Login
In November 2020, the Telecommunications (Security) Bill was formally introduced to the UK’s House of Commons by the department for Digital, Culture, Media & Sport. Now, after several readings, debates, committee hearings, and periods of consultation, the Telecommunications (Security) Act is quickly becoming reality for providers of public telecoms networks and services in the UK, going live on 1 October 2022. Here, we outline what exactly the requirements mean for these firms, and what they can do to prepare.
The Act outlines new legal duties on telecoms firms to increase the security of the entire UK network and introduces new regulatory powers to the UK Telecoms regulator OFCOM to regulate Public Telecommunications Providers in the area of cyber security. It place obligations on operators to put in place more measures around the security of their supply chains, which includes the security of the products they procure. The Act grants powers to the Secretary of State to introduce a so-called Code of Practice. It is this Code of Practice which contains the bulk of the technical requirements that operators must comply with. Those not in compliance face large fines (up to 10% of company turnover for one year).
Following the UK Telecoms Supply Chain review in 2018, the government identified three areas of concern that needed addressing:
Following the review, little did we know a major resilience test for the telecoms industry was about to face significant challenges brought on by the Covid-19 pandemic. Data released by Openreach – the UK’s largest broadband network, used by customers of BT, Plusnet, Sky, TalkTalk, Vodafone and Zen – showed that broadband usage more than doubled in 2020 with 50,000 Petabytes (PB) of data being consumed across the country, compared to around 22,000 in 2019.
There is no question the security resilience of the UK telecoms sector is becoming ever more crucial — especially as the government intends to bring gigabit capable broadband to every home and business across the UK by 2025. As outlined in the National Cyber Security Centre’s Security analysis for the UK telecoms sector, ‘As technologies grow and evolve, we must have a security framework that is fit for purpose and ensures the UK’s Critical National Telecoms Infrastructure remains online and secure both now and in the future’.
The legislation will apply to public telecoms providers (including large companies such as BT and Vodafone and smaller companies that offer telecoms networks or services to the public). More specifically to quote the Act itself:
As the requirements are long and varied and so the timelines to comply have been broken down to help organisations comply. The current Code of Practice expects Tier 1 providers to implement ‘the most straightforward and least resource intensive measures’ by 31 March 2024, and the more complex and resource intensive measures by 31 March 2025.
Tier 2 firms have been given an extra two years on top of the dates outlined above to reflect the relative sizes of providers. Tier 3 providers aren’t in scope of the regulatory changes currently but are strongly encouraged to use the Code of Practice as best practice. The Code of Practice also expects that these firms ‘must continue to take appropriate and proportionate measures to comply with their new duties under the Act and the regulations’.
The TSA introduces a range of new requirements for those in the telecoms industry to understand and follow. These will require a multi-year programme for affected organisations. An area of high focus for example will be on Third Party controls and managing the relationship with them.
However there are more common security requirements as well. From our work with many companies across many different industries, we know that establishing that users accessing corporate systems, data and applications are who they say they are is a key aspect of reducing risk by limiting the possibility of attacks coming in through the front door. This is a very real risk highlighted in Verizon’s 2022 Data Breaches Investigations Report, which states that around 82% of data breaches involved a human element, including incidents in which employees expose information directly or making a mistake that enables cyber criminals to access the organisation’s systems.
Therefore, one area to start to try and protect the organisation and take a step on the way to compliance is to build up authentication and secure access to systems, data and applications. However even this can take time to implement over large complex environments. It means gaining an understanding of all devices and ensuring there is a solid profile around them, so they can be reported on, attacks can be blocked and prevented, and access to applications can be controlled as needed.
We will be creating more information around the Act as we move closer to the deadlines, including part two of this blog where we will take a deeper dive into themes introduced by the bill, how it compare with other industries’ and jurisdictions’ cyber security initiatives, and explore what else the telecoms industry can do to improve its security posture.
We are also running an event in London on 13 October: ‘Are you ready for TSA?’ which will include peer discussions where participation is welcome on the TSA. If you are interested in attending, please register here.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
In the first part of this blog series on Unscrambling Cybersecurity Acronyms, we provided a high-level overview of the different threat detection and response solutions and went over how to find the right solution for your organization. In this blog, we’ll do a deeper dive on two of these solutions – Endpoint Detection and Response (EDR) and Managed Endpoint Detection and Response (MEDR). However, first let’s take a look back at the history of endpoint security solutions and understand how we got EDR and MEDR security solutions.
The very first endpoint security solutions started out as anti-virus solutions (AV) with basic security functionality that relied heavily on signature-based detection. These solutions were effective against known threats where a signature was created, but ineffective against unknown threats such as new and emerging attacks. That meant that organizations struggled to stay ahead of attackers, who were continuously evolving their techniques to evade detection with new types of malware.
To address this problem, AV vendors added detection technologies such as heuristics, reputational analysis, behavioral protection, and even machine learning to their solutions, which became known as Endpoint Protection Platforms (EPP). These unified solutions were effective against both known and unknown threats and frequently used multiple approaches to prevent malware and other attacks from infecting endpoints.
As cyberattacks grew increasingly sophisticated though, many in the cybersecurity industry recognized that protection against threats wasn’t enough. Effective endpoint security had to include detection and response capabilities to quickly investigate and remediate the inevitable security breach. This led to the creation of EDR security solutions, which focused on post-breach efforts to contain and clean up attacks on compromised endpoints.
Today, most endpoint security vendors combine EPP and EDR solutions into a single, converged solution that provides holistic defense to customers with protection, detection, and response capabilities. Many vendors are also offering EDR as a managed service (also known as MEDR) to customers who need help in securing their endpoints or who don’t have the resources to configure and manage their own EDR solution. Now that we’ve gone over how endpoint security evolved into EDR and MEDR security solutions, let’s cover EDR and MEDR in more depth.
EDR solutions continuously monitor your endpoints for threats, alert you in case suspicious activity is detected, and allow you to investigate, respond to and contain potential attacks. Moreover, many EDR security solutions provide threat hunting functionality to help you proactively spot threats in your environment. They’re often coupled with or part of a broader endpoint security solution that also includes prevention capabilities via an EPP solution to protect against the initial incursion.
As a result, EDR security solutions enable you to protect your organization from sophisticated attacks by rapidly detecting, containing, and remediating threats on your endpoints before they gain a foothold in your environment. They give you deep visibility into your endpoints while effectively identifying both known and unknown threats. Furthermore, you can quickly contain attacks that get through your defenses with automated response capabilities and hunt for hidden threats that are difficult to detect.
While EDR provides several benefits to customers, it has some drawbacks. Chief among them is that EDR security solutions are focused on monitoring endpoints only versus monitoring a broader environment. This means that EDR solutions don’t detect threats targeting other parts of your environment such as your network, email, or cloud infrastructure. In addition, not every organization has the security staff, budget, and/or skills to deploy and run an EDR solution. This is where MEDR solutions come into play.
Managed EDR or MEDR solutions are EDR capabilities delivered as a managed service to customers by third-parties such as cybersecurity vendors or Managed Service Providers (MSPs). This includes key EDR functionality such as monitoring endpoints, detecting advanced threats, rapidly containing threats, and responding to attacks. These third-parties usually have a team of Security Operations Center (SOC) specialists who monitor, detect, and respond to threats across your endpoints around the clock via a ‘follow the sun’ approach to monitoring.
MEDR security solutions allow you to offload the work of securing your endpoints to a team of security professionals. Many organizations need to defend their endpoints from advanced threats but don’t necessarily have the desire, resources, or expertise to manage an EDR solution. In addition, a team of dedicated SOC experts with advanced security tools can typically detect and respond to threats faster than in-house security teams, all while investigating every incident and prioritizing the most critical threats. This enables you to focus on your core business while getting always-on security operations.
Similar to EDR though, one downside to MEDR security solutions is that they defend only your endpoints from advanced threats and don’t monitor other parts of your infrastructure. Moreover, while many organizations want to deploy EDR as a managed service, not everyone desires this. For example, larger and/or more risk-averse organizations who are looking to invest heavily in cybersecurity are typically satisfied with running their own EDR solution. Now, let’s discuss how to choose the right endpoint security solution when trying to defend your endpoints from threats.
As I mentioned in my previous blog, there isn’t a single correct solution for every organization. This logic applies to EDR and MEDR security solutions as well since each solution works well for different types of organizations, depending on their needs, resources, motivations, and more. Nevertheless, one major factor to consider is if you have or are willing to build out a SOC for your organization. This is important because organizations that don’t have or aren’t willing to develop a SOC usually gravitate towards MEDR solutions, which don’t require significant investments in cybersecurity.
Another factor to keep in mind is your security expertise. Even if you’re have or are willing to build a SOC, you may not have the right cybersecurity talent and skills within your organization. While you can always build out your security team, you may want to evaluate an MEDR solution because a lack of expertise makes it difficult to effectively manage an EDR solution. Finally, a common misconception is that you must choose between an EDR and a MEDR solution and that you cannot run both solutions. In reality, many organizations end up using both EDR and MEDR since MEDR solutions often complement EDR deployments.
I hope this information and key factors help you better understand EDR and MEDR solutions while acting as a guide to selecting the best endpoint security solution for your organization. For more details on the different cybersecurity acronyms and how to identify the right solution for your needs, stay tuned for the next blog in this series – Unscrambling Cybersecurity Acronyms: The ABCs of MDR and XDR Security. In the meantime, learn how Cisco Secure Endpoint stops threats with a comprehensive endpoint security solution that includes both advanced EDR and MEDR capabilities powered by an integrated security platform!
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
The hybrid work environment has been around for years, albeit not common but it existed. I can recall my first job where I was able to split my time working in an office and working from my makeshift home office. This was many moons ago as I will call it… pre-COVID-19.
Job seekers are certainly looking to have the flexibility of working from anywhere at any time – preferably in an environment of their choosing. Even though a hybrid workforce will provide people with the option to work from anywhere, those remote locations are sometimes in unsecured locations. Organizations must now reimagine a workforce that will need access to your internal collaboration tools along with access to your network from both on- and off-premises.
Cisco, a leader in equipping organizations with the right products for a hybrid workforce, provides the tools & services to protect your organization from bad threat actors.
With pervasive ransomware attacks, malware attacks, and email attacks, you must be ready and have not only a security solution but also a security analyst team ready to respond when an attack happens.
