Driving Efficiency and Productivity with Cisco Defense Orchestrator

By Don Meyer Network security professionals today clearly understand that there is no longer just one perimeter surrounding the enterprise. Rather, security and network management now extend across multiple, overlapping perimeters, each of which usually has its own firewall and related network equipment.
For security teams and network admins, this translates into the need to oversee and coordinate policy on a potentially large number of separate devices. Cisco Defense Orchestratoris a cloud-based application that enables admins to consistently manage and harmonize policies across a variety of Cisco security products as well as cloud-native tools such as AWS Security Groups.
Users of Cisco Defense Orchestrator shared their experiences with the product on IT Central Station. Their reviews reveal a solution that is appreciated for its simplicity and efficiency. Users also noted that Cisco Defense Orchestrator makes their teams more productive, particularly when managing policies across Cisco ASA, FTD and Meraki MX devices.
The Simplicity of Cisco Defense Orchestrator
Cisco Defense Orchestrator is known for enabling streamlined security policy management across an extended network. As Jairo M., Network and Security Specialist at a small tech services company, explained, “The initial setup was really straightforward. If the person setting this up has knowledge of firewalls and switches, it’s pretty simple. It took about two hours for us to deploy.”
Todd E., CTO at a small tech services company, similarly noted, “In terms of visibility and getting everybody involved, it was simple, scalable, and saved them tons of time, which in turn saved them money. Its effect on firewall builds and daily management of firewalls is that it’s super-simple on new deployments.”
Efficiency in Centralization
IT Central Station members remarked that Cisco Defense Orchestrator has made their teams more efficient. According to Mohamed N., an I.T. Manager at a consumer goods company with over 5,000 employees, “This efficient, time-saving, centralized device manager is easy to deploy and requires minimal administrative IT resources.” Todd E. spoke to this point as well, noting, “The simplicity, efficiency, and effectiveness of it are valuable. It’s efficient, simple, and there’s the visibility on the security side. Deployment is fast. As a security person, I love the visibility and the ease of use when doing my upgrades.”
Team Productivity and Support for ASA, FTD and Meraki MX
Network managers and security teams want to manage security policies across multiple Cisco products, including ASA, FTD and Meraki MX devices. The outcome is consistent security across the network. Isiac S., Network Administrator at a manufacturing company with over 200 employees, praised Cisco Defense Orchestrator in this context. He said, “Its support for ASA, FTD, and Meraki MX helps maintain consistent security.”
Todd E. addressed the team productivity aspects of this capability. He said, “When it comes to making bulk changes across common tasks, like policy management and image upgrades, one of the biggest complaints that I had from a lot of network engineers, was that everything was GUI, that Cisco had gone to GUI. But they can do bulk changes on the CLI. That was a big win for them, being able to do that across all the ASAs without having to log into every single ASA and make changes. They can do a lot of bulk changes on the fly. It’s a huge time-saver.”
Other notable comments on this issue included:
“Its support for ASA, FTD, and Meraki MX devices could potentially free up staff to do other work, although I have not tried the FTD or the MX.” – Andreas F., Systems Engineer at a tech services company
“The biggest part of ROI is the improvement to the operations. Our clients with CDO are having fewer issues. Things are just not going down. People are more productive.” – Todd E.
“The solution has made our security team more productive because it allows us to have more people do the same kind of work, and they take less time doing it. It catches what could have been mistakes on our part.” – A Systems Architect at a university with over 1,000 employees
“The solution’s support for ASA, FTD, and Meraki MX devices helps free up staff time for other work.” – Jairo M.
“Defense Orchestrator has made my network team more productive, since it’s the network team which manages it.” – Richard B., Network and Data Centre Platform Manager at a manufacturing company with over 1,000 employees
“Now, with one simple click, we select the devices and set it to update on a given day, and save different configurations. It’s pretty simple and a great feature for us. Whenever we have found any problems in the devices and we want to create a new policy that applies to ten or 20 companies, we select the devices and we send the same commands to all those devices at once.” – Jairo M.
To read more Cisco Defense Orchestrator reviews, visit IT Central Station.
The post Driving Efficiency and Productivity with Cisco Defense Orchestrator appeared first on Cisco Blogs.

Source:: Cisco Security Notice

/von

Threat Roundup for November 29 to December 6

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Nov 29 and Dec 6. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.
As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.
Read More
Reference:
TRU12062019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.
The post Threat Roundup for November 29 to December 6 appeared first on Cisco Blogs.

