What is it that customers truly want from their security? Is it simplicity? Robust protection? Agility and flexibility? Yes! In today’s uncertain world where new challenges are being thrown at IT teams each day, security must meet many diverse needs. At the end of the day, it’s about keeping the entire business resilient despite the chaos of the cyber world.
As hybrid work, the move to the cloud, and increasingly insidious threats all converge to create layers of complexity, security teams must be extra vigilant and ready for what’s next. They need a comprehensive, integrated security system whose various components share information and work together to pinpoint attacks and minimize organizational impact — without introducing undue friction.
With businesses, networks, clouds and devices becoming so interconnected, delivering next-level security to match the future of work is a formidable undertaking — one that few vendors are positioned to tackle. But thanks to our nearly 40-year heritage of providing and protecting a vast amount of the world’s networking infrastructure, Cisco is up for the challenge.
“At a moment’s notice, we were able to transition 80 percent of our workforce to be remote — and our company was never remote before. Because of our Cisco solutions, we were able to deploy everything and have people work well remotely with very minimal issues.”
— Joseph Rodriguez, Assistant Director of IT, Allied Beverage Group
Delivering security that is simple, powerful and resilient is something we’ve been executing on for years, yet it’s never been more critical than it is at this very moment. The month of June has afforded us the perfect opportunity to showcase exactly how we plan to keep our customers cyber resilient both now and in the future.
Read about the five dimensions of security resilience.
During the RSA Conference and Cisco Live, we announced our strategic plan for the Cisco Security Cloud, a global, cloud-delivered, integrated platform that secures and connects organizations of any shape and size. As we continue to move towards the Cisco Security Cloud vision, we recently unveiled several advancements in our portfolio across SASE, XDR and zero trust.
You can read our news announcement to learn more about security resilience and how we’re delivering it. But more important than the ‘how’ is the ‘why.’ Why Cisco? What makes us uniquely positioned to secure your resilience?
As I mentioned, our customers have trusted us with their networks for nearly four decades. Currently, 80 percent of the world’s internet traffic travels through Cisco infrastructure — so we have a pretty good handle on what’s going on out there. From a security standpoint alone, we have over 300,000 customers around the globe, including 100% of the Fortune 100.
As a leader in both networking and security, the breadth and depth of our solutions is unmatched. While other vendors are just beginning to join networking with security, we’ve been doing it for years. And yet, we’re continually finding ways to simplify our robust solutions for a streamlined user experience — no matter the size of your organization, where your employees work, or whether your applications are on-premises, in the cloud, or both.
Learn more about security resilience for the hybrid work era.
In addition to unparalleled infrastructure and expertise, our open, cloud-native architecture allows you to integrate with a wide range of third-party security and technology solutions for more seamless threat defense. This includes the major cloud vendors, enabling you to secure a multi-cloud environment without getting locked in with just one public cloud provider.
Additionally, all of our solutions are backed by Cisco Talos, one of the largest commercial threat intelligence teams in the world. Combined with in-depth visibility from our Cisco Secure technologies, Talos’ extensive insight into the threat landscape leads to rapid, highly effective detection and response.
Even more crucial than what we have to say is what we have heard from our customers surrounding the “new normal” for security. “I think what the security industry could use right now is a real business outcome-oriented viewpoint,” said Tom Doughty, vice president and CISO at Prudential Financial. “Meaning, what are the strategic business outcomes you’re trying to enable? Cisco can help security teams be more aligned to our business and more resilient by allowing us to see at a granular level what’s happening in our environment, especially in an extended network.”
For the law firm of George Sink, P.A., the demands of supporting hybrid work accelerated the company’s move to the cloud. The firm is now using Cisco’s new, turnkey SASE solution to securely serve its clients under any circumstance — be it a pandemic or a hurricane. According to the firm’s CIO, Timothy Mullen, “The ability to…re-establish connectivity in another region almost immediately, with my small IT team, is unheard of and a game-changing experience.”
From financial to legal transactions, and much more, we can secure it all with our open, integrated protection platform and unwavering focus on resilience. We even had the honor of securing the Super Bowl earlier this year, helping to safeguard mission-critical gameday operations.