Securing access to your endpoint must be a top priority and your security analysts must be agile and have the right telemetry to provide around-the-clock monitoring and the ability to quickly respond to threats.
Cisco Secure Endpoint provides you with the visibility and ability to respond to threats by blocking them before they compromise your network. Combined with global, proactive threat hunting, leading-edge forensic/analytic capabilities, and reduced leading Mean Time To Detection (MTTD)/Mean Time To Resolution (MTTR) across the supply chain that no other vendor can parallel; why would you partner with any other company to secure and scale your unique hybrid workforce or workplace clients?
Click here to listen to my fireside chat on how we at Cisco would define 5 Best Practices Security Analysts Can Use to Secure Their Hybrid Workforce:
I am joined by Cisco Talos global Senior Threat Defense and Response Analyst, William (Bill) Largent who has over 20 plus years of infosec experience, specifically in network intrusion detection, traffic analysis, and signature/rule writing.
I will also be speaking with Eric Howard, Cisco Secure Technical Marketing Engineer Leader for the Security Platform and Response Group. Eric is a seasoned team leader in both Information Security Sales, and Product Management. He has built and led teams that apply deep technical understanding to business needs, initiatives, and strategies in both start-ups and established companies.
This is a conversation you do not want to skip! There were a lot of gems shared by these gentlemen that will get you where you need to be as a Security Analyst.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
The release of Microsoft Azure Gateway Load Balancer is great news for customers, empowering them to simply and easily add Cisco Secure Firewall capabilities to their Azure cloud infrastructure. By combining Azure Gateway Load Balancer with Cisco Secure Firewall, organizations can quickly scale their firewall presence across their Azure cloud environment, providing protection for infrastructure and applications exactly where and when they need it.
With applications and resources hyper-distributed across hybrid-multicloud environments, organizations require agile security to protect their environment at each control point. This integration empowers organizations to dynamically insert Cisco’s security controls and threat defense capabilities in their Azure environment, removing the clunkiness of provisioning and deploying firewalls, as well as the need to rearchitect the network. Organizations can now enjoy highly available threat defense on the fly, protecting their infrastructure and applications from known and unknown threats.
Combining Secure Firewall with Azure Gateway Load Balancer offers a significant reduction in operational complexity when securing cloud infrastructure. Azure Gateway Load Balancer provides bump-in-the-wire functionality ensuring Internet traffic to and from an Azure VM, such as an application server, is inspected by Secure Firewall without requiring any routing changes. It also offers a single entry and exit point at the firewall and allows organizations to maintain visibility of the source IP address. Complementing these features, organizations can take advantage of our new Cloud-delivered Firewall Management Center. It enables organizations to manage their firewall presence 100% through the cloud with the same look and feel as they’ve grown accustomed to with Firewall Management Center. With Cloud-delivered Firewall Management Center, organizations will achieve faster time-to-value with simplified firewall deployment and management.
Azure Gateway Load Balancer support for Cisco Secure Firewall Threat Defense Virtual is available now. To learn more about how Cisco Secure Firewall drives security resilience across your hybrid-multicloud environment, see the additional resources below and reach out to your Cisco sales representative.
Microsoft Blog: Gateway Load Balancer now generally available in all regions
Azure Marketplace listing: Cisco Secure Firewall Threat Defense Virtual
Cisco Secure Firewall At-a-Glance
Cisco Secure Firewall for Public Cloud
Cloud-delivered Firewall Management Center
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Self-awareness goes a long way in determining your next professional steps. While job searching, it’s critical to identify how to leverage your transferable skills and network, while also evaluating what environmental factors of work and work culture matter to you most. Learn what it’s like to work at Cisco and the top 10 ways to suss out a workplace that suits your needs from leaders at Cisco Secure, Cisco Talos and Duo Security.
First things first. Emily Reid, the newly appointed director of employee experience at Cisco Secure who came from Duo Security, advises, “Do your own research to see how the company and their employees describe the culture publicly — on the company’s website and through other sites, articles and resources. For tech companies specifically I always think, “What else do you have beyond the ping-pong table?”’
The interview process is the next key opportunity to find out what culture is like beyond amenities. To gain multiple perspectives, Reid recommends asking about company culture in every interview you have.
The question at the top of Reid’s list: Do you have programs and resources to support the development and success of your employees? “I want to know how a company will be investing in my career growth and if I will feel welcome and included as part of the team. Seeing what a company chooses to center and highlight when describing their culture is usually very telling,” she said.
Interning at a company is another way to get firsthand knowledge and can lead to full-time employment. “several former interns are now people leaders managing their own teams — and their own interns — coming full circle,” Reid said.
Knowing that there is safety and support in bringing your whole self to work is vital. What policies, programs and initiatives are in place that demonstrate an organization’s commitment to diversity, equity, inclusion and belonging?
Cisco’s ongoing commitments to social justice and pay parity include twelve action steps as part of Cisco’s Social Justice Blueprint. Cultivating a conscious culture includes on-going dialogue, programs and events meant to increase equality. Employee Resource Organizations and mentorship programs provide more opportunities to build community and share knowledge, resources and advocacy.
What environment allows you to do your best work? Also consider what perks and processes an employer offers to enhance flexibility and adaptability. During the pandemic, Duo and Cisco transitioned all global events, training and professional development workshops to fully virtual. As in person options resumed following the pandemic, all events are designed to ensure an inclusive experience no matter where you’re joining from.
“We don’t want to go back to a world where people not based in an office feel like they are getting a lesser experience,” Reid said.
Considering how to make programs and information accessible to employees regardless of where they work is also important to Sammi Seaman, team lead of employee experience at Cisco Talos. She’s currently spearheading a new hire program that is “more inclusive of folks whether they’re office based, remote or somewhere across the world.”
It’s essential to consider how you want your life and work to intersect, particularly as hybrid work becomes more popular. How important is paid time off, flexible work options or a consistent structure?
Cisco Secure offers “Days for Me,” days off for employees to decompress and do something to fill their cups. Monthly “Focus Days” are days without meetings, so employees can prioritize the projects that need attention.
Curran recalls one candidate who, despite multiple offers from competitors, chose Cisco Secure because of the flexible work environment: “This person has a young child and felt that the “Days for Me” and flexibility to work from home in a hybrid situation would work best for his career long-term.”
As Reid’s team helps lead the transition to hybrid work, the book Out of Office: The Big Problem and Bigger Promise of Working From Home by Charlie Warzel and Anne Helen Petersen has been inspiring. The book “does an amazing job of sharing a vision for an inclusive future that empowers employees to be successful and have a ‘work/life balance’ that truly works,” Reid said.
Currently Cisco Secure offers a hybrid model while many employees still work remotely. In terms of maintaining accessibility through this transition, Marketing Specialist Julie Kramer advocated for more accessibility and saw changes at Cisco as a result.
“Webex pre-COVID didn’t have any closed captioning. So, another deaf person and I reached out and closed captioning and the transcript option got added,” Kramer shared.
Kramer prefers to have high-quality and frequently the same interpreters who “know the terminology for my job, marketing and technology. In business, the security and marketing industry can really talk fast, so you need a high-quality interpreter that can keep up and one that is qualified and certified,” she said.
Consider what pace of your specific role and within an industry is needed for you to feel engaged without overwhelmed. While different roles within the same organization and industry may run at different paces, it’s important to tune into what might be expected on your potential new team.
Seaman finds that the fast pace of cybersecurity can be “delightful and challenging. There’s a lot of fast-paced pivoting that happens, which makes for an interesting workplace because two days are never the same,” she said.
Do you prefer a hierarchical structure, or one that is more flat? Are you most effective and fulfilled riding solo, or while consistently connecting with coworkers? Does contributing your ideas make you feel empowered?
At Cisco Secure, there is space to join conversations. “No matter where you sit in the company, you have a voice and can speak up and collaborate and self-organize on a project. It feels like a bunch of really hard working, humble, smart people who are trying to solve problems together,” said Manager of Duo’s Global Knowledge and Communities Team Kelly Davenport.
To enhance communication and knowledge among distributed teams, Seaman started a dialogue series called “The More You Know.” Questions include: What do you do? How do you do it? How can that help other parts of Cisco Talos? The conversations lead to future collaboration and resource sharing.
Do you want to grow professionally and increase your skills and knowledge? A culture of teaching and learning within an organization can help hone and expand your skills and connections.
Lead of Strategic Business Intelligence Ashlee Benge finds the security world “very dynamic. You really can never stop learning. Within Cisco Talos, the people around me are such smart, dedicated people that there’s really a lot that you can gain from just being involved in the group as a whole.”
For Seaman, who didn’t come from a technical background, Cisco Talos offered opportunities to expand her technical knowledge, including from colleagues. “Coming into Cisco Talos, people are like, “Here, let me teach you. You can totally do this. Just because you didn’t know how to do it doesn’t mean you can’t learn. Let’s go,” Seaman shared. Seaman’s colleagues have also learned from her expertise in information and knowledge management given her background as a librarian.
More formally, the Learning and Development team recently launched a comprehensive talent development program with enablement resources and support for people leaders. Aspects include: “really thoughtful templates for employees to use with their manager to talk through career goals, development areas, and to define an actionable investment plan. These resources are fueling great career conversations, strong alignment, and thoughtful development plans,” Reid said.
Do you want to refine your skills within your wheelhouse? Or are you driven to try new tasks and potentially change roles within your next organization?
Benge, whose background is in computational astrophysics, has found her interests shift from technical security research to business strategy and data science. At Cisco Talos, she’s been involved in everything from detection research and threat hunting, to community outreach, conference talks and traveling to support sales engagements. Currently, she’s helping to lead threat hunting in Ukraine.
“My leaders have always made it very clear that if there’s an interest, it’s okay to pursue it and it doesn’t have to necessarily be within the scope of my role. Having that freedom to pursue interests within the industry has been really engaging,” Benge said.
In addition to company values and mission statements, leaders and employees contribute to an organization’s culture every day. If you want to enhance your company’s culture, participate.
“Feedback on what employees want to see is crucial,” Reid said. “The easiest way to contribute to developing culture and a positive employee experience in your workplace is to add to what’s already happening! Culture takes participation and ownership from all employees.”
Reid shared that in performance reviews at Cisco, “‘Team Impact” is equally as important as “Results.” Contributing positively to company culture should contribute to performance reviews and promotion justification,” she said.
