decision on endpoints, particularly among the unmanaged devices. There’s a few key checks that organizations should perform before granting access in order to attest whether a device is trustworthy:
Is the device managed?
Is the operating system (OS) version and the patch level up to date?
Is the enterprise antivirus (AV) agent installed and running?
Is disk encryption turned ON?
Does the device have a password set?
How Duo Verifies Device Trust
Duo enables organizations to verify the trustworthiness of any device – managed or unmanaged – by providing the following three key capabilities:
Complete Visibility: Visibility is important to verify and enforce device trust policies. Duo provides in-depth device visibility across all major operating systems, and helps administrators differentiate between corporate-managed devices and BYOD, based on the enrollment status in device management systems.

Duo’s extensive logging and reporting enables organizations to maintain inventory of all devices accessing corporate resources. A comprehensive dashboard helps administrators understand the overall organizational security posture, and a quick drill-down with a few clicks allows them to identify users that are using risky devices running out-of-date operating systems (OS), browsers, Flash and Java versions. And all of this data can be easily exported to popular log management and analysis tools.
Assess Device Posture: Duo makes it easy for organizations to gain just the right level of visibility needed to verify the trust of any device that requires access to corporate data. Administrators can enforce corporate security policy compliance and block non-compliant devices at the time of authentication. Duo becomes a critical enforcement point to ensure that users maintain an acceptable level of device hygiene, whether it is updating the OS patch level or enabling security features such as enterprise AV agents and disk encryption, before granting application access.

Duo’s novel approach to assessing device health posture is geared to address the diverse population of managed and unmanaged devices that access enterprise networks. Duo helps administrators ensure that their endpoint fleet is in compliance with corporate security policies and empowers end users with self-remediation, which reduces the number of IT tickets raised or calls to a support help desk.
Continuous Inspection: Organizations have limited IT resources (staff and tools), and find it tough to effectively respond to endpoint security events, especially when those devices are outside the network. By integrating Cisco AMP for endpoints with Duo, organizations can set a policy to automatically block malware-infected devices from accessing applications. Duo blocks only the device and the user can log in from any other device that is policy-compliant in order to be productive.

Learn more about Duo’s Device Trust.
Use Cases For Duo Device Trust
Use Case
Duo Feature
Implementation Option
Maintain inventory of all devices accessing protected applications
Device Insight
Agentless / Browser-based
Enforce risk-based access controls for managed and unmanaged devices (BYOD)
Device Insight

Agentless / Browser-based

Device Health App
(MacOS, Windows);
Duo Mobile App
(iOS, Android)
Application-based (offers granular control)
Protect your environment and limit access to corporate-managed devices
Trusted Endpoints
(Works with JAMF Pro, AirWatch/ Workspace ONE, MobileIron, Microsoft Intune, etc….)

Certificate-based
Three Reasons To Choose Duo
Duo offers the most comprehensive user trust and device trust capabilities in the market today that cater to a wide variety of use cases and a diverse population of workforce devices (managed and unmanaged).
Duo helps organizations to improve security in a manner that is user friendly and enables productivity. Users are empowered with self-remediation for out-of-policy devices, so security does not interrupt daily tasks.
Duo is focused on integrating across the Cisco Security portfolio so that customers can reduce their total cost of ownership (TCO) by consolidating security vendors, streamlining security operations and enabling automation.
For organizations, all this translates to reducing cyber risk and enforcing cyber hygiene. Try it for free by signing up for a 30-day trial.
The post Enforce Endpoint Compliance and Cyber Hygiene With Duo Device Trust appeared first on Cisco Blogs .

Source:: Cisco Security Notice

Starting Your Microsegmentation journey

/in /von

By Christina Hausman One of the key challenge’s businesses face is how to provide a secure infrastructure for applications without compromising agility. With the rise of cloud usage, containers, and microservices, many companies choose microsegmentation as the means to protect critical applications from compromise. Choosing a proactive approach to security to build upon their existing perimeter defenses.