“The Super Bowl and events of that magnitude require a humongous orchestration of interconnectedness, not only from a technology perspective but also a people standpoint,” said NFL Chief Information Security Officer, Tomás Maldonado. “What we’re trying to do is slow down the bad actors and make it more difficult for them to attack us and impact what’s happening on the field. But at the same time, we also have to look beyond the field and think about all the various parts of our business that could be affected by an attack — recognizing that our risk factors are always changing.”
To learn more about how to keep your business strong in the face of adversity, visit our resilience web page and check out the blog from Cisco’s Jeetu Patel, “Security Resilience for a Hybrid, Multi-Cloud Future.”
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Managed services are an essential and fast-growing part of the security market, growing 14% annually. This opportunity presents new challenges MSPs must juggle day to day, including onboarding vendors and driving customer acquisition, all while making sure to provide robust IT solutions for your diverse set of clients. Clients are demanding more security and capabilities for a hybrid workforce, which provides a great opportunity for MSPs like you to grow your business.
We love our MSP community and want to help you deliver great security solutions to your clients. After speaking with many of you to understand how Cisco can help unlock growth for your businesses today, we developed a simplified buying model that delivers faster time to value. Cisco Secure MSP was born.
Secure MSP center was launched in the US market in November 2021 and MSPs across America have been rapidly transacting their business on MSP Center. We are excited to announce we are expanding this direct buying experience to Canadian MSPs in local Canadian Dollars for faster time to value and better ROI for your business.
It is a lightning fast and direct buying experience of SaaS security- No invoicing. Straightforward market pricing. And easy click-to-accept agreements. Cisco Umbrella’s market-leading DNS security is currently available with more SaaS security products coming soon.
It’s a simple three-step process that takes just minutes, from signup to deployment.
Step 1 – You can sign up here and login with your Cisco ID (or create one)
Step 2 – Provide billing and credit card information and sign a click-to-accept agreement
Step 3 – Get access to our world class Cisco Umbrella DNS security offer
From here, you can onboard your clients and start providing the first line of defense through Umbrella DNS Security product instantly. Sign up to deployment takes minutes – not hours or days.
From here, you can onboard your clients and start providing the first line of defense through Umbrella DNS Security product instantly. Sign up to deployment takes minutes – not hours or days.
There are no minimums or upfront fees. Your credit card will be charged on the first of the month and you’ll receive a detailed invoice. This is a simple, no hassle, and post-paid consumption-based model.
Other perks include a dedicated partner account manager alongside our sales engineer, who will help you not only with product deployments but also work with you to grow your business. We also have an MSP specialist team to answer your questions.
Partners currently using Secure MSP Center have had great things to say –
“Wow, this was a much easier process than I thought it would be”
“I’m glad Cisco created a program and process that was this simple”
“I thought this would be more complicated”
“That’s all there is to it?”
So, what are you waiting for? Come and take the first step in simplifying security offers for your clients. Sign up here: cisco.com/go/securemsp.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
The latest Jan. 6 committee hearing on Tuesday examined the role of conspiracy theory communities like 8kun[.]top and TheDonald[.]win in helping to organize and galvanize supporters who responded to former President Trump’s invitation to “be wild” in Washington, D.C. on that chaotic day. At the same time the committee was hearing video testimony from 8kun founder Jim Watkins, 8kun and a slew of similar websites were suddenly yanked offline. Watkins suggested the outage was somehow related to the work of the committee, but the truth is KrebsOnSecurity was responsible and the timing was pure coincidence.
In a follow-up video address to his followers, Watkins said the outage happened shortly after the Jan. 6 committee aired his brief video testimony.
“Then everything that I have anything to do with seemed to crash, so that there was no way for me to go out and talk to anybody,” Watkins said. “The whole network seemed to go offline at the same time, and that affected a lot of people.”
8kun and many other sites that continue to push the false narrative that the 2020 election was stolen from the 45th president have long been connected to the Internet via VanwaTech, a hosting firm based in Vancouver, Wash. In late October 2020, a phone call to VanwaTech’s sole provider of connectivity to the Internet resulted in a similar outage for 8kun.
Jim Waktins (top right), in a video address to his followers on Tuesday after 8kun was taken offline.