To learn more about Cisco’s company culture and how you can contribute to it, check out our open roles.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Just like the myriad expanding galaxies seen in the latest images from the James Webb space telescope, the cybersecurity landscape consists of a growing number of security technology vendors, each with the goal of addressing the continually evolving threats faced by customers today. In order to be effective, cybersecurity tools have to be collaborative—be it sharing relevant threat intelligence, device & user insights, acting on detection and remediation workflows, and more.
We at Cisco Secure have embraced this concept for a while now with our continually growing ecosystem of multi-vendor technology integrations. At the RSA Conference 2022 earlier this year, Jeetu Patel, Cisco’s Executive Vice President and General Manager of Security and Collaboration, spoke of how the ‘cybersecurity poverty line’ is widening and how malicious actors are taking advantage of this gaping hole to unleash persistent attacks. It is imperative that cybersecurity vendors interact with and collaborate with each other to lower this gap. To do this, security vendors must adopt open ecosystems of APIs to easily integrate with each other to provide effective ways for mutual customers to defend and react to cybersecurity attacks.
Like in prior years, this fiscal year 2022 saw us growing to include new ecosystem partners and integrations. With 22 new partners and 51 new integrations in our ecosystem, Cisco Secure Technical Alliance (CSTA) now boasts over 450 integrations, including technical integrations with Cisco Duo and Cisco Kenna. This allows our mutual customers the freedom to implement the cybersecurity tools of their choice with the knowledge that these tools can integrate with each other if they need to, thus realizing a better return on investment in their cybersecurity spending and improving cybersecurity posture.
In this annual round-up of our ecosystem, we congratulate our new partners in CSTA and existing partners as well, who have either created new integrations across our portfolio or augmented existing ones. For more details on each partner integration in this announcement, please read through the individual partner highlights below.
Happy integrating!
The AlienApp for Cisco Secure Endpoint enables you to automate threat detection and response activities between USM Anywhere and Cisco Secure Endpoint. It also enhances the threat response capabilities of USM Anywhere by providing orchestration and response actions to isolate or un-isolate hosts based on risks identified in USM Anywhere. In addition, it allows you to collect hourly events from Cisco Secure Endpoint through the USM Anywhere Job Scheduler. Read more here.
AttackIQ automates the evaluation of Cisco Secure Endpoint against the tactic categories as outlined by MITRE ATT&CK. The AttackIQ and Cisco partnership and technical integration enables organizations to validate that the Cisco Secure Endpoint is deployed correctly and configured optimally, ensuring protection for your endpoints against the latest threats. Read more here.
With Certego Tactical Response for Cisco Secure Endpoint, monitored endpoints are monitored by the Certego PanOptikon SOAR platform. When Certego IRT detects malicious activities on a specific host in the customer’s network, it can isolate compromised hosts to block the attack, even without requiring the user to access the Cisco Secure Endpoint Console. Read more about the Certego here.
Cisco Secure Endpoint is now certified for the ServiceNow ITSM San Diego release. The Cisco Secure Endpoint App on ServiceNow provides users with the ability to integrate event data from the Cisco Secure Endpoint into ServiceNow by creating ITSM incidents. The app automates the collection of events from Cisco Secure Endpoint and groups them into single incidents. Read more here.
FAMOC manage from Techstep, a Gartner-recognized MMS provider, is an MDM designed to give IT a complete view and absolute control over mobile devices used by the workforce, so that people can work more effectively and securely. With the Cisco Security Connector for iOS integration, FAMOC MDM extends its enterprise mobility management with an extra layer of network security and traffic analysis tool, giving IT admins tools to make actionable decisions and design access control policies. Read more here.
Elastic Security now supports event ingestion from Cisco Umbrella, providing visibility into user activity and attempts to access potentially malicious domains. This new integration supports Umbrella proxy, cloud firewall, IP, and DNS logs. This integration enables security analysts to detect threats and visualize Cisco Umbrella data, and also correlate Umbrella events with other data sources including endpoint, cloud, and network. This integration expands on Elastic’s on-going expansion of Cisco integrations including ASA, Nexus, Meraki, Duo and Secure Firewall Threat Defense. Read more here.
FortiSIEM brings together visibility, correlation, automated response, and remediation in a single, scalable solution. It reduces the complexity of managing network and security operations to effectively free resources, improve breach detection, and even prevent breaches. Read more here.
Hunters ingests Cisco Umbrella log and alert information into our SOC Platform; the Platform then correlates that information with all of the other (vendor agnostic) customer security telemetry, including EDR, Identity and Cloud/Network log data, in the customer’s infrastructure to synthesize and detect incidents with a higher fidelity than any single tool alone can produce. Read more here.
LearnSafe equips school leaders (K-12) with evidence-based information to better understand which students are exhibiting behavioral issues and in need of help based on what they are using, saying, and doing on the school-owned computer. With Cisco Umbrella, LearnSafe administrators are able to block access to domains their students should not be accessing. Read more here.
The Cisco Umbrella solution for Microsoft Azure Sentinel is now live! This integration enables your customers to ingest Cisco Umbrella events stored in Amazon S3 into Microsoft Sentinel using the Amazon S3 REST API. Read more here.
Sumo Logic’s cloud-native collector supports automatic ingestion of logs from Cisco Umbrella’s hosted AWS S3 buckets. Data collected from Umbrella can then be routed to Sumo’s Cloud SIEM, where it is then automatically normalized and applied to our rule’s engine. Several built-in rules for Umbrella have been created that, when triggered, will generate security signals in the platform. These and other security signals are then clustered together based on related entities (IP, email, domain name, URL, etc.) to create insights for review by the SOC. Read more here.
The Secure Firewall team and Alkira have validated Secure Firewall (Virtual) Version 7.1 to run on Alkira’s cloud network as-a-service (CNaaS) platform. The solution offers on-demand hybrid and multi-cloud connectivity, integrated network and security services, end-to-end visibility, controls and governance. Read more here.
The Secure Firewall team has validated Cyware’s STIX 1.2 threat intelligence feed for interoperability with Secure Firewall’s Threat Intelligence Director. Customers can quickly operationalize the inbound data to protect the network from the latest threats. Read more here.
Dragos protects critical infrastructure and has joined the CSTA program. Dragos inventories assets, determines risk and vulnerabilities and generates firewall policy objects that administrators can apply to their Cisco Secure Firewall deployment through its REST API. Read more here.
The Secure Firewall team and Equinix have validated Secure Firewall (Virtual) to run on Equinix’s Network Edge as a Service platform. Equinix Fabric allows you to connect digital infrastructure and services on demand via secure, software-defined interconnection (Ecosystem). Read more here.
Fastvue has joined the CSTA program. The Fastvue Site Clean engine intelligently interprets Cisco Secure Firewall log data so that non-technical employees can easily see what people are actually doing online. The data use to keep companies compliant with workplace and school policies. Read more here.
Alef Nula has developed a new integration with ISE. The Alef Nula Identity Bridge consumes identity updates published by pxGrid and serves them to ASA firewalls using the CDA/Radius protocol. Using pxGrid v2.0, it replaces unsupported Cisco CDA and allows ASA firewalls to become an identity consumer of ISE context. It can read the full identity database and can update registered ASA firewalls in Full Download mode. Read more here.
Forescout’s pxGrid Plugin integrates with existing Cisco ISE deployments so that you can benefit from Forescout visibility and assessment for policy decisions, while continuing to use ISE as an enforcement point. The pxGrid Plugin enables Forescout platform policies to detect ISE-related properties on endpoints, and to apply Cisco ISE ANC policies, including policies that assign Security Groups to devices. Read more here.
FortiManager provides automation-driven centralized management of Fortinet devices from a single console, enabling full administration and visibility of your network devices through streamlined provisioning and innovative automation tools. FortiManager dynamically collects updates from Cisco ISE with pxGrid and forwards them to FortiGate using the Fortinet Single Sign On (FSSO) protocol. This enables the use of session information collected by Cisco ISE to be leveraged in FortiOS security policies. Read more here.
Radiflow provides OT ICS policy creation and enforcement with the Radiflow iSID IDS. They recently completed a new integration with ISE leveraging pxGrid. With this integration Cisco ISE receives enriched data of OT devices from Radiflow iSID and will process it according to the profiles and policies which have been configured. Enriching ISE with OT specific insights available with iSID’s DPI engine enables better decision making within ISE by providing additional context to categorize devices by their type/function within the OT environment. Read more here.
XTENDISE is a simple web application connected to Cisco ISE. It is designed for administrators, helpdesk, operators or anyone who needs to work with ISE and helps them with everyday routine tasks related to 802.1X without the need to train them in Cisco ISE. XTENDISE saves administrators’ time, prevents errors and increases network security. Read more here.
The Cisco Secure Malware Analytics Add-On for Splunk leverages the Threat Grid API to enrich events within Splunk. The add-on is now updated for Splunk 8 and is available on Splunkbase. Read more here.
Censys now has an integration with SecureX threat response, which returns Sightings of IP and IPv6 Observables (IOCs) in an investigation. Read more about the Censys relay module here.
The new Exabeam integration empowers users to investigate an observable and determine if it is contained in a log message stored in Exabeam Fusion SIEM Data Lake. It provides users with the date and time the observable was seen in the log, the forwarder that sent the log, and the raw log messages. When you pivot into Exabeam and search for an observable in all the log messages, the results of the search are displayed in the Exabeam UI. This integration allows you to query IPv4, IPv6, SHA-1, SHA-256, MD5, domain, URL, file path, user and email data types and it returns sightings of an observable from each log message. Read more here.
The LogRhythm integration empowers users to investigate an observable and determine if it is contained in an event stored in LogRhythm. It provides users with the date and time the observable was seen in the event and the raw event data. This integration allows you to query IPv4 and IPv6 data types and it returns sightings of an observable from each event. Read more here.
A proof-of-concept integration with RSA NetWitness SIEM was built for the RSAC SOC and Black Hat NOCs. The SecureX Concrete Relay implementation using NetWitness as a third-party Cyber Threat Intelligence service provider. The Relay itself is just a simple application written in Python that can be easily packaged and deployed. Read more here.
Cisco SecureX threat response integration with SecOps is now certified for the ServiceNow San Diego release. The module allows ServiceNow SecOps to leverage the Verdicts, Refer and Response capabilities provided by SecureX threat response to assist the security analyst in their investigation workflow. Read more here.