Source:: Cisco Security Notice

/von

The Advantages of Next-Generation Firewalls (NGFWs)

By Don Meyer Network managers and security teams are facing a double-edged challenge: networks are growing far more complex and expanding across multiple perimeters just as threat vectors become increasingly difficult to detect and threats grow more sophisticated. The Next-Generation Firewall (NGFW) offers a solution. According to Cisco ASA reviews and Cisco Firepower NGFW reviews on IT Central Station, they enable greater visibility into the network and applications while improving threat mitigation.
Visibility into Traffic and the Application Layer
“Before Firepower, we didn’t have any visibility about what attack was happening or what’s going on from the inside to outside or the outside to inside,” explained Ali A., a Technical Manager who uses Cisco Firepower NGFW at a comms service provider with more than 1,000 employees. He added, “After Firepower and the reporting that Firepower generates, I can see what’s going on: which user visits the malicious website, or which user uploaded or downloaded malicious code, and what the name of the code is and from which country. This is very useful and helpful for me to detect what’s going on. It enables me to solve any problem.”
Burak Y., an IT System Administrator who uses Cisco ASA at a transportation company, is dealing with a dynamic IT landscape which requires, in his view, “Security policy, controls, and visibility to be better than ever.” Mohammad R., a Security Officer at a government agency, praised ASA because it “gives us visibility into potential outbreaks as well as malicious users trying to access the site.” Iz, an Assistant Manager (Infrastructure) who uses Cisco Firepower at a small business, commented, “It has improved the security posture and visibility of our traffic.”
Visibility into applications is a critical need for network and security managers. Applications are frequent targets of malicious actors because they present an effective way to gain unauthorized access to data. Hackers also like to disrupt organizations by crippling their apps. To prevent these potentialities, Cisco NGFWs must “support application visibility,” noted a Senior Data Scientist who uses Firepower at a tech services company. He praised Firepower because it can support “application visibility and control.”
Eduardo V., an IT Infrastructure Specialist who uses Cisco Firepower at a transportation company, further addressed this need by saying, “It provides us with application visibility and control. We can see, on the dashboard, all the applications that are most used and which are under some sort of risk or vulnerability.” This matters because, “It helps a lot when we need to check some situation or issue that could be related to any attack or any violation. We can see that there are one or two or three applications that are the top-consuming applications. We can use this information to analyze if there is a deviation or if it’s something that we need to consider as normal behavior and increase the bandwidth on the site.”
Policy Management
IT Central Station members describe the importance of policy management in their selection and use of an NGFW. In this regard, according to David S., owner of a small tech company, “Cisco has better application granularity, a more flexible means of policy creation, and easier to use controls and more powerful reports than its predecessors.” Tony P., a Business Development Executive who uses Cisco ASA, further noted, “The firewall and policy side are easy to use.” A Network & Security Administrator at a financial services firm uses Cisco ASA to enforce security policy.
For Joel S., a Senior Network Engineer who uses Cisco ASA at a retailer with more than 1,000 employees, “Policy rulesets are key. The majority of what I do is create rules and work with the customers to make sure that things are getting in and out of the environment. Eduardo V. shared, “It’s not just the visibility of things, but the management of application behavior is very important. If I see that, for example, Facebook is consuming too much bandwidth, I can make a policy on the console here and deploy it to our remote offices. So the application visibility feature is one of the key parts of the solution.”
Threat Detection and Mitigation
Security managers rely on NGFWs to be their first line of defense against incoming threats and malicious exfiltration of data. As Paul C., a Security Architect who uses Cisco Firepower at a comms service provider with over 10,000 employees, noted, “FTD’s ability to provide visibility into threats is very good, if the traffic is clear.” He added, “You can stop new threats very quickly because you can get the threat intelligence deployed to all your IPSs in less than two hours. Cisco works closely with Talos and anything that Talos finds is provided in the threat intelligence of the FTDs if you have the license.”
To this point, a Regional Manager of Pre Sales at a tech services company was pleased that Cisco ASA “helps us to identify key, persistent threats so we can set policies accordingly.” An IT Manager who uses Cisco ASA with FirePOWER at a construction company spoke to this issue as well, saying he valued it for Intrusion protection. He said, “We were able to determine when we are being attacked. We needed a way to monitor threat protection and not cause latency. The product has the ability to be a consumer of threat intelligence, and be a contributor showing the maturity in threat protection posture.”
To read more Cisco NGFW reviews from real, unbiased users, visit IT Central Station.
The post The Advantages of Next-Generation Firewalls (NGFWs) appeared first on Cisco Blogs.