Following that 2020 outage, 8kun and a large number of QAnon conspiracy sites found refuge in a Russian hosting provider. But when the anonymous “Q” leader of QAnon suddenly began posting on 8kun again earlier this month, KrebsOnSecurity received a tip that 8kun was once again connected to the larger Internet via a single upstream provider based in the United States.
On Sunday, July 10, KrebsOnSecurity contacted Psychz Networks, a hosting provider in Los Angeles, to see if they were aware that they were the sole Internet lifeline for 8kun et. al. Psychz confirmed that in response to a report from KrebsOnSecurity, VanwaTech was removed from its network around the time of the Jan. 6 hearing on Tuesday.
8kun and its archipelago of conspiracy theory communities have once again drifted back into the arms of a Russian hosting provider (AS207651), which is connected to the larger Internet via two providers. Those include AS31500 — which appears to be owned by Russians but is making a fair pretense at being located in the Caribbean; and AS28917, in Vilnius, Lithuania.
8kun’s newfound Russian connections will likely hold, but Lithuania may be a different story. Late last month, pro-Russian hackers claimed responsibility for an extensive distributed denial-of-service (DDoS) attack against Lithuanian state and private websites, which reportedly was in response to Vilnius’s decision to cease the transit of some goods under European Union sanctions to Russia’s Kaliningrad exclave.
Many have speculated that Jim Watkins and/or his son Ron are in fact “Q,” the anonymous persona behind the QAnon conspiracy theory, which held that Former President Trump was secretly working to save the world from a satanic cult of pedophiles and cannibals.
8chan/8kun has been linked to white supremacism, neo-Nazism, antisemitism, multiple mass shootings, and is known for hosting child pornography. After three mass shootings in 2019 revealed the perpetrators had spread their manifestos on 8chan and even streamed their killings live there, 8chan was ostracized by one Internet provider after another.
In 2019, the FBI identified QAnon as a potential domestic terror threat, noting that some of its followers have been linked to violent incidents motivated by fringe beliefs.
The Jan. 6 hearing referenced in this story is available via CSPAN.
We’ve all seen the headlines like “race to the cloud” and “cloud-first.” These articles and publications are true, more and more customers have adopted cloud strategies, but there is more to the story. In these customer conversations, cloud security and network security are often discussed in unison. Why is that?
Customers desire freedom and choice when establishing resilience across every aspect of their business, and this requires both the ability to remain agile, and maintain control of their organization’s most sensitive data. Neither of these can be achieved with just the cloud, or private data center. Organizations are investing in hybrid-multicloud environments to ensure continuity amidst unpredictable threats and change. But these investments will fall short if they do not include security.
The modern enterprise relies on the network more than ever before, and it looks a lot different than it did 10 years ago. According to our 2022 Global Hybrid Cloud Trends Report, where 2,500 global IT leaders were interviewed across 13 countries, 82% said they have adopted hybrid cloud architectures, and 47% of organizations use between two and three public IaaS clouds1. As organizations have grown more dependent on the network, the more complex it has become, making firewall capabilities the most critical element of the hybrid-multicloud security strategy. And Cisco has a firewall capability for every strategy, protecting your most important assets no matter where you choose to deploy it.
In May, Cisco brought offerings from Umbrella and Duo to the AWS Marketplace. Today at AWS Re:Inforce, Cisco Secure announced furthering its partnership with AWS to drive innovation with the goal to protect the integrity of your business. Validating our commitment to hybrid-multicloud security, Cisco has received the AWS Security Competency Partner designation for Network and Infrastructure Security. This designation was awarded through our demonstrated success with customer engagements and rigorous technical validations of Secure Firewall.
This week at AWS Re:Inforce, customers can stop by our booth to see our latest firewall innovation. Cisco Secure Firewall as-a-service on AWS builds on our existing portfolio, giving organizations greater flexibility and choice with a radically simplified SaaS offering. If organizations are truly to embrace security across the multi-environment IT, customers demand simplification without compromising security. With a SaaS-based form factor, management and deployment complexity is reduced. NetOps and SecOps teams will enjoy a simplified security architecture where provisioning of firewalls and control plane infrastructure are managed by Cisco. This will save your teams time by removing the need to rearchitect the network, freeing them to focus on protecting the integrity of your business.