The Sumo Logic Cloud SIEM integration provides security analysts with enhanced visibility across the enterprise to thoroughly understand the impact and context of an attack. Streamlined workflows automatically triage alerts to maximize security analyst efficiency and focus. This integration indicates to users that the observable in an investigation is contained in an insight and/or signal within Sumo Logic Cloud SIEM. It allows you to query IPv4, IPv6, SHA-1, SHA-256, MD5, domain, and URL data types. It also returns sightings and indicators of an observable from each insight and signal retrieved from Sumo Logic Cloud SIEM. Read more here.
APIVoid provides JSON APIs useful for cyber threat analysis, threat detection and threat prevention. The following APIVoid atomic actions for SecureX Orchestration Workflows are now available: Get Domain Reputation, Get IP Reputation, Get URL Reputation, Get URL Status. Access the workflows here.
Censys is a company that allows users to discover the devices, networks, and infrastructure on the Internet and monitor how it changes over time. SecureX orchestration atomic actions for Censys is now available and includes: Basic Search. Access the workflows here.
This integration radically reduces the time and resources enterprises spend to detect, investigate, and remediate ransomware threats to data. It empowers SecOps, ITOps and NetOps with visibility and automation to collaborate in countering ransomware — regardless of whether data resides on-premises or in the cloud — delivering enterprise-wide confidence in deterring, detecting, and recovering fast from cyberattacks. Cohesity’s next-gen data management enhances Cisco SecureX by adding visibility and context to data, complementing Cisco’s existing capabilities for networks, endpoints, clouds, and apps. Read more here.
SecureX orchestration atomic actions for workflows are now available for Farsight Security DNSDB. They include various items like DKIM key inspections, DNS Resource Records and more. Access the workflows here.
SecureX orchestration workflows for Fortinet FortiGate are now available: Block URL, IP and Domain Threat Containment. Access the workflows here.
SecureX orchestration workflows for Jamf Pro include: Lock Computer, Lock Mobile Device. Access the workflows here.
SecureX orchestration workflows for Palo Alto Networks Panorama are now available: Block URL, IP, Domain Threat Containment. Access the workflows here.
A new Orchestration action provides top MacOS IR Indicators to ServiceNow This workflow runs multiple Orbital queries on the endpoint provided to look for top incident response indicators of compromise. The results are then posted to a ServiceNow incident. Supported observables: ip, mac_address, amp_computer_guid, hostname. Access the workflow here.
Shodan is a database of billions of publicly available IP addresses, and it’s used by security experts to analyze network security. SecureX orchestration atomic actions for Shodan include: Basic Search. Access the workflows here.
Earlier this year we announced SecureX Device Insights which provides comprehensive endpoint inventory in a single unified view. Endpoint searching and reporting allows you to assess device security configuration on employee-owned, contractor-owned, company owned, and IoT/OT devices—without risking business disruption. With Device Insights you can
Device insights supports the following third-party sources in its initial release: Jamf Pro, Microsoft Intune, Ivanti MobileIron and VMware Workspace ONE (formerly AirWatch).
Bitglass’ Next-Gen CASB provides data protection, threat protection, access management, and visibility, while Duo offers identity verification options like SSO and MFA. The Duo and Bitglass integration provide a synergistic solution that funnels traffic through Duo’s SSO and verifies users via its MFA so Bitglass can deliver real-time data loss prevention and granular adaptive access control. Because of Bitglass’ agentless architecture, the joint solution can secure any app, any device, anywhere. Read more about the integration here. A joint solution brief is also available here.
Cmd helps companies authenticate and manage user security in Linux production environments without slowing down teams — you don’t need to individually configure identities and devices. Cmd integrates with Duo to put 2FA checkpoints into Linux-based data centers and cloud infrastructure. The combination of Cmd and Duo enables development teams to run at the modern, agile pace they are accustomed to without any security-induced slowdowns. Read more here.
Darktrace is an AI-native platform that delivers self-learning cyber defense and AI investigations and seamlessly integrates with other tools via an open and extensible architecture. Darktrace’s Security Module for Duo provides coverage over access, user sessions and platform administration within the Duo platform. Read more here.
Dashlane is a password manager that now supports Duo using Duo SSO. The integration lets IT Administrators easily deploy Duo + Dashlane and set up access policies. End users can easily access Dashlane and their passwords with SSO from Duo. Read more here.
HashiCorp Vault is an identity-based secrets and encryption management system. A secret is anything that you want to tightly control access to, such as API encryption keys, passwords, and certificates. Add another layer of protection and protect access to secrets within HashiCorp Vault with Duo Security MFA. Read more here. A recording of the Cisco Duo + HashiCorp webinar is available to view here.
Oort discovers vulnerabilities across an entire user population (or a segment of it). Trigger notifications related to behavioral anomalies or best practices, or policies not being followed. Oort integrates with Duo for identity analytics and threat detection to provide a complete picture of the user behavior and highlight any anomalous activity or identify risks. Read more here.
Perimeter 81 simplifies cyber and network security for the hybrid workforce, ensuring secure access to local networks, applications, and cloud infrastructure. Their integration with Duo provides protection for administrators and end-users who need to log in to Perimeter 81. Read more here.
Specops Software, a leading provider of password management and authentication solutions, protects businesses by securing user authentication across high-risk tasks including account unlocks and password recovery via self-service or the IT service desk. Organizations can extend Duo authentication to secure user verification across these use cases. Read about the integration here. A blog on the integration is also available here.
Sectona is a Privileged Access Management company that delivers integrated privilege management components for securing dynamic remote workforce access across on-premises or cloud workloads, endpoints, and machine-to-machine communication. Duo’s secure access multi-factor authentication can be used to ensure that each user authenticates using multiple methods (factors) while accessing Sectona Privileged Access Management. Read more here.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Security tools are only as good as the intelligence and expertise that feeds them. We’re very fortunate to have our security technologies powered by Cisco Talos, one of the largest and most trusted threat intelligence groups in the world. Talos is comprised of highly skilled researchers, analysts, and engineers who provide industry-leading visibility, actionable intelligence, and vulnerability research to protect both our customers and the internet at large.
The Talos team serves as a crucial pillar of our innovation — alerting customers and the public to new threats and mitigation tactics, enabling us to quickly incorporate protection into our products, and stepping in to help organizations with incident response, threat hunting, compromise assessments and more. Talos can also be found securing large-scale events such as the Super Bowl, and working with government and law enforcement organizations across the globe to share intelligence.
With Cisco’s vast customer base and broad portfolio — from routers and switches to email and endpoints — Talos has visibility into worldwide telemetry. Once a threat is seen, whether it’s a phishing URL or an IP address hosting malware, detections are created and indicators of compromise are categorized and blocked across our Cisco Secure portfolio.
Talos also leverages its unique insights to help society as a whole better understand and combat the cyberattacks facing us daily. During the war in Ukraine, the group has taken on the additional task of defending over 30 critical infrastructure providers in the country by directly managing and monitoring their endpoint security.
The reality of security today is that organizations must be constantly ready to detect and contain both known and unknown threats, minimize impact, and keep business going no matter what happens in the cyber realm. In light of hybrid work, evolving network architectures, and increasingly insidious attacks, all organizations must also be prepared to rapidly recover if disaster strikes, and then emerge stronger. We refer to this as security resilience, and Talos plays a critical role in helping our customers achieve it.
For several years, our integrated, cloud-native Cisco SecureX platform has been delivering extended detection and response (XDR) capabilities and more. SecureX allows customers to aggregate, analyze, and act on intelligence from disparate sources for a coordinated response to cyber threats.
Through the SecureX platform, intelligence from Talos is combined with telemetry from our customers’ environments — including many third-party tools — to provide a more complete picture of what’s going on in the network. Additionally, built-in, automated response functionality helps to speed up and streamline mitigation. This way, potential attacks can be identified, prioritized, and remediated before they lead to major impact.
For XDR to be successful, it must not only aggregate data, but also make sense of it. Through combined insights from various resources, SecureX customers obtain the unified visibility and context needed to rapidly prioritize the right threats at the right time. With SecureX, security analysts spend up to 90 percent less time per incident.
One of Australia’s largest universities, Deakin University, needed to improve its outdated security posture and transition from ad hoc processes to a mature program. Its small security team sought an integrated solution to simplify and strengthen threat defense.
With a suite of Cisco security products integrated through SecureX, Deakin University was able to reduce the typical investigation and response time for a major threat down from over a week to just an hour. The university was also able to decrease its response time for malicious emails from an hour to as little as five minutes.
“The most important outcome that we have achieved so far is that security is now a trusted function.”
– Fadi Aljafari, Information Security and Risk Manager, Deakin University
Also in the education space, AzEduNet provides connectivity and online services to 1.5 million students and 150,000 teachers at 4,300 educational institutions in Azerbaijan. “We don’t have enough staff to monitor every entry point into our network and correlate all the information from our security solutions,” says Bahruz Ibrahimov, senior information security engineer at AzEduNet.
The organization therefore implemented Cisco SecureX to accelerate investigations and incident management, maximize operational efficiency with automated workflows, and decrease threat response time. With SecureX, AzEduNet has reduced its security incidents by 80 percent.
“The integration with all our Cisco Secure solutions and with other vendors saves us response and investigation time, as well as saving time for our engineers.”
– Bahruz Ibrahimov, Senior Information Security Engineer, AzEduNet
The sophistication of attackers and sheer number of threats out there today make it extremely challenging for most cybersecurity teams to effectively stay on top of alerts and recognize when something requires their immediate attention. According to a survey by ESG, 81 percent of organizations say their security operations have been affected by the cybersecurity skills shortage.
That’s why Talos employs hundreds of researchers around the globe — and around the clock — to collect and analyze massive amounts of threat data. The group uses the latest in machine learning logic and custom algorithms to distill the data into manageable, actionable intelligence.
“Make no mistake, this is a battle,” said Nick Biasini, head of outreach for Cisco Talos, who oversees a team of global threat hunters. “In order to keep up with the adversaries, you really need a deep technical understanding of how these threats are constructed and how the malware operates to quickly identify how it’s changing and evolving. Offense is easy, defense is hard.”
Earlier this year, we unveiled our strategic vision for the Cisco Security Cloud to deliver end-to-end security across hybrid, multicloud environments. Talos will continue to play a pivotal role in our technology as we execute on this vision. In addition to driving protection in our products, Talos also offers more customized and hands-on expertise to customers when needed.