Source:: Cisco Security Notice

/von

Fighting Cybercrime and Creating Jobs for Latin America

By Jordi Botifoll The digitization of the world has come a long way since 2016, when I wrote about how Cisco offers cybersecurity scholarships to increase the number of skilled cybersecurity specialists. And today, cybersecurity is more important than ever.
Our increasingly digital world is more and more vulnerable to cyberattacks. According to an article in Cybercrime Magazine, by 2021, cybercrime will cost $6 trillion every year in lost revenue, customers, opportunities, and out-of-pocket costs. That number is double what it was when I wrote that blog just three years ago.
Governments all over the world acknowledge that they cannot fight cybercrime alone — they need help from the private sector. Cisco and the Organization of American States (OAS) are dedicated to aiding in the efforts to close this gap. Recently, Cisco and the OAS launched a joint effort to create Cybersecurity Innovation Councils in the Latin American region.
This initiative will unite leaders and experts from the private and public sectors, NGOs, academia, and security technology vendors to work together to mitigate the risks of a digital world and democratize cybersecurity. Most importantly, Cisco and OAS will work together to leverage the benefits of digitization where it can have the most impact in Latin America.
Latin American countries are particularly vulnerable to cybercrime because there has historically been a disconnect between public and private industries, and there are few coordinated defense mechanisms to fight cybercrime. Public awareness about cybercrime is also low in Latin America, where, according to the Inter-American Development Bank, the annual cost of cybercrime is approximately $90 billion USD. By comparison, a 2018 report from the U.S. Council of Economic Advisers estimated that malicious cyberactivity cost the United States between $57 billion and $109 billion in 2016.
According to the WEF Report, Regional Risks for Doing Business 2019, “Failure of critical infrastructure” and “Data fraud or theft” are listed as the #5 and #9 risks that Latin America faces as a region. As countries across the region digitally transform, achieving their national priorities will depend on cybersecurity.
To effectively fight cybercrime, we need more cybersecurity experts. Many more. Every industry is experiencing an unprecedented demand for cybersecurity knowledge and skills. Fulfilling their mission to maintain digital safety and security, Cisco is preparing the workforce that will defend and protect our digital economy.
To accomplish that goal, Cisco and the OAS are leveraging the Cisco Networking Academy in Latin America to promote educational resources that can help close the professional skills gap in cybersecurity.
As part of our commitment to social responsibility, the Cisco Networking Academy offers a comprehensive range of cybersecurity courses, some of which are offered at no cost to educational institutions around the world. These cybersecurity courses provide four complete learning pathways for students, taking them from an entry-level understanding of online safety all the way to preparing them for a career in this thriving industry.
Practical, real-world learning experiences from qualified instructors increase the employability of students who wish to enter the digital workforce.
Further to this point, I recently participated in a Spanish-speaking interview on this topic at Cisco Live! in Cancun, Mexico with Cisco experts on Cybersecurity and the Networking Academy.
Working together, we can fight cybercrime. We can build a bridge between the Latin America cybersecurity challenges and a Latin American empowered digital society. Together, we can create a safer digital space for all Latin Americans.
The post Fighting Cybercrime and Creating Jobs for Latin America appeared first on Cisco Blogs.