Microsegmentation refers to a method of securing multi cloud data centers using granular segmentation rules for the individual workload or application, reducing the risk of an attacker moving from one compromised workload or application to another. It can be thought of as an evolution of traditional firewall style controls to support hybrid cloud, containerized environments.
This granular control means communication can be allowed between specific parts of an application and all other communications denied, commonly referred to as zero trust or whitelisting. As a result, the data center is significantly hardened as attackers cannot move from one compromised application or workload to another.
Microsegmentation sounds great in theory but real-life implementation is challenging. A successful microsegmentation project needs to begin with a thorough discovery process to map data flows on how applications, services, and systems all communicate with each other. Visibility is critical at this beginning stage of the microsegmentation journey.

Locking down application workloads without a deep, thorough understanding of exactly what communications are taking place and how data is flowing could result in failures and outages which will stall or result in the cancellation of the microsegmentation project all together.
Once a baseline or application dependency map is created with the application components, communications, and dependencies, then a business can begin the process of generating and enforcing microsegmentation policies. In todays‘ threat environment its not enough to be aware; it’s important to move to active protection through consistent policy enforcement across the multicloud infrastructure.
One challenge in the microsegmentation journey is relying on a manual process to map application flows and determine what segmentation (whitelist) policies should be put in place. Manual processes don’t scale to meet the needs of today’s business with the complexities of today’s applications and workloads.
What’s needed is an automated process for whitelist policy generation and enforcement that leverages application behavior based on workload context and machine learning to recommend microsegmentation policies based on the specifics of the environment. An automated policy that also includes insights from existing security policies based on business needs plus leverage information from 3rd party sources. Automation also shortens the length of deployment time for the microsegmentation policies. Without comprehensive visibility and automation many microsegmentation projects fail.
Microsegmentation is not a “one and done” project, but a journey. Applications, workloads, and their environment are constantly changing. Automation is important to ensure your microsegmentation policies are kept up to date as application behavior changes and to track compliance to identify deviations quickly.
Microsegmentation is an important step for businesses to protect their applications. For more information on successful microsegmentation with Cisco Tetration, please watch:

The post Starting Your Microsegmentation journey appeared first on Cisco Blogs .

Source:: Cisco Security Notice

Bisonal: 10 years of play

/in /von

By Talos Group Bisonal is a remote access trojan (RAT) that’s part of the Tonto Team arsenal. The peculiarity of the RAT is that it’s been in use for more than 10 years — this is an uncommon and long period for malware. Over the years, it has evolved and adapted mechanisms to avoid detection while keeping the core of its RAT the same. We identified specific functions here for more than six years.
This is an extremely experienced group likely to keep their activities even after exposure, even if we identified mistakes and bad copy/paste, they are doing this job for more than 10 years. We think that exposing this malware, explaining the behavior and the campaigns where Bisonal was used is important to protect the potential future targets. The targets to this point are located in the public and private sectors with a focus on Russia, Japan and South Korea. We recommend the entities located in this area to prepare for this malware and actor and implement detections based on the technical details provided in this article.
More >>
The post Bisonal: 10 years of play appeared first on Cisco Blogs .