Cisco Talos Incident Response provides a full suite of proactive and emergency services to help organizations prepare for, respond to, and recover from a breach — 24 hours a day. Additionally, the recently released Talos Intel on Demand service delivers custom research unique to your organization, as well as direct access to Talos security analysts for increased awareness and confidence.
Visit our dedicated Cisco Talos web page to learn more about the group and the resources it offers to help keep global organizations cyber resilient. Then, discover how XDR helps Security Operations Center (SOC) teams hunt for, investigate, and remediate threats.
Watch video: What it means to be a threat hunter
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
With a rising number of cyberattacks targeting organizations, protecting sensitive customer information has never been more critical. The stakes are high due to the financial losses, reputational damage, legal & compliance fines, and more that often stem from mishandled data. At Cisco Secure, we recognize this and are continuously looking for ways to improve our information security practices.
As a result, we are excited to announce that we have achieved SOC 2 compliance for the Cisco Secure Endpoint solution, Cisco Malware Analytics, and the Cisco SecureX platform! SOC 2 is a compliance framework developed by the American Institute of Certified Public Accountants (AICPA) that helps ensure organizations responsibly handle customer data. This is done via strong information security practices that adhere to trust service criteria for security, availability, and confidentiality.
Achieving SOC 2 compliance means that we have adhered to these trust principles and gone through a rigorous audit by an independent, third-party firm to validate our information security practices. This shows that we are committed to safeguarding your sensitive data with robust controls in place and gives you the peace of mind that your data is in good hands. We have achieved SOC 2 Type 2 compliance for the following Cisco Secure products:
To learn more about SOC 2 compliance for these solutions, please speak to your Cisco representative, or visit the Cisco Trust Portal, where you can access the SOC 2 reports.
During our threat hunting exercises in recent months, we’ve started to observe a distinguishing pattern of msiexec.exe usage across different endpoints. As we drilled down to individual assets, we found traces of a recently discovered malware called Raspberry Robin. The RedCanary Research Team first coined the name for this malware in their blog post, and Sekoia published a Flash Report about the activity under the name of QNAP Worm. Both articles offer great analysis of the malware’s behavior. Our findings support and enrich prior research on the topic.
Raspberry Robin is a worm that spreads over an external drive. After initial infection, it downloads its payload through msiexec.exe from QNAP cloud accounts, executes its code through rundll32.exe, and establishes a command and control (C2) channel through TOR connections.
Let’s walkthrough the steps of the kill-chain to see how this malware functions.
Raspberry Robin is delivered through infected external disks. Once attached, cmd.exe tries to execute commands from a file within that disk. This file is either a .lnk file or a file with a specific naming pattern. Files with this pattern exhibit a 2 to 5 character name with an usually obscure extension, including .swy, .chk, .ico, .usb, .xml, and .cfg. Also, the attacker uses an excessive amount of whitespace/non printable characters and changing letter case to avoid string matching detection techniques. Example command lines include:
File sample for delivery can be found in this URL:
https://www.virustotal.com/gui/file/04c13e8b168b6f313745be4034db92bf725d47091a6985de9682b21588b8bcae/relations
Next, we observe explorer.exe running with an obscure command line argument, spawned by a previous instance of cmd.exe. This obscure argument seems to take the name of an infected external drive or .lnk file that was previously executed. Some of the samples had values including USB, USB DISK, or USB Drive, while some other samples had more specific names. On every instance of explorer.exe we see that the adversary is changing the letter case to avoid detection:
After delivery and initial execution, cmd.exe spawns msiexec.exe to download the Raspberry Robin payload. It uses -q or /q together with standard installation parameter to operate quietly. Once again, mixed case letters are used to bypass detection:
As you can see above, URLs used for payload download have a specific pattern. Domains use 2 to 4 character names with obscure TLDs including .xyz, .hk, .info, .pw, .cx, .me, and more. URL paths have a single directory with a random string 11 characters long, followed by hostname and the username of the victim. On network telemetry, we also observed the Windows Installer user agent due to the usage of msiexec.exe. To detect Raspberry Robin through its URL pattern, use this regex:
^http[s]{0,1}\:\/\/[a-zA-Z0-9]{2,4}\.[a-zA-Z0-9]{2,6}\:8080\/[a-zA-Z0-9]+\/.*?(?:-|\=|\?).*?$
If we look up the WHOIS information for given domains, we see domain registration dates going as far back as February 2015. We also see an increase on registered domains starting from September 2021, which aligns with initial observations of Raspberry Robin by our peers.
| WHOIS Creation Date | Count |
| 12/9/2015 | 1 |
| … | … |
| 10/8/2020 | 1 |
| 11/14/2020 | 1 |
| 7/3/2021 | 1 |
| 7/26/2021 | 2 |
| 9/11/2021 | 2 |
| 9/23/2021 | 9 |
| 9/24/2021 | 6 |
| 9/26/2021 | 4 |
| 9/27/2021 | 2 |
| 11/9/2021 | 3 |
| 11/10/2021 | 1 |
| 11/18/2021 | 2 |
| 11/21/2021 | 3 |
| 12/11/2021 | 7 |
| 12/31/2021 | 7 |
| 1/17/2022 | 6 |
| 1/30/2022 | 11 |
| 1/31/2022 | 3 |
| 4/17/2022 | 5 |
Table 1: Distribution of domain creation dates over time
Associated domains have SSL certificates with the subject alternative name of q74243532.myqnapcloud.com, which points out the underlying QNAP cloud infra. Also, their URL scan results return login pages to QTS service of QNAP:
Once the payload is downloaded, it is executed through various system binaries. First, rundll32.exe uses the ShellExec_RunDLL function from shell32.dll to leverage system binaries such as msiexec.exe, odbcconf.exe, or control.exe. These binaries are used to execute the payload stored in C:\ProgramData\[3 chars]\
It is followed by the execution of fodhelper.exe, which has the auto elevated bit set to true. It is often leveraged by adversaries in order to bypass User Account Control and execute additional commands with escalated privileges [3]. To monitor suspicious executions of fodhelper.exe, we suggest monitoring its instances without any command line arguments.
Raspberry Robin sets up its C2 channel through the additional execution of system binaries without any command line argument, which is quite unusual. That likely points to process injection given elevated privileges in previous steps of execution. It uses dllhost.exe, rundll32.exe, and regsvr32.exe to set up a TOR connection.
In Cisco Global Threat Alerts available through Cisco Secure Network Analytics and Cisco Secure Endpoint, we track this activity under the Raspberry Robin threat object. Image 3 shows a detection sample of Raspberry Robin:
Raspberry Robin tries to remain undetected through its use of system binaries, mixed letter case, TOR-based C2, and abuse of compromised QNAP accounts. Although we have similar intelligence gaps (how it infects external disks, what are its actions on objective) like our peers, we are continuously observing its activities.
| Type | Stage | IOC |
| Domain | Payload Delivery | k6j[.]pw |
| Domain | Payload Delivery | kjaj[.]top |
| Domain | Payload Delivery | v0[.]cx |
| Domain | Payload Delivery | zk4[.]me |
| Domain | Payload Delivery | zk5[.]co |
| Domain | Payload Delivery | 0dz[.]me |
| Domain | Payload Delivery | 0e[.]si |
| Domain | Payload Delivery | 5qw[.]pw |
| Domain | Payload Delivery | 6w[.]re |
| Domain | Payload Delivery | 6xj[.]xyz |
| Domain | Payload Delivery | aij[.]hk |
| Domain | Payload Delivery | b9[.]pm |
| Domain | Payload Delivery | glnj[.]nl |
| Domain | Payload Delivery | j4r[.]xyz |
| Domain | Payload Delivery | j68[.]info |
| Domain | Payload Delivery | j8[.]si |
| Domain | Payload Delivery | jjl[.]one |
| Domain | Payload Delivery | jzm[.]pw |
| Domain | Payload Delivery | k6c[.]org |
| Domain | Payload Delivery | kj1[.]xyz |
| Domain | Payload Delivery | kr4[.]xyz |
| Domain | Payload Delivery | l9b[.]org |
| Domain | Payload Delivery | lwip[.]re |
| Domain | Payload Delivery | mzjc[.]is |
| Domain | Payload Delivery | nt3[.]xyz |
| Domain | Payload Delivery | qmpo[.]art |
| Domain | Payload Delivery | tiua[.]uk |
| Domain | Payload Delivery | vn6[.]co |
| Domain | Payload Delivery | z7s[.]org |
| Domain | Payload Delivery | k5x[.]xyz |
| Domain | Payload Delivery | 6Y[.]rE |
| Domain | Payload Delivery | doem[.]Re |
| Domain | Payload Delivery | bpyo[.]IN |
| Domain | Payload Delivery | l5k[.]xYZ |
| Domain | Payload Delivery | uQW[.]fUTbOL |
| Domain | Payload Delivery | t7[.]Nz |
| Domain | Payload Delivery | 0t[.]yT |
Ransomware and other advanced attacks continue to evolve and threaten organizations around the world. Effectively defending your endpoints from these attacks can be a complex undertaking, and a seemingly endless number of security acronyms only compounds that complexity. There are so many acronyms – EPP, EDR, MEDR, MDR, XDR, and more – for various cybersecurity products and services that it becomes difficult to understand the differences between them and choose the right solution for your organization. Deciphering all these acronyms is a task on its own and deciding which solution works best for you is even more challenging.
We here at Cisco believe that understanding these acronyms and determining which security products or services are the best fit for your organization’s needs doesn’t have to be so hard. That’s why we developed this blog – the first in a series – to give you an overview of the different types of threat detection and response solutions.
This series will help you understand the benefits and disadvantages of each solution, the similarities and differences between these solutions, and how to identify the right solution for your organization. Now let’s go over the different types of security solutions.
There are several types of threat detection and response solutions, including:
These solutions are similar in that they all enable you to detect and respond to threats, but they differ by the environment(s) being monitored for threats, who conducts the monitoring, as well as how alerts are consolidated and correlated. For instance, certain solutions will only monitor your endpoints (EDR, MEDR) while others will monitor a broader environment (XDR, MDR). In addition, some of these solutions are actually managed services where a third-party monitors your environment (MEDR, MDR) versus solutions that you monitor and manage yourself (EDR, XDR).