Source:: Cisco Security Notice

/von

Configuring Cisco Security with Amazon VPC Ingress Routing

By Anubhav Swami Today, Amazon Web Services (AWS) announced a new capability in Virtual Private Cloud (VPC) networking that is designed to make it easier and more efficient for Cisco Security customers to deploy advanced security controls in the cloud. This new capability is called Amazon VPC Ingress Routing. It allows users to specify routes for traffic flowing between a VPC and the internet or from a VPN connection, such as a private datacenter.
Amazon VPC Ingress Routing is a service that helps customers simplify the integration of network and security appliances within their network topology. With Amazon VPC Ingress Routing, customers can define routing rules at the Internet Gateway (IGW) and Virtual Private Gateway (VGW) to redirect ingress traffic to third-party appliances, before it reaches the final destination. This makes it easier for customers to deploy production-grade applications with the networking and security services they require within their Amazon VPC.
While the remainder of this post focuses on Cisco’s NGFWv and ASAv products, this capability can also be used to deploy a number of other network-based security solutions into the AWS traffic path. This includes services such as the following:
Firewall policy enforcement
Network traffic visibility
Malware detection
URL filtering
Intrusion Prevention
DNS security
This is a big win for Cisco customers deploying our security products in AWS, and we are pleased to have been an early adopter and Integration Partner with AWS on this launch.
How to Use Amazon VPC Ingress Routing with Cisco Firewalls
The configuration is achieved by creating a custom route table and associating subnet routes with the private Elastic Network Interface (ENI) of the security appliance, and then associating the public ENI with an IGW and VGW. A single firewall instance can protect multiple subnets; however, a separate instance is needed per VPC. Below are some details on the testing we performed as well as sample use cases and configuration guidance.
Use Cases / Deployment Scenarios
Cisco NGFWv/ASAv can be deployed in a VPC to protect the following traffic flows:
Traffic Traversing an Internet Gateway (IGW) To/From the Internet
Traffic Traversing a VPN Gateway (VGW) To/From a Remote VPN Peer
Benefits of Using Amazon VPC Ingress Routing with Cisco’s NGFWv and ASAv
Offload NAT from the firewall to AWS network address translation (NAT) gateway or instance
Simplify protection of multi-tier applications spanning subnets and VPCs
The scalable design makes it easy to add new subnets, and more of them
Enables bi-directional, threat-centric protection for traffic bound for private networks and the internet
POC Deployment Scenario
Enable outbound Internet connectivity and offload NAT function to AWS NAT gateway
In this scenario, the Cisco Firewall (NGFWv or ASAv) is deployed between internal services in the AWS VPC and the internet. The route table for the Internet Gateway (igw-rt) has a specific route for the Inside subnet which directs inbound traffic to the Cisco Firewall for inspection. Prior to this enhancement, the users had to NAT egress traffic on the firewall to bring back the reply packet to the same virtual appliance. This new configuration eliminates the need for an ENI on the firewall and removes the requirement to perform NAT on the firewall, thus improving performance.
Cisco NGFW/ASA with AWS IGW (routable attached to IGW) and AWS NGW to NAT outbound trafficCisco NGFW/ASA with Multiple Subnets, Three-tier Architecture Using IGW and Amazon VPC Ingress Routing
This topology expands on the previous​, demonstrating how multiple subnets can be protected by a single firewall. By utilizing the AWS NAT Gateway service, the number of protected subnets behind a single firewall can be scaled significantly beyond what was previously possible.
As with the previous architecture, the ​Cisco Firewall is deployed at the edge in routed mode, forwarding outbound traffic to the IGW. Multiple routes are configured in the IGW’s route table to direct the traffic back to the appropriate subnet while the protected subnets forward their traffic to the internal firewall interface via the NAT gateway.
Cisco NGFW/ASA three-tier Architecture with AWS IGW and VPC Ingress RoutingCisco NGFW/ASA with Multiple Subnets, Three-tier Architecture Using VGW and Amazon VPC Ingress Routing
Cisco Firewalls can also be deployed in an Amazon VPC to inspect traffic flowing through a VPN tunnel. In this case, the ​Cisco Firewall is deployed at the edge in routed mode, forwarding outbound traffic to the to a VGW. In this example, the local and remote networks are routable; therefore, the NAT gateway can be eliminated, further improving efficiency and reducing cost.
Cisco NGFW/ASA three-tier Architecture with AWS IGW and VPC Ingress RoutingIn Addition to Support for Amazon Ingress Routing, we are adding AWS Security Group management to Cisco Defense Orchestrator (CDO). We are also extending the existing ACI policy-based automation for L4-7 services insertion to the AWS cloud by leveraging Amazon VPC ingress routing. These integrations will make deploying L4-7 services in a hybrid cloud as well as Cisco Security at scale in AWS easier than ever.
For additional information, visit the resources below or contact your Cisco TSA or Cisco Partner.
Additional Resources
Cisco Next-Generation Firewall Cloud Solutions
Cisco NGFWv for AWS in AWS Marketplace
Cisco NGFWv for AWS Configuration Guide
Cisco ASAv for AWS in AWS Marketplace
Cisco ASAv for AWS Configuration Guide
Amazon VPC Ingress Routing
Cisco Cloud ACI
Cisco ACO Service Graph Designs
Cisco ACI MSO Configuration Guide
The post Configuring Cisco Security with Amazon VPC Ingress Routing appeared first on Cisco Blogs.