Source:: Cisco Security Notice

Security’s Vicious Cycle

/in /von

By Barry Fisher Security Reimagined — Solving an Old Problem with a New Approach
A decade ago this January, Steve Jobs challenged the conventional wisdom about tablets, unveiling the iPad with the words, “What this device has done is extraordinary.” Coming on the heels of iPhone’s smashing success three years earlier, the tablet, however, wasn’t a new idea.
Others had tried and failed, including Apple (remember Newton, Apple’s take on personal digital assistants?). Tablets, in fact, had been discredited as a computing category.
But with the iPad, Apple reimagined the tablet. And it was just getting started. As its ecosystem expanded with more devices, Apple has since redefined our experience as consumers. We expect a consistent, simplified way of interacting with our technology and consuming content, and we expect everything to work together and provide even more value as a group.
Security today is ripe for having its “iPad moment.” We need to challenge conventional wisdom — that every new threat vector requires a new solution. That you have to keep adding new tools and methodologies — and consequently, more people — in order to protect across users, devices, apps, and networks.
It’s time to reimagine security.
At Cisco, we’ve been doing that with SecureX, an open, integrated platform approach that simplifies our customers‘ experience, enables automation, helps them accelerate their business, and protects their future. Like Apple did with iPad, we want to redefine the user experience. And that’s just for starters.
Security platforms, of course, are not a new idea either. While other security vendors have been here before — that is, have tried to solve problems with a platform approach — much like Newton, those platforms have fallen short.
What we’re doing differently is:
Redefining how you experience your security environment.
Improving outcomes by accelerating investigations and remediation.
Addressing the complexity by integrating your security for you.
Here’s how we’re doing that, at a high level.
Redefining the user experience
At its core, SecureX enables all your security solutions to work together harmoniously while uniting both products and users into a consistent experience.
It’s not unlike using Apple’s ecosystem. When you own multiple Apple devices, you can seamlessly move between them as you consume content. And while Apple has its own apps, you can still use others, if you prefer — say, Google Maps or Microsoft Outlook.
Just like Apple’s devices work seamlessly together, an integrated, streamlined platform enables your security solutions to work as a team and share context — while users can move seamlessly from one app or interface to the next. No more swiveling chairs, conflicting alerts, or inconsistent policy management.
And just like Apple devices provide more value as a group, the more natively integrated platform solutions you use in SecureX, the more value you derive. At the same time, you can bring your own “apps” — use the security solutions you already have. We don’t expect to be your only security vendor, and interoperability is our goal.
Accelerating threat investigation and remediation
When your SecOps receives an alert about command-and-control attempts, how long does it take an analyst to investigate? Chances are, it’s more than half a day’s work. Here’s the reality:
A typical SecOps team uses a sprawling number of siloed security solutions — which means multiple consoles, separate controls, conflicting information, and manual processes. That’s why 66% of IT and security professionals surveyed by the Enterprise Strategy Group say threat detection and response is challenging due to multiple independent point tools.
Limited visibility and context are a challenge in this heterogeneous environment. In our scenario, it means the analyst has to reach out to ITOps and email teams to search for the suspicious file. In the meantime, the users‘ personal or corporate assets are staying exposed, putting them at risk.
With SecureX, the analyst’s response and remediation time would be cut by more than 50%. The analyst could immediately isolate the endpoint as a precaution; use the unified security dashboard to see a list of all users, devices, and applications; and quickly determine that the root cause is an executable file making phishing and authentication attempts.
The analyst would additionally see what other users were targeted and block the file across all threat vectors without engaging additional teams. And once the initial endpoint is back to its normal state, it can be reconnected to the network with one click.
Addressing the complexity of your environment
Today, having a collection of best-of-breed point solutions is unavoidable. You’ve invested in these tools through the years. Integration is how you can leverage these investments to improve outcomes — but therein lies the rub. As one CISO told us, “I don’t want to be in the business of integration. I want to be in the business of security.”
Your teams are already overworked. You’re constantly fighting for talent. Doing complicated and resource-intensive integrations is just another burden.
And that is where Cisco comes in. SecureX is built around the idea that not only do your solutions need to work together, but you should be able to take advantage of the investments you have today and will make tomorrow.
If you want to use mobile device management from Palo Alto and a SIEM from Splunk along with Cisco AMP for Endpoints and Umbrella, you can do that and still leverage SecureX. Certainly, the more natively integrated Cisco Security solutions you use, the better your SecureX experience — but you can derive value from SecureX even with one Cisco product. SecureX comes with every Cisco Security product.
Stay ahead of the curve
While it will take some time for us to implement all the bold ideas we have for SecureX, you can stay ahead of the curve by signing up for the SecureX waitlist. We’ll notify you when we reopen our beta program for new users, as well as send you news and updates about our integrated portfolio.
The post Security’s Vicious Cycle appeared first on Cisco Blogs.

Source:: Cisco Security Notice

Are you leaving your most valued assets up for grabs?