When evaluating these solutions, keep in mind that there isn’t a single correct solution for every organization. This is because each organization has different needs, security maturities, resource levels, and goals. For example, deploying an EDR makes sense for an organization that currently has only a basic anti-virus solution, but this seems like table stakes to a company that already has a Security Operations Center (SOC).
That being said, there are a few questions you can ask yourself to find the cybersecurity solution that best fits your needs, including:
Of these questions, the most critical are about your security goals and current cybersecurity posture. For instance, organizations at the beginning of their security journey may want to look at an EDR or MEDR solution, while companies that are further along their journey are more likely to be interested in an XDR. Asking whether you already have or are willing to build out a SOC is another essential question. This will help you understand whether you should run your security yourself (EDR, XDR) or find a third-party to manage it for you (MEDR, MDR).
Asking whether you have or are willing to hire the right security talent is another critical question to pose. This will also help determine whether to manage your cybersecurity solution yourself or have a third-party run it for you. Finally, questions about visibility and context, alert, and security tool fatigue, as well as detection and response times will help you to decide if your current security stack is sufficient or if you need to deploy a next-generation solution such as an XDR.
These questions will help guide your decision-making process and give you the information you need to make an informed decision on your cybersecurity solution. For more details on the different endpoint security acronyms and how to determine the right solution for your organization, keep an eye out for the next blog in this series – Unscrambling Cybersecurity Acronyms: The ABCs of EDR and MEDR. Stay tuned!
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Instagram
Facebook
Twitter
LinkedIn
Over her 25-year-plus career, Saleema Syed has seen the information security industry from a variety of vantage points, all while championing women in technology. Syed worked as director of business systems and data management for Duo Security before rising to vice president of information technology. Later, after Duo was acquired by Cisco, she transitioned to new roles within the larger organization and now heads up operations for Webex Marketing. In this position Syed brings structure across different functions of marketing including brand, events and technology while also serving as chief operating officer for Chief Marketing Officer Aruna Ravichandran.
“I fell in love with the culture, the kindness, the heart of this company,” Syed said.
Recently, she shared her passion for problem solving and inclusion with the Duo Blog, along with the advice she gives mentees navigating their own career paths.
Saleema Syed: I like chaos and I love putting a method to the madness. With marketing we have to react to the market, react to the business, react internally. What energizes me is there’s never a dull day and there is always this ability to bring some overall end to end process.
I love running towards a burning car and figuring out how to put it out. I love change. I know change is the only constant and rather than running away from it, I thrive in it. I like to look at it and ask, “What can we do to break it down and figure out what we need to do?”
My brain works in terms of boxes and flows and charts and spreadsheets so when I look at something I’m like, “Okay, what is a box? What is a process? How do I untangle it?” I like sitting in the discomfort and understanding what to do to get out of it.
Saleema Syed: There are three things I always keep in mind when I look at what I’m doing and where I want to be. One is, at the core of it, does it fill my cup of empathy and allow me to be true to who I am in how I treat people or how I build a team?
The second thing is, will I have the opportunity to influence and impact the people on the team or my family? How do I show myself to my daughter who is growing and seeing how to become who she is as a career person?
The third thing is, is it something new and am I learning something? Continuous learning is a huge part of who I am, so that drives me to get out of my comfort zone constantly.
When I’m changing jobs people usually say, “You’ve set up this team, you’re so comfortable. Now all you have to do is sit back and execute.” And my answer is, “That’s exactly why I am moving.”
If I am comfortable I’m not learning, and I don’t know if I’m adding any more value than I’ve set up. That means it’s time for me to move on and elevate somebody. What I’m doing is sending the elevator down to somebody on the team to grow.
That’s why I’ve had people who work for me for many years follow me through multiple organizations, which as a leader has been my pinnacle of what I call my success. Success is not my role; it is how many people I have impacted and influenced.
Saleema Syed: I keep going back to Duo because working at that organization and meeting those people defined me as a human being. One of the strategic pillars of that organization is to be kinder than necessary.
However complicated the work challenges are, those around me must be aligned with what my integral values are and who I am. They have to have empathy and kindness in their heart. If that is not there, no matter how much I love solving challenges and know I can solve them, I’m not going to go for it. I’ve been extremely lucky at Duo, Cisco and Webex that I’ve been around those kinds of people.
If you look at Webex, I love the core of what we are, the journey we are on, the inclusivity. We are not just selling Webex messaging or other products. At the heart of it we are looking at how we are influencing people and things around us by making sure that there is inclusivity in the collaboration tools that we are launching.
Saleema Syed: My leadership style is pretty simple: nobody works for me; people work with me. I lead with making sure that people know this is the problem you’re trying to solve, here is the context of what we are trying to do. Now, let’s figure out how we solve it. That is something that has helped my team be part of the problem solving that I love to do.
When I interview people my first questions are, “What does the job bring to you? How would this job fill your cup?” That throws people off every time. You can teach any technology, you can teach any skill set, but if you don’t have the basic passion, the attitude to be able to do this job, then everything else can just go out the door.
Saleema Syed: I have a very diverse background. I am an Indian by birth and grew up in the Middle East. When I went into engineering, finished my education and started my career, one of the things I realized was that as a woman of color, I always wanted to apply for positions that I was fully qualified for. I wanted to make sure I knew everything about the job because a very big fear was being asked a question in the interview I didn’t know. LinkedIn’s Gender Insights Report found that women apply for 20% fewer jobs than men despite similar job search behaviors. That has been a very challenging mental barrier for me to break.
Trey Boynton, who was at Duo and now she’s leading Cisco in a beautiful journey of diversity as the senior director of inclusion and collaboration strategy always said, “We have to have that bicycle lane on the road, whether it is for females, whether it is for people of color or any LGBTQIA+ community members. That is how we get people to bring that confidence in to learn, grow and then they can merge easily.”
“Passion is a part of who I am and is contributing to my growth.” – Saleema Syed
Whatever I faced as I was growing up, whether it was my dark skin, whether it was my accent, whether it was, “Oh, you’re way too passionate” has been some of the feedback that I’ve gotten. In my career if I’m told I’m way too passionate I turn that around and say, “Passion is a part of who I am and is contributing to my growth.”
Saleema Syed: Within Webex, within Cisco, I try to be part of anything that I can do in terms of giving back to the community. I’m definitely a big proponent of women in technology. In the local Dallas area I run a program by myself and go into schools and advocate for girls in STEM. Cisco is amazing in how it gives us time to volunteer. I love that educating kids is part of my journey of giving back. That’s the generation you can influence.
How do we enable children and women to be more open to technology and being part of the technology field? Let’s look at the percentage of diversity in the technology field and be aware of it. It’s not only about the diversity numbers, but are we bringing in candidates at the leadership level and giving them not just a seat at the table but a voice at the table, too?
You also have to talk about what you do and with passion and energy because if you don’t, people get intimidated. If you can influence one person who comes from an underrepresented community, imagine what you are doing, not just for that person, but for his household, for his family, for his extended community. I have a lot more to do, but as I get into the next decade of my life and my career, that is something that is a huge focus for me.
Saleema Syed: First and foremost it’s very important to spend time and understand the business and the products in whatever industry you’re going into. It is key to your growth. Especially if it’s a security industry, take time to understand the products, the technology or the function that you’re trying to get into. Contextual understanding and product understanding are extremely important.
The second piece is to keep learning. Cisco is amazing in trying to help you learn and support you financially to be able to do it. I went back and got my executive MBA four years ago. Give yourself a goal of learning a new something, whether it is a new function, new technology or new leadership skill.
The third piece is to create a spreadsheet of where you want to be in two years. Put that out there and then work back just like you would do a project plan. Work back month by month, quarter by quarter. What are the skill sets you need to learn to get there?
The last part is: Do the job you want versus the job you are in. Of course, you have to do the job you are in, but do the job you want to get to. Don’t wait for a title, don’t wait for a promotion to act. No. What do you want to be? Show that to your leaders and yourself. The title will come, money will come, everything will come, but am I doing the job that I want and enjoy and I want to get to?
To learn more about Webex, Cisco and Duo Security and how you can apply your passion, advocacy and problem solving to make a difference in cybersecurity, browse our open roles.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
We’re excited to announce Cisco Secure Client, formerly AnyConnect, as the new version of one of the most widely deployed security agents. As the unified security agent for Cisco Secure, it addresses common operational use cases applicable to Cisco Secure endpoint agents. Those who install Secure Client’s next-generation software will benefit from a shared user interface for tighter and simplified management of Cisco agents for endpoint security.
Now, with Secure Client, you gain improved secure remote access, a suite of modular security services, and a path for enabling Zero Trust Network Access (ZTNA) across the distributed network. The newest capability is in Secure Endpoint as a new module within the unified endpoint agent framework. Now you can harness Endpoint Detection & Response (EDR) from within Secure Client. You no longer need to deploy and manage Secure Client and Secure Endpoint as separate agents, making management more effortless on the backend.
Within Device Insights, Secure Client lets you deploy, update, and manage your agents from a new cloud management system inside SecureX. If you choose to use cloud management, Secure Client policy and deployment configuration are done in the Insights section of Cisco SecureX. Powerful visibility capabilities in SecureX Device Insights show which endpoints have Secure Client installed in addition to what module versions and profiles they are using.
The emphasis on interoperability of endpoint security agents helps provide the much-needed visibility and simplification across multiple Cisco security solutions while simultaneously reducing the complexity of managing multiple endpoints and agents. Application and data visibility is one of the top ways Secure Client can be an important part of an effective security resilience strategy.
Visit our homepage to see how Secure Client can help your organization today.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Instagram
Facebook
Twitter
LinkedIn
We’ve all seen the headlines like “race to the cloud” and “cloud-first.” These articles and publications are true, more and more customers have adopted cloud strategies, but there is more to the story. In these customer conversations, cloud security and network security are often discussed in unison. Why is that?
Customers desire freedom and choice when establishing resilience across every aspect of their business, and this requires both the ability to remain agile, and maintain control of their organization’s most sensitive data. Neither of these can be achieved with just the cloud, or private data center. Organizations are investing in hybrid-multicloud environments to ensure continuity amidst unpredictable threats and change. But these investments will fall short if they do not include security.
The modern enterprise relies on the network more than ever before, and it looks a lot different than it did 10 years ago. According to our 2022 Global Hybrid Cloud Trends Report, where 2,500 global IT leaders were interviewed across 13 countries, 82% said they have adopted hybrid cloud architectures, and 47% of organizations use between two and three public IaaS clouds1. As organizations have grown more dependent on the network, the more complex it has become, making firewall capabilities the most critical element of the hybrid-multicloud security strategy. And Cisco has a firewall capability for every strategy, protecting your most important assets no matter where you choose to deploy it.
