The Cisco 2014 Midyear Security Report found HERE examines threat intelligence and security trends for the first half of 2014. Cisco’s research helps to underscore just how many different types of weak links exist in the systems we use. These weak links – which could be outdated software, bad code, abandoned digital properties, or user errors – contribute to the adversary’s ability to exploit vulnerabilities with methods such as DNS queries, exploit kits, amplification attacks, point-of-sale (POS) system compromise, malvertising, ransomware, infiltration of encryption protocols, social engineering and “life event” spam. Continue reading
A buddy of mine at Cisco is truly a genius when it comes to thinking outside the box. He loves technology and hates annoying telemarketers. Over time, he developed a call management system that involves a combination of open source software and proprietary hardware. He took advantage of the numerous application programing interfaces (API’s) available to create a tightly integrated environment. Continue reading
One common question I’ve been asked is what are the current requirements to perform authentication, authorization, and remediation when using VPN (usually Cisco ASA VPN) and Cisco Identity Services Engine ISE. This post will cover this subject however I suggest for those with Cisco ASA 9.2.1 and ISE should reference this really good configuration guide found HERE. Continue reading
Juniper Networks announced that it sold its Junos Pulse product to Siris Capital for approximately $250 million. Junos Pulse software enables dynamic SSL VPN connectivity, network access control (NAC), mobile security, and collaboration, through a simple end-user interface. It simplifies and optimizes connectivity to end users at the same time it check their device type and security state, location, identity, and adherence to corporate access control policies. Continue reading
This week’s product overview is Cisco Security Manager also known as CSM. For some people, hearing CSM makes them cringe as older versions from 4+ years ago had some issues. Personally, I consider the recent CSM release a completely different solution and I’m sure just by the screenshots, people familiar with the old version will not recognize anything as its been completely rebuilt.
Cisco Security Manager is used to manage multiple Cisco security products. Management includes centralizing configuration, quickly troubleshooting security events, unifying software versions, backing up configuration, enforcing policies for best practice, and reporting. Products that can be managed by CSM include ASAs, IPS modules / Appliances, Firewall Service Modules, ISR routers, Switches and VPN. Its installed as a software package but can also be purchased as a bundle with a UCS server for those looking for a appliance feel. Continue reading
Centralizing alerting from multiple devices and speeding up incident response are just some of the critical issues solved by investing in SIEM technology (more on choosing the best SIEM for your environment HERE).
There are many SIEM vendors however I continue to be impressed by what Splunk is doing in regards to their open source APPs developed by customers and Splunk engineering. I wrote a blog post HERE that showcases a Cisco management APP that can correlate events from various security products such as Cisco ISE, WSA, Firewalls, Sourcefire and so on. There isn’t a Cisco manager of managers so doing things like running a report on high level events against any security product for a particular IP address can only be accomplish by a SIEM solution. Continue reading
Cisco has been in the firewall business since the mid 90s. They have built upon that platform by adding VPN and now various “next generation” security features such as IPS/IDS, Reputation blocking and Application Visibility and Controls all from a single solution. This is know as ASA CX (more on ASA CX found HERE and how to build a lab found HERE). The latest release just came out June 30th and available for download. The ASA 9.3 release notes can be found HERE.
Here is an overview of whats new with 9.3 Continue reading
Lancope is a NetFlow based tool that can turn your network into a gigantic sensor grid. This includes routers, switches, wireless access points, virtual systems aka servers in your data center and so on. So rather than having a handful of security tools looking for threats, your entire network takes part in your security defense against cyber attacks. I’ve wrote about Lancope HERE as well as how to build your own Lancope lab HERE. The Lancope team runs a blog found HERE that has provided posts about using their solution to identify the latest cyber attacks. Some interesting articles recently posted focus on threats like Heartbleed, Putter Panda and Saffron Rose. Continue reading
Researchers at Duo Labs, the advanced research team at Duo Security, discovered that it is possible to bypass PayPal’s two-factor authentication (the Security Key mechanism, in PayPal nomenclature). The vulnerability lies primarily in the authentication flow for the PayPal API web service (api.paypal.com) — an API used by PayPal’s official mobile applications, as well as numerous third-party merchants and apps — but also partially in the official mobile apps themselves. Continue reading