/in /von

By Radhika Mitra It’s no secret that companies that are investing in applications are rising competitively and having greater customer reach. However, applications have become the number one target for breaches and attacks. Let’s face it, modern applications are hard to protect, and vulnerabilities seem to be out of sight or too obscure for us to take any action. Securing applications can seem like a daunting task, but it doesn’t have to be.
In order to provide proper protections for applications, it’s important to understand their unique nature. The key characteristics that make up modern applications are:

They run everywhere

They are changing constantly

They have Unique Dependencies
These attributes help us better understand that traditional security approaches are not aligned to the dynamic nature of applications and the environments that support running them. For security engineers, it’s nearly an out of body experience to think about security beyond the infrastructure or network. However, should it really matter what equipment is running in the infrastructure if our goal is to secure our most valuable assets—applications?
The answer is no if you hadn’t already guessed. To address the daunting task of securing applications, we need to start thinking beyond the infrastructure and focus on getting security protections closer to the applications no matter where they run. Along with security being agnostic in nature to the infrastructure, it must also meet the timely demands of developers and operational engineers who are held accountable for driving new technology and innovations while remaining in compliance with regulatory or industry specific mandates. And we need to do this now because applications are the essence of today’s digital businesses.
A fundamental first step, as well as a best practice to implement when securing applications, is taking advantage of micro-segmentation. Micro-segmentation can save your application and workloads from sophisticated attacks by containing the lateral movement of threats through security policies and thereby proactively reducing the attack surface.

At Cisco, we have a rich history as a leader in the cyber security market and a key partner to our customers, help organizations – both big and small all over the world – secure their networks and workloads. Now we are empowering customers to deliver application-focused security at the speed of their digital business.
But where can you start? Which applications running in your environment do you need to start segmenting? How can you actively identify all application connections or dependencies to know where any logical boundaries exist? What tools do you now need to install to enforce all this segmentation? Why did you take the red pill and stay in Wonderland to see how deep this rabbit-hole goes?
Fortunately Cisco Tetration was built to help. Tetration brings security for applications to a new height by understanding your Wonderland universe of applications while automating the generation of policies to help segment applications based on their behavior. Segmenting is not the only attribute of Tetration, it also uses advanced security analytics to give you complete visibility into software vulnerability as well as the security posture of your company over time. Historically having this deep visibility has been a challenge for most companies, gaining insight into your applications can give you foresight to make intelligent IT decisions faster. You can see it for yourself by trying our demo now of Cisco Tetration.

The post Are you leaving your most valued assets up for grabs? appeared first on Cisco Blogs.

Source:: Cisco Security Notice

Lieferengpässe für IP-Telefone

/in , /von

Unser Herstellerpartner innovaphone informiert aktuell darüber, dass es bei IP-Telefonen folgender Baureihen zu Lieferengpässen kommt:

Unsere Telefone und Gateways werden zwar in Deutschland produziert, jedoch werden viele Bauteile hierfür aus Asien bezogen. Daher hat die dortige Situation in Verbindung mit dem Corona-Virus und die damit einhergehenden Folgen für chinesische Lieferanten auch Auswirkungen auf die Lieferfähigkeit einiger unserer Telefone.

  • IP112
  • IP222 (schwarz)
  • IP232 (schwarz)
  • IP241

Diese Geräte stehen in begrenzter Zahl als Lagerware noch zur Verfügung. Bitte disponieren Sie Ihren Bedarf entsprechend.

Bitte beachten Sie, dass wir Ihnen derzeit keine zuverlässigen Informationen darüber geben können, wann die fehlenden Bauteile bei unseren Herstellern eintreffen werden. Wir bemühen uns selbstverständlich nach besten Kräften um eine schnelle Beschaffung und möchten uns für die eventuell entstehenden Unannehmlichkeiten bereits vorab entschuldigen.

Threat Roundup for February 21 to February 28

/in /von

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Feb 21 and Feb 28. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More
Reference:
TRU02282020 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.
The post Threat Roundup for February 21 to February 28 appeared first on Cisco Blogs.

Source:: Cisco Security Notice