Source:: Cisco Security Notice

/von

A New Day for Critical Infrastructure Security & Resilience

By Edna Conway It’s a new Day for National Critical Infrastructure Security and Resilience. While November is recognized as the month focused on this issue in the U.S., for some time, digital transformation has widened the aperture of our lens dramatically.
This year, led by the new Department of Homeland Security (DHS) Critical Infrastructure and Security Agency (CISA), the public and private sector are zooming in on collaborative resilience. The accelerated convergence of information technology with operational technology running our Critical Infrastructure demands this new joint approach.
As CISA noted in its National Critical Functions, newly defined this year, “goods, people and utilities move in, out, and across the United States through distribution functions. Effective, safe, efficient, lawful, and responsive management drives our way of life, our economy, and the cohesion of our society.” Given such reliance on a dynamic global ecosystem, we must clearly identify our most trusted insiders and our most dangerous adversaries and build resilience accordingly. I believe DHS‘ designation of National Critical Functions is a major step forward toward this resiliency approach. I encourage readers to review the Interim Report recently issued by the DHS Information and Communications Technology Supply Chain Risk Management Task Force.
We must shift both our thinking and practice to effectively build resiliency and security into our critical infrastructure. Security must be approached from a layered perspective to address operational, cyber and physical risks together. Omitting any one of these important layer’s leaves glaring gaps in the security posture of our infrastructure.
Let’s explore a few fundamental building blocks:

While Access Management has traditionally been applied to IT systems, it is also uniquely applicable to any number of Critical Infrastructure aspects, such as its creation, operation and use. Mapping who needs access to what and when is how we start. The basics include:
Structuring teams and their respective access based on role
Ensuring that least privilege is applied, limiting access to the least amount of resources necessary to get the job done for a specific role
Applying that least privilege not just to information access, but also to physical access, operational control and authority. E.g. in a manufacturing plant, a camera sensor should not be allowed to control a robot outside of the camera sensor’s purview.
Verified Identity is essential to successful access management. After all, if we are granting access to the wrong person, tool or operation, we have failed. Methods for validation can range from passwords/passphrases, to electronic key cards to biometric identifiers. Methods should be deployed based on risk, e.g. an individual’s role and the operation to be undertaken.
Segmentation ensures that if one part of a network goes down, users can readily switch to another that is still functional, minimizing the failure’s impact. This concept, often used in minimizing information technology network disruption, should also be part of our infrastructure resiliency planning. Consider these basic steps:
Establish a baseline of device configurations as a foundation
Start your systems segmentation with basic categories such as enterprise, plant and process
Once you have locked down your segments, identify the key connections which are essential to each function. Then comes the fun part: map your actual connections against your list of key connections needed. And then simplify, simplify, simplify.
Third Party Risk Management becomes even more essential in today’s distributed Critical Infrastructure environments. Critical Infrastructure relies upon, in part:
Third party cloud platforms digitally enabling operations controls, data storage and workflows
Consultants performing data mining and analytics
Equipment component suppliers
Service providers working onsite to install or maintain equipment
All these third parties impact the success or failure of the security and resiliency of the Infrastructure in which they play a role.
These basic building blocks, which must be deployed by all of us, are essential to operational success. Resilient and increasingly secure Critical Infrastructure and services can only be achieved when we work together.
Additional Resources:
Critical Infrastructure Protection
Value Chain Security
The Trust Center
The post A New Day for Critical Infrastructure Security & Resilience appeared first on Cisco Blogs.

Source:: Cisco Security Notice

/von

Verhalten bei IT-Notfällen

, , ,

Oberberg-Online ist als Mitglied der Allianz für Cybersicherheit permanent an der Verbesserung der IT-Sicherheit seiner Kunden interessiert. In diesem Zusammenhang greifen wir heute ein Thema des BSI auf und stellen diese Informationen hier gesammelt zur Verfügung.

Wichtig ist im Falle eines Falles das korrekte Verhalten der Mitarbeiter bei IT-Notfällen. Damit sollen Schäden minimiert werden und ein abgestimmtes, zügiges Handeln ermöglicht werden.

Analog zur Info-Karte „Verhalten im Brandfall“ stellt das BSI hier eine IT-Notfallkarte zur Verfügung, in der die Nummer der im Notfall zu verständigenden Personen eingetragen werden sollte.

Schulungen und Sensibilisierungsmaßnahmen in der Organisation bieten sich als Rahmen an, um die IT-Notfallkarte einzuführen. So kann es gelingen, dass die Belegschaft zu einem wichtigen Bestandteil der Cyber-Sicherheit einer Organisation wird. Hierzu beachten Sie auch bitte die Awareness-Schulungssysteme unseres Partners G DATA, über die wir hier bereits informiert haben.

