Archiv für die Kategorie: News

By Steve Martino As a CISO, where do you see your organization going this year? Perhaps some 20/20 vision could help?
If you can forgive the pun, I’m delighted to announce Cisco’s 2020 CISO Benchmark Report. This year we have combined our current standing in the Gregorian calendar with the notion of perfect eyesight. The end result is 20 recommendations for 2020, which can help security leaders achieve the vision they want for their organization.
We know that life can be tough for a CISO. It’s a role that is arguably right up there with the CEO in terms of responsibility and accountability, and the demands are eternally shifting. There are no defined boundaries as to what a CISO needs to address, from security operations, risk management to compliance mandates and beyond.
Security is boundless. It permeates everything in the organization. That is why – as a CISO – not only are you the person whose job is on the line for every data breach, you also need to be able to influence several departments in addition to the C-suite and board of directors.
And, of course, CISOs are also able to set a strategy that ensures cybersecurity can be a business enabler, and even a business winner. We’ve seen examples of a strong security posture deliver dividends when it comes to due diligence in the sales process.
The most successful CISOs try to knock down siloes to achieve effective protection everywhere. That means thinking big picture on security strategy, while talking in bits and bytes to your technology teams, and talking in debits and credits to your board members.
About the report
To help you achieve your 2020 vision, our annual CISO Benchmark Report contains contextually useful information for any security leader today. From how to influence the board and what reporting metrics are useful for them, to what causes downtime, and how to deal with complexity.
To compile this report, we surveyed 2800 security leaders globally to inform us about what they experienced in the previous year in their roles. Then we interviewed current and former CISOs to augment the data with expertise and opinion on leading practices. We posed questions such as:
What considerations drive security budgets and spending?
How do you balance spending on trust verification and threat detection?
How much downtime did you experience?
What types of threats has your organization faced?
For a detailed overview on these questions and more, be sure to download the CISO Benchmark Report today.
Here are some of the highlights:
Security leaders who had established clear security outcome objectives or metrics were less likely to experience cyber fatigue. It seems that clear metrics help you sleep better at night.
Brand reputation has climbed over the years as an area of the business affected by a security breach – brand reputation is now the second-most impacted business area after operations.
Voluntary breach disclosure is at an all-time high.
Those who were very/extremely collaborative between security and networking, or endpoint management and security groups, showed significantly lower breach costs.
Forty six percent of organizations (up from 30 percent in last year’s report) had an incident caused by an unpatched vulnerability.
Malware and malicious spam come in as the first- and second-most commonly cited causes of breach. Ransomware is responsible for causing the most destructive amount of downtime (more than 17 hours) and also doesn’t discriminate – this is the case for both small-to-medium businesses and large enterprises.
We’ve also provided key insights throughout the report from CISOs and security leaders, such as this one from Mick Jenkins, CISO for Brunel University London on the CISO’s role with executive leadership and the board:
“Every organization is different in terms of the executive makeup and there are many different styles
of executive leadership. The role of a CISO is to break through into that, have conversations, and engage
with the business by demonstrating that well-designed security will give value back to the business.”
Also new this year are key topics to ask about as you prepare to raise your organization’s security posture. If these questions resonate with you, or provoke additional areas of inquiry, we’d love to hear from you at 2020security@cisco.external.com.

We welcome you to download the 2020 CISO Benchmark Report today

The post A 20/20 Vision for Cybersecurity appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Dr. Gee Rittenhouse When we look at the world today, it has been revolutionized by the cloud, and it has disrupted the way business is done. Companies can now connect any user on any device to any network or application. But from a security perspective this has greatly expanded the attack surface. This represents an opportunity to fundamentally change the way we think about security. That is the journey that Cisco Security has been on.
Until now, security has largely been piecemeal with companies introducing new point products into their environments to address every new threat category that arises. As a result, security teams that are already stretched thin have found themselves managing massive security infrastructures and pivoting between dozens of products that don’t work together and generate thousands of often conflicting alerts. In the absence of automation and staff, half of all legitimate alerts are not remediated (Cisco’s 2020 CISO Benchmark Study). So, complexity becomes an overwhelming proposition that can hinder business and become a threat in and of itself.
Our vision is to enable the world to reach its full potential, securely. To accomplish this requires the radical simplification of security where it is a business enabler that creates a secure experience, so businesses can fully embrace the digital transformation.
For our part, we have invested more than $6 billion over five years to create the broadest security portfolio in the industry that spans network, endpoint, cloud and applications. Our strategy has been to take this portfolio and integrate the backend with our market-leading threat intelligence from Cisco Talos to deliver a see it once, enforce it everywhere architecture. We achieve this by analyzing diverse datasets across the portfolio, which amounts to almost 50 billion Web requests, 200 billion DNS requests and two trillion email artifacts every day. With Cisco size and scale, we can provide the highest efficacy possible and block more threats.
But in order for security to be truly simple, customers need to be able to have a radically different experience on the frontend of the portfolio where they are doing their daily work and making critical decisions. So, over the last year we evolved from an integrated architecture to a security platform to give customers the industry’s best protection and a simple user experience. This first presented itself with Cisco Threat Response (CTR), which automates integrations across Cisco Security products to accelerate detection, investigation and remediation. With that product, 83 percent of customers surveyed said the time spent on investigations was reduced by 25 percent or more (Tech Validate Survey, October 2019).
Building on that success, we have continued to rethink what is possible. And today, we are excited to unveil Cisco SecureX, a cloud-native platform that completely changes the user experience. Connecting the breadth of our integrated security portfolio and customers‘ security infrastructure, it provides a consistent experience that unifies visibility; enables automation; simplifies analytics; and strengthens security across network, endpoint, cloud and applications.
Cisco SecureX provides real business value by allowing customers to:
Confidently secure every business endeavor with the broadest, most integrated security platform that covers every threat vector and access point.
Unify visibility across their entire security portfolio with actionable insights across network, endpoint, cloud and applications to accelerate threat response and realize desired outcomes.
Automate critical security workflows by increasing the efficiency and precision of existing resources to advance security maturity and stay ahead of an ever-changing threat landscape.
Collaborate better than ever with shared context between SecOps, ITOps and NetOps to harmonize security policies and drive stronger outcomes across workflows.
Reduce complexity and maximize portfolio benefits by allowing them to try other components of the Cisco portfolio with click before you buy as well as connect to their existing security infrastructure via out-of-the-box interoperability.
Read Jeff Reed’s blog post for more insight into the industry-leading technology behind the platform and what you can expect from SecureX.

