March 5, 2010

Threat Control and Containment

Please note that this paper has been superseded by the paper, "Threat Defense for Borderless Networks." 

However, the rather extensive discussion remains below.                      

Go to Comments/Discussion


Network security threats have the potential to significantly impede productivity, disrupt business and operations, and result in loss of information - which can lead to financial losses and potential non-compliance. Hackers continue to develop new techniques to gain access to information, for their own financial gain.

The evolution and complexity of threats must be addressed with proactive IT security strategies that maintain business continuity, provide infrastructure wide threat visibility and protection, and simplify day-to-day network management. The entire security infrastructure - network, systems, and management - must work in concert to proactively defend against a wide array of threats, and reduce the mean time to respond and mitigate during an event. Threat control solutions from Cisco deliver comprehensive and proactive network defense, streamlined policy and system management, and business continuity.



9 Comments

This is a great update on the range of threats that are encountered in today's networks and IT in general. And, unfortunately, the number of and types of threats are expanding exponentially.

I really like the fact that this paper not only details myriad threats in a number of categories, but it also suggests methods for mitigating those threats.

Not surprisingly, since the paper is by Cisco, most of the recommendations involved Cisco's solution set. Nevertheless, it sets a great benchmark regardless of your exact choice of equipment supplier.

So, I have a question for Cisco (and others).

The paper presents an almost overwhelming number of potential threats.

What do you, from your experience, see as the two or three "low hanging fruit" places that the networks and IT shops can be made more secure? By "low hanging fruit," I mean the most significant and common vulnerabilities that can be easily secured.

It would be great to know for both the network as a whole and the branch office in particular.

Thanks!

Interesting question - the trends change quite rapidly, but we've seen increasing threat activity over the web (uncategorized/new websites that contain malicious code), social media scams that lead "friends" to malicious code (videos, websites, etc), and targeted banking scams.

You should check out our Annual Security Report if you haven't already: www.cisco.com/go/securityreport, and our Security Intelligence Operations portal lists the latest top vulnerabilities and threats: www.cisco.com/go/sio.

Hi Sarah -

Thanks so much for the reply. May I ask you to be a bit more specific?

For instance, when you mention social media sites, what do you see as some "best practices" for a corporate network?

For instance, you mention social media scams. Yet almost all web sites - even Cisco's site and Webtorials - now have a social component. What can/should a corporate IT shop do in order to be "with it" while still being appropriately cautious? Same with banking scams?

Or are there more fundamental levels that the enterprise should be concerned about and should these be left to "safe surfing" education?

Yes, it's a tough issue...what we find is that social media users are placing too much trust in the safety and privacy of their networks, responding to messages, supposedly from their connections, with malware-laden links. Linking directly to tiny URLs from a social media site, for example, could be a way to get infected, so users should be wary when they see an advertisement from a 'friend.'

Also, by disclosing information, such as birth dates and hometowns, social media users make it far too easy for criminals to break into private accounts and gain control by resetting passwords. Corporate users are not immune to this trend, frequently using Twitter to discuss business projects.

In a nutshell, we'd recommend for you to be cautious - when you see odd messages like "Hey, check out these pictures!" with a link, don't automatically go to it. And be careful when posting personal information - there may be someone watching you. Also, take Security 101 seriously: stay up to date with your AV, create strong passwords, make sure your system is patched to the latest level - you know the drill!

Excellent points! Two quick items that I would also point out that the casual user might forget about so the corporate folks should send semi-constant reminders about...

1) It looks really cool in an .html formatted email to be able to click on a link.  However, even thought the link says it's going to www.webtorials.com, it might actually go to Cisco.  (Using two very safe sites as an example only.)

2) One should be extremely wary of any links that go to a numeric IP address.  For instance, this link to Cisco might actually go somewhere else.

Unless you REALLY trust the site or mailer, it's a great idea to check.  But this is pretty easy in most cases.  With rare exceptions, if you hold the cursor over the hyperlink in the email or on a web page, the actuall address will show up - usually in the lower left-hand corner of the window.

Also, be very wary of links that have long strings of characters attached to them. At a minimum, it probably means that you're being tracked somehow.

Try it with the links above...

Sarah,

Thanks for mentioning the Annual Security Report.  I hope a lot of our community are already familiar with it since it's posted here.  As mentioned at the time, it's a great resource.

I'd like to start a kinda parallel thread. What do you see as specific steps that can be taken to protect the network and IT resources in light of the rapid proliferation of mobile devices such as iPhones, iPod Touches, etc.?

One thing in the security world hasn't changed...you still need a layered security strategy, there is no single bullet to solve all security issues. A layered approach including firewalls, IPS systems, integrated switch/router security, content security, endpoint security, etc, is still needed. Many organizations are preferring some of these aspects of security in cloud-based services...but that's another conversation...

To the mobile device issue, agreed, organizations are now challenged with how to secure and apply appropriate policies on the plethera of devices coming into the network.

To solve this particular problem, Cisco just announced a new AnyConnect Secure Mobility Solution that enables organizations to gain control of managed and unmanaged remote workers using laptops and mobile devices. Organizations can decide which users access which resources - securely - with a system that includes the 'always-on' AnyConnect client on mobile devices, the Cisco ASA firewall, and the Cisco IronPort Web Security Appliance that applies context-aware policies. http://www.cisco.com/en/US/netsol/ns1049/index.html

Another important step in mobility is making sure the devices coming into the network are up to the latest security posture...organizations should really be looking at some type of Network Admission Control to apply policy/access rights to devices coming onto the network.

These are just a couple of components...Cisco has recommended security architectures posted on www.cisco.com/go/safe - blueprints in how to deploy end to end security.

Get E-News and Notices via Email


  

 



  

I accept Webtorials' Terms and Conditions.

Featured Sponsor Microsites






















Recent Tweets

Archives

Notices

Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Please encourage colleagues to download their own copy after registering at https://www.webtorials.com/Sonus_logo.jpgreg/.  Continuing past this point indicates your acceptance of our terms of use as specified at Terms of Use.

Webtorial® is a registered servicemark of Distributed Networking Associates. The Webtorial logo is a servicemark of Distributed Networking Associates. Copyright 1999-2015, Distributed Networking Associates, Inc.