Hier finden Sie die IT-Notfallkarte als Download im Format A5.

Hier finden Sie die IT-Notfallkarte als Download im Format A4.

Platzieren Sie die IT-Notfallkarte in Fluren, in den Arbeits- oder Werkräumen oder den IT-Arbeitsplätzen: überall dort, wo IT-Anwenderinnen und IT-Anwender diese Information im IT-Notfall finden sollten.

Für Geschäftsführer und IT-Verantwortliche in kleinen und mittleren Unternehmen haben wir hier noch weitere BSI-Kurzinformationen zusammengestellt, die wir für empfehlenswert zum Thema IT-Notfälle halten:

Maßnahmenkatalog zum Notfallmanagement mit dem Fokus auf IT-Notfälle

TOP 12 Maßnahmen bei Cyberangriffen

Unsere Security-Lösungen unterstützen Sie bei der Verteidigung gegen Cyberangriffe. Sprechen Sie mit uns:

DSC_2022 klein

Bastian Breidenbach

breidenbach@oberberg.net

Dirk Zurawski
02261 9155051
zurawski@oberberg.net
DSC_2012 klein
Frank Erlinghagen
02261 9155055
erlinghagen@oberberg.net
/von

Malvertising

By Ben Nahorney Online advertising is an integral part of today’s internet experience. In many ways, ads are the lifeblood behind many websites, providing the necessary funding to keep sites running, as well as supporting the creation of new content.
While it may appear as though the ads that are displayed are just a component of the site you’re visiting, this isn’t often the case. Behind the scenes there is a complex network of advertisers, affiliates, and ad exchanges that bring the ads to you. A whole industry has built up around the process of serving up ads, by some estimates exceeding $100 billion in revenue per year. Tracking the sites a user visits and the ads they click on, alongside other metrics, has led to the tailored advertising experience we often see today.
These ads can run the gamut from amusing to annoying. The latter can be a source of frustration for users, with ads popping up while viewing a page, appearing in the middle of an article, or being masked as “sponsored content” that can sometimes be difficult to distinguish from the core content on a page.
In addition, many legitimate websites and content creators heavily rely on ad revenue as an income stream. This can cause even greater confusion for users trying to stay safe online, as legitimate sites may urge users to turn off any ad-blocking software they may have installed. Likewise, content creators and influencers are known to ask users to engage with their ads in order to support their work. Simply put, ad culture is everywhere online.
And those ads can be dangerous. Malicious advertising, or “malvertising” for short, has become a more common occurrence as bad actors have figured out how to infiltrate ad networks in order to serve up malicious content. And while there are steps that you can take, there is no simple, silver bullet to fully protect yourself and your organization from malvertising.
Today’s ad networks
There are a variety of delivery methods for online advertising, though ad exchanges are one of the most common today. This process includes publishers who post the ads to the site, exchanges that facilitate bidding for ad placement, and advertisers who bid to win placement on the site.
At a basic level, you can look at this process as being similar to a car auction. The seller (web user) puts their car (ad space) up at an auction house (publisher). The auctioneer (ad exchange) opens bidding up to the potential buyers (advertisers). The highest bid ultimately wins the car, and the buyer pays the user with money (ad).
To be more specific, this process for serving ads works like this:
A user requests a particular page that includes an ad space.
A publisher collects information about the user and passes it to an ad exchange.
The ad exchange passes the information available to advertisers and creates an auction placing an ad on the page.
The advertisers determine if they have suitable ads and make bids for the ad space accordingly.
The winning bid is passed back to the publisher, who displays the ad to the user.