As organizations continue to move more of their day-to-day operations to the cloud, Cisco and AWS are committed to ensure that security is an integral part of their hybrid multi-cloud strategy. We all have seen the impact of security that is bolted on, or too complex. If we are truly to find that balance between agility and protection to ensure business continuity, we need to ensure the same protections we have in the private infrastructure are easily consumed no matter where your data may roam.
Product page: Cisco Secure Firewall for Public Cloud
Partner page: Cisco solutions on AWS
Blog: Securing cloud is everyone’s responsibility
Quick Start page: Cisco solutions on AWS
Amazon Partner Network page: Cisco solutions on AWS
2022 Global Hybrid Cloud Trends Report
1 Henderson, N. & Hanselman, E. (2022, May 25). 2022 Global Hybrid Cloud Trends Report.
S&P Global Market Intelligence, commissioned by Cisco Systems.
https://www.cisco.com/c/en/us/solutions/hybrid-cloud/2022-trends.html ‘
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
The release of Microsoft Azure Gateway Load Balancer is great news for customers, empowering them to simply and easily add Cisco Secure Firewall capabilities to their Azure cloud infrastructure. By combining Azure Gateway Load Balancer with Cisco Secure Firewall, organizations can quickly scale their firewall presence across their Azure cloud environment, providing protection for infrastructure and applications exactly where and when they need it.
With applications and resources hyper-distributed across hybrid-multicloud environments, organizations require agile security to protect their environment at each control point. This integration empowers organizations to dynamically insert Cisco’s security controls and threat defense capabilities in their Azure environment, removing the clunkiness of provisioning and deploying firewalls, as well as the need to rearchitect the network. Organizations can now enjoy highly available threat defense on the fly, protecting their infrastructure and applications from known and unknown threats.
Combining Secure Firewall with Azure Gateway Load Balancer offers a significant reduction in operational complexity when securing cloud infrastructure. Azure Gateway Load Balancer provides bump-in-the-wire functionality ensuring Internet traffic to and from an Azure VM, such as an application server, is inspected by Secure Firewall without requiring any routing changes. It also offers a single entry and exit point at the firewall and allows organizations to maintain visibility of the source IP address. Complementing these features, organizations can take advantage of our new Cloud-delivered Firewall Management Center. It enables organizations to manage their firewall presence 100% through the cloud with the same look and feel as they’ve grown accustomed to with Firewall Management Center. With Cloud-delivered Firewall Management Center, organizations will achieve faster time-to-value with simplified firewall deployment and management.
Azure Gateway Load Balancer support for Cisco Secure Firewall Threat Defense Virtual is available now. To learn more about how Cisco Secure Firewall drives security resilience across your hybrid-multicloud environment, see the additional resources below and reach out to your Cisco sales representative.
Microsoft Blog: Gateway Load Balancer now generally available in all regions
Azure Marketplace listing: Cisco Secure Firewall Threat Defense Virtual
Cisco Secure Firewall At-a-Glance
Cisco Secure Firewall for Public Cloud
Cloud-delivered Firewall Management Center
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
The hybrid work environment has been around for years, albeit not common but it existed. I can recall my first job where I was able to split my time working in an office and working from my makeshift home office. This was many moons ago as I will call it… pre-COVID-19.
Job seekers are certainly looking to have the flexibility of working from anywhere at any time – preferably in an environment of their choosing. Even though a hybrid workforce will provide people with the option to work from anywhere, those remote locations are sometimes in unsecured locations. Organizations must now reimagine a workforce that will need access to your internal collaboration tools along with access to your network from both on- and off-premises.
Cisco, a leader in equipping organizations with the right products for a hybrid workforce, provides the tools & services to protect your organization from bad threat actors.
With pervasive ransomware attacks, malware attacks, and email attacks, you must be ready and have not only a security solution but also a security analyst team ready to respond when an attack happens.
Securing access to your endpoint must be a top priority and your security analysts must be agile and have the right telemetry to provide around-the-clock monitoring and the ability to quickly respond to threats.
Cisco Secure Endpoint provides you with the visibility and ability to respond to threats by blocking them before they compromise your network. Combined with global, proactive threat hunting, leading-edge forensic/analytic capabilities, and reduced leading Mean Time To Detection (MTTD)/Mean Time To Resolution (MTTR) across the supply chain that no other vendor can parallel; why would you partner with any other company to secure and scale your unique hybrid workforce or workplace clients?