In May, Cisco brought offerings from Umbrella and Duo to the AWS Marketplace. Today at AWS Re:Inforce, Cisco Secure announced furthering its partnership with AWS to drive innovation with the goal to protect the integrity of your business. Validating our commitment to hybrid-multicloud security, Cisco has received the AWS Security Competency Partner designation for Network and Infrastructure Security. This designation was awarded through our demonstrated success with customer engagements and rigorous technical validations of Secure Firewall.
This week at AWS Re:Inforce, customers can stop by our booth to see our latest firewall innovation. Cisco Secure Firewall as-a-service on AWS builds on our existing portfolio, giving organizations greater flexibility and choice with a radically simplified SaaS offering. If organizations are truly to embrace security across the multi-environment IT, customers demand simplification without compromising security. With a SaaS-based form factor, management and deployment complexity is reduced. NetOps and SecOps teams will enjoy a simplified security architecture where provisioning of firewalls and control plane infrastructure are managed by Cisco. This will save your teams time by removing the need to rearchitect the network, freeing them to focus on protecting the integrity of your business.
As organizations continue to move more of their day-to-day operations to the cloud, Cisco and AWS are committed to ensure that security is an integral part of their hybrid multi-cloud strategy. We all have seen the impact of security that is bolted on, or too complex. If we are truly to find that balance between agility and protection to ensure business continuity, we need to ensure the same protections we have in the private infrastructure are easily consumed no matter where your data may roam.
Product page: Cisco Secure Firewall for Public Cloud
Partner page: Cisco solutions on AWS
Blog: Securing cloud is everyone’s responsibility
Quick Start page: Cisco solutions on AWS
Amazon Partner Network page: Cisco solutions on AWS
2022 Global Hybrid Cloud Trends Report
1 Henderson, N. & Hanselman, E. (2022, May 25). 2022 Global Hybrid Cloud Trends Report.
S&P Global Market Intelligence, commissioned by Cisco Systems.
https://www.cisco.com/c/en/us/solutions/hybrid-cloud/2022-trends.html ‘
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
We have entered a world where uncertainty has become the normal operating mode for everyone. Within this new frontier, cybersecurity has become even more challenging. However, some cybersecurity professionals have stood out, using their unique skills and resourcefulness to protect the integrity of their businesses, and to withstand unpredictable and dynamically changing threats. In the end, they, and their businesses have emerged even stronger.
These accomplishments have lead them to be selected from over more than 700 Cisco Cybersecurity Advocates – who are also members of Cisco Insider Advocates – to join the League of Cybersecurity Heroes.
Cisco Insider Advocates is a peer networking community developed several years ago for Cisco customers around the globe. Currently, over 14,000 customers are using it to share technology insights, feedback, and best practices, and also to make meaningful connections with others in the industry. We at Cisco believe that when we connect, anything is possible, and the Insider Advocacy program is a great example of the great things that can happen when people come together.
As the global CISO of Mediapro, Roberto has deployed Cisco SecureX together with Umbrella, Secure Endpoint, Secure Firewall, ISE, NGIP, Threat Response, AnyConnect, and Web security. With this partnership, Mediapro has reduced its threat detection time by 90%. In addition, they have seen no false positives in their threat detection alerts. It is rare to boast of a 100% success rate, but they can boldly make that pronouncement. All of this has also benefitted Mediapro financially by incurring zero fines for any compliance issues
What do music, cybersecurity, and teaching all have in common? They all culminate in a readiness to perform. Equally, they all require collaboration, comfort with the unexpected, and a passion for the job. Blair exemplifies the best of these traits, and in doing so, he provides inspiration and excellence to all with whom he interacts. Watching Blair at work makes one wonder if there are more hours granted to him during a day than the average person. He is a time-maximizer, spending most of that time in the service of others.
Too often, cybersecurity certifications are treated derisively by some of the very professionals who need them most. This is not the case with Kevin, who can list the many benefits of attaining certifications. Kevin’s desire to improve his knowledge doesn’t stop with technology and cybersecurity. He is an avid reader of anything that can raise him up to be better than he was the day before. With a career that started in the US Marine Corps, Kevin continues to learn and grow, all the while remaining as masterful at a computer keyboard as he is his with his traditional 55-gallon-barrel BBQ smoker and grill.
Steve is a Senior Cybersecurity and Network Architect at Lake Trust Credit Union. Like most organizations, Lake Trust has had to transition to a completely remote workforce quickly, and thanks to Secure Network Analytics, they were able to transition the employees to work remotely while maintaining the same high level of visibility and protection in place. Steve was the subject of a case study about the benefits that Cisco products have brought to Lake Trust Credit Unions’ customers. He is currently collaborating to update that information to share more of his knowledge.
Being the Head of Information Technology is never an easy job. However, when food manufacturer, Leng-d’Or, was faced with a challenge during the pandemic that could have interrupted its production line, quick thinking, skilled leadership, and a close partnership with Cisco all lead to positive outcomes, and helped them to pull through stronger than before. Part of this success comes from Enric’s distinct understanding of the threats, solutions, and processes needed to bring security to a higher level for the Leng-d’Or organization. Enric also shares his success story very freely, adding immeasurable benefits to the security community.
Cybersecurity is truly a global discipline. Tony Dous proves this by practicing his craft as a Senior Network Security Engineer in Cairo, Egypt. Tony’s involvement with the Cisco community shows how no distance is too far for a motivated cybersecurity professional.
When John Patrick is on the job, there is no longer any feeling that the criminals are one-step ahead of the good guys. He adopted Umbrella together with Meraki to develop a proactive security approach inside his organization. John Patrick created a more unified network from a patchwork of disparate entities. In doing so, he reduced the complexity within the environment. Complexity is so often responsible for security gaps, and John Patrick’s work not only corrected those gaps, but he brought people together in the process. He and his team received great feedback from the employees, who enjoyed a consistent network experience.
We often hear stories about teenagers who become enamored with technology, leading to the fulfillment of a dream. Amit Gumber became interested in cybersecurity at an early age, pursued his passion and has worked in the field ever since. His sense of advocacy is best described in his own words: “I’m quite passionate about sharing knowledge and ideas with peers and participating in collaborative activities.” Amit’s use of Cisco technologies has helped HCL Technologies to stabilize and secure their environment.
One of the most important factors for success is insatiable curiosity. Mark Healey is a continuous learner, and he is an example of someone who enthusiastically shares his knowledge. Whether it is on a personal level, or through his high engagement as part of the Cisco Insider Advocates community, or as an active member of the Internet Society, Mark is an evangelist and a positive voice for cybersecurity.
Wouter holds a special designation, not only as a member of the League of Cybersecurity Heroes, but also as the recipient of the “Cybersecurity Defender of the Year” award. Wouter is an active participant in the cybersecurity community, working with an almost evangelical zeal towards sharing the importance of holistic cybersecurity. His contributions stand out towards making the cyber realm a safer place.
It is often said that the job of a cybersecurity professional in an educational facility is especially challenging. When that facility happens to be the largest in an entire country, with over 4,000 schools and universities, the job of protecting it can seem insurmountable. At AzEduNet, in Azerbaijan, Bahruz and his team is tasked with securing the network for its 1.5 Million students. With Cisco Secure, the security team reduced security incidents by 80%. This not only ensures access for the students, but also keeps the data safe.
Many people want to enter the cybersecurity profession, but few have the dedication and perseverance to fully embrace the skillset required to meet that goal. Walther Noel not only had the desire to refocus his career, but he proved it by earning the CyberOps Associate Certification. His accomplishment is a prime example of how one can step outside of their comfort zone to grow and thrive.
Pascual demonstrates how important it is to make the most of the learning opportunities in Cisco Insiders Advocates. While already a successful NOC engineer, he sought to advance his professional development by studying cybersecurity. He passed the CCNA CyberOps 200-201 exam, moving him closer to propelling his career to even higher achievements.
One of the noblest expressions of knowledge is the desire to freely share that information. Inderdeep lives up to this ideal, offering his expertise to all with no expectations of reciprocity. His charitable spirit has not gone unnoticed, as he has been a previous award winner for Cisco IT Blogs, as well as a designation on the Feedspot top 100 Networking Blog.
Being the first to try a new technology can be a risky proposition. However, as a COO, risk calculations are in one’s blood. Luigi, along with the Sara Assicurazioni organization, hails as the first company in Italy to embrace cloud technology. As a company with more than one million customers, this was a bold initiative that required careful planning, keen insight, and above all, collaboration. In the end, this has resulted not only in a digital transformation, but a business transformation.
Whether it is a technical achievement, a personal triumph, or a spirit of helping others, each member of our League of Cybersecurity Heroes proves how technology and humanity can work together to accomplish the impossible. Congratulations to all of them!
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Instagram
Facebook
Twitter
LinkedIn
Few security career paths are linear. For Stephanie Frankel the journey to Cisco Secure was circuitous. The Ann Arbor, Michigan native studied journalism at the University of Michigan before managing communications for the Washington Capitals and NBC Sports. But after several stints at communications agencies, she charted a new path for herself in cybersecurity. Not only has her diverse background served as a strength in her current role as senior manager for strategy and operations, but it’s also informed her management philosophy.
After doing project management and account direction at consulting agencies, Frankel was interested in honing her skills and expertise on the client side. She had heard amazing things about Duo and wanted to stay in Ann Arbor and work for a company with local roots. After interviewing, Frankel realized that “working at Duo was a cool, exciting opportunity with a really awesome group of people.”
Frankel was on the ground running working as a technical project manager in research and development overseeing the Multi-Factor Authentication, applications and mobile engineering teams despite not having worked in information security before.
Duo’s security education allowed Frankel to understand the industry and is something she values for getting more people into the cybersecurity field. At Duo and Cisco Secure, employees come from a variety of backgrounds and some don’t have much (or any) experience with cybersecurity.
Robust educational programs build knowledge about security and specific products which empower new team members to grow and learn. Every team also has a learning and development budget for employees to quench their curiosity and enhance their knowledge through courses, books or other programs Manager of Global Employee Programs Anndrea Boris shared.