Figure 1 – Ad network process.The entire bidding process takes place in a fraction of a second. It’s so quick that multiple bids can be completed between the time a link is clicked and the page loads.
The data that drives the process—determining which ads advertisers bid for and how much they bid—is often the information gathered about the user. Geographic location, language, browser type and version, and operating system can commonly be determined when a page loads. If you add information gathered from third-party cookies, such as age and other demographics, far more information can be gathered as well.
Where things go wrong
From an advertiser’s perspective, ad exchanges can help facilitate cheaper ads that reach the customers that they want to reach. However, the bar is quite low in terms of who qualifies as an “advertiser.” In many ways this is necessary for smaller businesses and sellers to be able to get their ads easily distributed online. However, it also leaves the door open for bad actors.
Without significant vetting taking place on many advertising networks, it’s fairly straightforward for cyber criminals to enter these networks and bid for ad placement alongside legitimate advertisers. By doing so, these bad actors have the opportunity to place malicious ads in front of users.
Not only that, but a malicious advertiser can leverage the advantages gained by the information gathered about the user. For instance, if the malicious actor learns that the user is running an out-of-date version of the Google Chrome web browser they can place a bid and, if they win the auction, serve up a malicious ad that could exploit the vulnerable browser.
It’s also important to note that websites rely on the legitimacy and security of ad networks when utilizing them to display ads on their sites. There is very little that they can do to screen for malvertising. If a malicious ad is identified, website owners can technically request that it be removed, but that does little to protect already affected users. Because of this, it’s important that users not conflate the trust instilled in a particular website with the ads displayed in the site.
Redirection in malvertising
While more could be done, online advertising isn’t entirely a free-for-all, and some vetting does occur. That means a bad actor can’t necessarily send a user directly to a page with an exploit or a malicious payload without being found out.
As a result, attackers leverage redirection. In a nutshell, when a redirection is included in a URL or on a web page, the browser is told to go to another site to retrieve the content it is looking for. Frequently, malicious actors will redirect a user through a series of URLs before landing on the malicious page.
There are a variety of ways attackers can do this. One of the most common methods today is by using what are called 302 requests in HTTP. In these cases, the browser is told that the page they are looking for has temporarily been moved to another location and a new URL is provided.
In other cases, a redirection can be performed using HTML or JavaScript. There are even techniques, such as the JavaScript location.replace method, that don’t even leave a record in the browser’s history, masking the redirect from the user.
Payload delivery
Using this method, an attacker can attempt to distribute any sort of payload they wish. In many cases, the final content displaying on the user’s page is an ad that entices them to download adware or potentially unwanted applications (PUAs) that offer a service, but does so by displaying further ads.
In other cases, the malicious ad opens a window or alert that attempts to trick the user into thinking their software is out-of-date. However, if they attempt to install the fake update, they find themselves infected with malware.
Figure 2- A fake Flash update.However, what’s most concerning is the information that an attacker can glean from a user, through the ad exchange, can be used for active exploitation. For instance, an attacker can choose to only bid on ads that come from users running Internet Explorer. Obtaining the winning bid, the attacker can send an Adobe Flash Player exploit in their “ad.” If the version of Flash installed is out-of-date, the machine can be compromised without the user even clicking the ad. The attacker has exploited the browser right out of the gate, requiring zero interaction from the user apart from loading the page that contains the ad.
Figure 3- Targeted selection options in an ad network.Protecting against malvertising
The simplest way to shield yourself from malvertising is to block ads and connections to third-party sites (sites beyond the specific domain in the URL). Ad blocking add-ons are available for most major browsers, and sometimes protections come baked in to modern browsers.
However, taking too aggressive a stance against ads can impact the performance of a web site. Sometimes it may break key features and components. Many sites now stop browsers with ad-blocking from viewing their site to begin with, requesting that the user disable it to view the site’s content. And in some cases, ad blocking software will allow certain ads through anyway, if the ad provider has paid the blocker to avoid them.
Given the current advertising network climate, there really isn’t a simple solution to protect against all forms of attack. Ultimately, a layered approach is the best defense against malicious advertising.
Domain-level protections, such as those offered by Cisco Umbrella, will help to block redirects to domains that are known to be malicious, often stopping a series of redirects halfway through the chain.
An endpoint protection application, such as AMP for Endpoints, can prevent malicious payloads from being installed onto a computer that encounters a malicious advertisement.
Network Security appliances that include IPS signatures, like Next-Generation Intrusion Prevention System, can detect malicious activity such as exploit attempts against vulnerable software.
Cisco’s Secure Internet Gateway and Web Security Appliance contain web scanning features that can prevent access to malicious websites.
Finally, if you’re looking for a deep dive into malvertising, how it works, and more of the latest techniques used by cyber criminals, check out Cisco Talos‘ blog post on the topic, Malvertising: Online advertising’s darker side.

Enjoyed reading this Threat of the Month? Subscribe to the Threat of the Month blog series and get alerted when new blogs are published.
The post Malvertising appeared first on Cisco Blogs.