We are excited to bring this innovation to customers, but this is only the beginning. This framework is extensible, and we will continue to add functionality so that our customers can confidently secure every business endeavor with an open, integrated platform to meet the security needs of today and tomorrow.
SecureX will be generally available in June. Sign up to stay updated on the latest about SecureX, and visit us this week at the RSA Conference in San Francisco.

The post The Future of Cisco Security: Protecting What’s Now and What’s Next appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Talos Group By Asheer Malhotra.
Cisco Talos has observed a malware campaign that utilizes malicious Microsoft Office documents (maldocs) to spread a remote access trojan (RAT) we’re calling “ObliqueRAT.”
These maldocs use malicious macros to deliver the second stage RAT payload.
This campaign appears to target organizations in Southeast Asia.
Network based detection, although important, should be combined with endpoint protections to combat this threat and provide multiple layers of security.

What’s New?
Cisco Talos has recently discovered a new campaign distributing a malicious remote access trojan (RAT) family we’re calling “ObliqueRAT.” Cisco Talos also discovered a link between ObliqueRAT and another campaign from December 2019 distributing CrimsonRAT sharing similar maldocs and macros. CrimsonRAT has been known to target diplomatic and government organizations in Southeast Asia.
Read More>>
The post ObliqueRAT: New RAT hits victims‘ endpoints via malicious documents appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Cindy Valladares As part of the activities surrounding Cisco Live Barcelona, we held a very special event specifically tailored for our CISO customers: Cisco CISO Day. It was a full day of exploring topics curated for this executive audience, and an opportunity for them to connect with peers in the security industry. We had engaging discussions around a variety of topics, including: Zero Trust, DevSecOps, cross-domain security, key factors for security success, and more. Below are a few highlights and key insights from the day.
Leadership Through Influence
Perhaps my favorite presentation of the day was by one of our customers, Michael Jenkins, MBE CISO of His experience in both military and academia is intriguing, and has allowed him to ascertain that the best way to lead is through influence. Some tips that he recommended for building strong relationships to support your security goals include:
Take your colleagues out for coffee; share your strategy and obtain their feedback
Select a few vendors and treat them as strategic partners – like friends who have your back
Get buy-in for a common goal and do not be afraid to tell people when things go wrongKey insights from CISOs during Cisco Live Europe teach us how to lead with influence, connect security to the business, address skill shortage and protect industrial IoT environments. Read more
Educate and help – we’re not here to shame or punish
Get plugged into the larger community within your industry and work with law enforcement to help combat threats
Encourage everyone to care about security and privacy – offer security clinics, show the SOC in action, etc.
Connecting Security to the Business
Many of the executives at our CISO Day are still finding it hard to be a part of board conversations surrounding security. Some focus on how their teams can create a competitive advantage and increase revenue, while others spend more time struggling with obtaining the appropriate budget needed for their efforts. If this is a topic of interest to you, be on the lookout for the upcoming Cisco CISO Benchmark Survey, in which we discuss leadership support, metrics that matter, and security on a limited budget. (Register here to be alerted when it comes out.)
The Human Factor
A common challenge that continues to plague CISOs is the lack of a trained and skilled security workforce. Several organizations have talent retention and training programs for their employees, yet even with these incentives, they’re finding it difficult to keep up with their needs. Some are working with local universities to provide opportunities to young professionals. What are you doing to address this issue? (You can read more about it here.)
Industrial IoT Security
Although not all organizations need to protect operational technology, this is a topic that drove several conversations from CISOs in a variety of industries like manufacturing, utilities, telecommunications, and others. Securing these industrial IoT environments is more complex than protecting your typical IT shop, and the need for availability and reliability supersedes the traditional confidentiality and integrity in the CIA triad.
For More Information
It’s always a fantastic day when you get the opportunity to learn from your customers and share challenges and opportunities. If you’re interested in learning more about these topics and would like to receive a copy of the presentations from our CISO Day or see a summary of the main topics we’ve discussed, take a look here.
The post The Voice of the CISO Customers – CISO Day in Europe appeared first on Cisco Blogs.

Source:: Cisco Security Notice

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Feb 7 and Feb 14. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More
Reference:
TRU02142020 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.
The post Threat Roundup for February 7 to February 14 appeared first on Cisco Blogs.

Source:: Cisco Security Notice