“People are open to having conversations and open to ideas and ways to solve those ideas. If you have an idea of how to solve a problem, no matter whether it’s your job or not, people are open and willing to listen to you.” – Stephanie Frankel
Something Frankel also appreciates most is that ideas are valued at Duo and Cisco Secure: “Even in my first job, I would have ideas and go to my boss or our head of engineering and say, ‘Hey, I think this could be a really cool opportunity, and I think it needs this.’ People are open to having conversations and open to ideas and ways to solve those ideas. If you have an idea of how to solve a problem, no matter whether it’s your job or not, people are willing to listen to you.”
After a year, Frankel moved from engineering to marketing to run operations for Duo’s in-house brand team, leading the team through a rebrand. “The team really rallied behind this new brand and it was amazing to see their pride and hard work when sharing it,” she said. With Frankel’s leadership, the team showcased not only the new look and feel of the brand but also the customer research that went into understanding the need for the change.
“Our amazing team knew that for it to catch on internally we needed to help people understand the why. The team put together an amazing training and went around the company to help people understand the security buyer, the industry overall and our differentiators and how we could do all of this within the umbrella of Cisco,” she said.
Recognizing that she most enjoys and feels best suited for a strategic operations role, she had open conversations with her manager. “I told my boss, ‘It’s just not a great fit.’” Her manager was very supportive, and they worked through potential options. “You’ll find a lot of that at Cisco,” she said.
Now as senior manager in the Strategy and Operations Group within Cisco’s Security and Collaboration division, Frankel runs key initiatives for business operations that drive business growth. She is empowered to creatively solve problems and collaborate “with all the stakeholders within each group to move these programs forward, to understand the problems we’re looking to solve, create objectives, a program plan, and continue to track metrics and progress towards those ultimate goals,” she said.
A self-described “over communicator,” Frankel believes that as a leader, “the more you communicate and the more transparent you are, the better.” Frankel loves leading people who are experts in their fields and letting them do what they do best.
On the brand team, for example, she trusted her team’s expertise in producing stories, videos and animations to demystify Cisco’s security products.
“All I needed to do was give them the objective and the goals and they were able to come up with the solutions,” Frankel said.
She fondly remembers the boss at one of her first jobs out of college. In that job Frankel wrote press releases and wanted her boss to fully approve the final versions before sending them to the media. Once her boss told her, “Stephanie, if you keep giving it back to me, I will keep finding things to change. I trust you to know when it is ready to go.” That confidence in her so early in her career “gave me so much confidence in myself,” she said.
Frankel emulates his approach to management by recognizing that each employee has different needs in their lives, in their careers, and in how they like to receive feedback. From that boss Frankel first learned that for every piece of negative feedback, you must give four pieces of positive feedback for “someone to actually hear it because that’s how you balance things out in your mind.”
Frankel believes feedback is crucial for growth. “I don’t see how you can improve or grow without it, no matter what level of your career you’re at. Feedback shouldn’t be taken as negative, as much as it is a way for you to improve,” she said.
One of the most helpful things Frankel learned in a Cisco class for managers was the importance of asking a person if they are in a good place to receive critical feedback. “You might not be in the mindset to accept the feedback and to do something constructive with it,” she said. ”If you’re having a bad day or struggling, you could say, ‘You know what, I’m not going to be able to take it today, but let’s talk tomorrow and I’ll be in a better place to receive it.’’’
Frankel has spent the last year thriving in a role she never anticipated in an industry her college training in journalism didn’t fully prepare her for. The secret, she says, is keeping an open mind to new possibilities and a willingness to take on new challenges, even if you don’t feel 100% ready.
“A lot of it is getting real world experience and learning your way through it and knowing that there’s a lot of opportunities and a lot of people that are willing to teach you,” she said.
To pivot professionally Frankel advises not feeling pigeonholed just because you studied a particular topic or have been in a certain industry for a long time. Take what you can from where you started such as storytelling and communications skills in the case of journalism for Frankel. While trying something new may require taking a different level or type of job “sometimes it’s worth it because you have that opportunity to grow and you might find you’re happier somewhere else,” she said.
When discerning professional steps Frankel recommends having open and honest conversations with yourself and others such as mentors.
“Cisco has so many mentorship programs and so many people that are knowledgeable about a lot of things,” she said. ”Just because your current role isn’t a great fit doesn’t mean that there’s not another good fit within the corporation, or it doesn’t mean that you can’t create your own good fit.”
Did you know that Cisco offers cybersecurity trainings and certifications? Start developing your cybersecurity skills today! And if you’re ready to jump into an exciting new career in security, check out the open roles at Cisco Secure and Duo Security.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
As the world continues to face formidable challenges, one of the many things impacted is cybersecurity. While recent challenges have been varied, they have all contributed to great uncertainty. How can organizations stay strong and protect their environments amidst so much volatility?
Lately we’ve been talking a lot about security resilience, and how companies can embrace it to stay the course no matter what happens. By building a resilient security strategy, organizations can more effectively address unexpected disruptions and emerge stronger.
Through our Security Outcomes Study, Volume 2, we were able to benchmark how companies around the world are doing when it comes to cyber resilience. Recent blog posts have taken a look at security resilience in the EMEA and Americas regions, and this post assesses resilience in Asia Pacific, Japan and China (APJC).
While the Security Outcomes Study focuses on a dozen outcomes that contribute to overall security program success, for this analysis, we focused on four specific outcomes that are most critical for security resilience. These include: keeping up with the demands of the business, avoiding major cyber incidents, maintaining business continuity, and retaining talented personnel.
The following chart shows the proportion of organizations in each market within APJC that reported “excelling” in these four outcomes:
There is a lot of movement in this chart, but if you take a closer look, you will see that many of the percentage differences between markets are quite small. For example, 44.9% of organizations in the Philippines reported that they are proficient at keeping up with the business, with Mainland China closely following at 44.4%.
The biggest difference we see between the top spot and the bottom spot is around retaining security talent—42.4% of organizations in Australia reported that they were successful in that area, while only 18.3% of organizations in Hong Kong reported the same.
Next, we looked at the mean resilience score for each market in the region:
When we look at this, we can see the differences between the top six and bottom seven markets a bit more clearly. However, as the previous chart also showed, the differences are very slight. (When we take into account the gray error bars, they become even more slight.)
There are many factors that could contribute to these small differences when it comes to security resilience. But the most important thing to be gleaned from this data is how each market can improve its respective resilience level.
The Security Outcomes Study revealed the top five practices—what we refer to as “The Fab Five”—that make the most impact when it comes to enhancing security. The following chart outlines the Fab Five, and demonstrates how each market in the APJC region ranked its own strength across these practices.
If we look at Thailand, for example, 69.1% of organizations say they are adept at accurate threat detection, while only 28% of organizations in Taiwan say the same. Like in the previous charts, there is a lot of movement between how various markets reported their performance against these practices. However, it’s interesting to note that Taiwan remained consistent.
So does implementing the Fab Five improve resilience across organizations in APJC? Looking at the chart below, it’s safe to say that, yes, implementing the Fab Five does improve resilience. Organizations in APJC that did not implement any of the Fab Five practices ranked in the bottom 30% for resilience, whereas those that reported strength in all five rose to the top 30%.
While building resilience can sometimes seem like an elusive concept, we hope this data provides some concrete benchmarks to strive for in today’s security programs.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Instagram
Facebook
Twitter
LinkedIn
No, ransomware attacks are not random. From extortion to data breaches, ransomware is always evolving, and is becoming very lucrative with ransomware-as-a-service kit making it easier to target organizations. The days of just a single bad actor searching for vulnerabilities in your security stack are over. Security Operations Centers (SOCs) and the security analyst community are dealing with a sophisticated global network of adversaries who can do irreversible damage. The conversation must shift from how we can prevent a breach to how do we prepare for the inevitable breach.
Recently I found out that the small private college I attended right out of high school closed their doors permanently, falling victim to a targeted ransomware attack. This institution not only provided an education but also contributed to the local economy in this rural town for over 150 years.
The cyberattack occurred during the pandemic when most educational institutions had suddenly shifted to remote learning. Adversaries knew that the shift to remote learning would expose the college’s lack of acceptable tools for monitoring and managing applications, frequently from unsecure locations.
Unfortunately, the hackers were able to halt all admission activities, locked the administrators out from accessing critical data pertaining to the upcoming school year and ultimately, forced the school to close their doors – even after they paid the hackers the ransom.
And this is not an isolated case – Comparitech published a story ‘Ransomware attacks on US schools and colleges cost $3.56bn in 2021’ and outlined how threat actors have evolved with their ransomware attacks on schools and colleges. This is particularly concerning as many of these institutions do not have the skillsets or resources to protect their students or organization from these attacks. Below you can review their findings from a study done between 2018 – 2022:
In 2021:
Just having a firewall alone will not stop all of the attacks, it’s just a matter of time before you experience a breach. Once the breach happens, you need a security system that will quickly detect and remediate the threat .
Resiliency must be a critical outcome for any security solution and Cisco Secure Endpoint is built to stop hackers at the point of entry. Our cloud native solution allows your security operations team to quickly detect and respond to threats minutes after a breach occurs.
Small to medium size businesses, hospitals, and educational institutions internal network will rely on cyber insurance in-lieu of a fully staffed, skilled cyber-security team. In today’s climate of ever-increasing sophisticated cyber threats this won’t cut it. You will need an agent that quickly detects, responds, and has visibility across your different security solutions.
With Cisco Secure Endpoint Pro we are equipped to assist with the responsibility of monitoring your endpoints for cyberattacks. With 24/7/365 monitoring capabilities, our SOC will quickly detect and remediate any threats that targets your organization. Secure endpoint pro provides flexibility and the option of letting our SOC team do the heavy lifting while you focus on your core business.
Tangible outcomes provided by Secure Endpoint and Secure Endpoint Pro:
An effective managed endpoint detection and response solution frees up time for your SOC team along with accelerating detection and response time. Cisco Secure Endpoint can reduce incident response time by as much as 97%, which limits the damage threat actors can cause after you have been breached.
Cisco Security has launched a solution geared towards protecting your school’s network by blocking malicious threats before they enter the endpoint and compromising your data. The secure endpoint agent is deployed, sits on the school endpoint freeing up time from a stretched thin IT department.
Don’t know where to get started? Check out how our EDR solution got you covered below and how to contact us to learn more.
Interested? Reach out to grantsquestions@cisco.com to learn about public funding options available in your state.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
FreshRSS 