Source:: Cisco Security Notice

/von

Why We Must Get Data Privacy Right

By Robert Waitman As consumers the world over gear up for the holiday shopping season, and with Black Friday and Cyber Monday soon upon us here in the US, global consumers will be purchasing online more than ever before. In fact, global e-commerce sales are projected to be more than $140 billion over the holidays, up 15 percent from last year’s record. With all this online commerce, consumers will be knowingly – or unknowingly – sharing their personal information with companies and websites when they make purchases. A common belief is that consumers have lost the ability and will to control how their personal information is used online. But that appears to be changing.
According to the Cisco 2019 Consumer Privacy Survey released today, a significant group of consumers cares so deeply about data privacy that they are already acting to protect their data – even by changing providers when necessary. Our study draws on survey responses from more than 2600 adult respondents in 12 countries worldwide. It explores consumer attitudes and actions regarding their personal data, the products and services they use, their comfort level with potential new business models, and the impact of data privacy regulations. By surveying consumers, our study also adds an end-user perspective to Cisco research on the corporate impact of changes in the data privacy industry.
What consumers tell us about privacy
Overall, our findings reveal a new landscape in which privacy has become a critical business imperative and an important driver of consumer behavior. Specifically, we cover four areas of insights in the study:
People care about privacy and many have already taken actions to protect it. We’ve identified a group of consumers (32%), which we call “Privacy Actives”, who say they care about privacy, are willing to act to protect it, and have already acted by switching companies or providers based on their data-sharing practices. The Privacy Active group is sizable and is an attractive demographic for companies because its members skew younger and do more shopping online. Perhaps most importantly, this group sees respect for privacy as core to the customer experience.
Privacy regulations and policies provide “guardrails” for innovation and help build trust. Our research looked at several potential new business models where personal data might be used in unexpected ways but could enhance personal safety and security. One example would be sharing personal information from home or a car in exchange for health or safety warnings. Overall, consumers were generally uncomfortable with these models, but those respondents who were aware of privacy regulations (for example, the EU General Data Protection Regulation – or GDPR) were much more comfortable than respondents who were unaware.
Consumers value government’s role in regulating the use of data, and they view the GDPR very favorably. Survey respondents want the government to play a role in providing oversight and to make sure companies are complying with the law and their stated policies. Perhaps for this reason, GDPR is perceived very positively around the world (55% favorable vs. 5% unfavorable). In addition, consumers felt that GDPR has given them more control over their data and has enhanced their trust in companies using their data.
Many consumers (43%) say they still cannot effectively protect their data today. While there are many reasons for this, by far the biggest reason stated is that it’s too hard to figure out what companies are actually doing with their data.
A new way to understand the value of privacy to companies
Our research also suggests a new framework for measuring the benefits and return on privacy investment beyond regulatory and compliance requirements. Specifically, the areas of benefit include:
Attracting and retaining customers who care about privacy and are willing to act
Improving business agility and innovation
Reducing sales friction
Enhancing the overall attractiveness of the company.
As more consumers place a premium on proper protection of their data, companies have a significant opportunity to meet regulatory requirements while they realize business benefits and build trust with their customers.
For most organizations, privacy has become a critical business imperative. Cisco recognizes this imperative, and we prioritize being clear and transparent with our customers. Some of the tangible ways we do this include providing information on our Trust Portal and with our privacy data sheets and data maps that clearly describe how our products and services use data.

More Information
Cisco 2019 Consumer Privacy Survey
Cisco 2019 Data Privacy Benchmark Study
Cisco Data Privacy
Cisco Trust Portal
The post Why We Must Get Data Privacy Right appeared first on Cisco Blogs.

Source:: Cisco Security Notice

/von

IP-Telefone für Einsteiger

,

Sie suchen ein IP-Einsteigertelefon und möchten trotzdem nicht auf beste Sprachqualität und moderne Sicherheitsprotokolle verzichten? Unser Partner innovaphone produziert in Deutschland die beiden Modelle IP101 und IP102. Diese eignen sich bestens dafür, sind zudem ideal im Einsatz für klassische Telefonie und unterscheiden sich lediglich durch eine USB-Schnittstelle für Headsets und einen Gigabit- bzw. Fast-Ethernet-Anschluss.

Die Daten hierzu finden Sie bei innovaphone unter folgenden Links:

Daten zum IP 101

Daten zum IP 102

Oberberg-Online ist seit 16 Jahren zertifizierter innovaphone-Partner und bietet IP-Kommunikationslösungen für jede Unternehmensgröße an. Sprechen Sie mit uns, wenn Sie auf Qualität und Sicherheit aus Deutschland setzen wollen:

DSC_2022 klein
Jörg Wegner
02261 9155052
wegner@oberberg.net
Dirk Zurawski
02261 9155051
zurawski@oberberg.net
Daniel Wenzlau
02261 9155054
wenzlau@oberberg.net
/von