Click here to listen to my fireside chat on how we at Cisco would define 5 Best Practices Security Analysts Can Use to Secure Their Hybrid Workforce:
I am joined by Cisco Talos global Senior Threat Defense and Response Analyst, William (Bill) Largent who has over 20 plus years of infosec experience, specifically in network intrusion detection, traffic analysis, and signature/rule writing.
I will also be speaking with Eric Howard, Cisco Secure Technical Marketing Engineer Leader for the Security Platform and Response Group. Eric is a seasoned team leader in both Information Security Sales, and Product Management. He has built and led teams that apply deep technical understanding to business needs, initiatives, and strategies in both start-ups and established companies.
This is a conversation you do not want to skip! There were a lot of gems shared by these gentlemen that will get you where you need to be as a Security Analyst.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
A virtual private network (VPN) is a tool that enables users to protect their privacy while using an internet connection. VPNs create an encrypted tunnel — a private link between your device and the VPN server.
Essentially, this private link or tunnel keeps external influences out and allows your data to travel in an encrypted manner, enhancing security. The network’s privacy also makes sure your Internet Protocol (IP) address and browsing history is hidden online.
[Text Wrapping Break]VPNs use several VPN protocols like OpenVPN, IPSec/IKEv2, PPTP, SSTP, and WireGuard to protect you. In particular, McAfee® Safe Connect VPN supports the OpenVPN protocol, which is an open-source and highly secure protocol running on TCP or UDP internet protocol and used by many VPN providers globally. [Text Wrapping Break][Text Wrapping Break]Read on to know more about how VPNs work and learn to install one.
The best way to stay secure online is to minimize your digital footprint. A good VPN service allows you to do exactly this, acting as an additional layer of protection for your online activities.
The primary function of a VPN is encryption. Most websites and online browsers already have some form of encryption. For example, when you purchase something on Amazon, you have to enter your credit card details and address. Encryption creates a private tunnel for data transmission between your device and Amazon to make sure no one else can watch what you’re doing.
A VPN app does the same thing with an added level of security. The data that you pass to a VPN server is anonymized before it goes to the internet. In short, your device establishes an encrypted connection with the VPN server instead of connecting directly through the internet. So, the encryption protects your data and digital footprint from anyone outside the “private tunnel” between you and the secure VPN server.
Additionally, VPNs allow you to change or hide your IP address. An IP address is a number linked to a particular computer and network. Changing your IP address can trick the servers into thinking you’re connecting from a different geographical location. This can help improve security and provide additional benefits discussed below.
You can also use a VPN to hide your IP address. This may be helpful if you’re trying to access content from other countries (for example, Netflix may have different content in different countries) or trying to keep your internet search history away from the prying eyes of a third-party like your internet service provider or a government.
Using a VPN can help improve your online security. Nearly every internet activity — website and social media browsing, paying bills, online shopping, data sharing, and more — can be tracked by others. [Text Wrapping Break][Text Wrapping Break]Read on to learn about who typically uses a VPN and understand whether you should consider installing one.
Given the extra security that VPN connections provide, you can gain something from using a VPN client. So, if you’re an individual concerned about your online privacy or just want to browse online anonymously — consider using a VPN. A VPN enables you to use the internet without third parties seeing your identity or identifying you via your search history since they don’t know what you were searching about or using the internet for.
Big tech has had a long history of tracking private data for their gains. These companies regularly bundle data into coherent profiles and sell it to third parties. Additionally, they use private data to demonstrate targeted advertisements or manipulative content that makes you more likely to purchase their products. [Text Wrapping Break][Text Wrapping Break]So, it’s worthwhile to use a VPN if you regularly shop online or bank online. A VPN gives you that additional protection that can help prevent hackers or malicious third parties from accessing your information.[Text Wrapping Break][Text Wrapping Break]VPNs are excellent mechanisms for you to protect your privacy online. And you should consider your personal context and conduct thorough research to find the best VPN for your needs.
VPNs are particularly helpful if you travel a lot, either for business or for leisure. While traveling, it’s inevitable that you connect to random or unknown Wifi networks and it may be the case that these networks are spying on you. However, if you’re using a VPN to browse the web, these WiFi networks can’t track you or your search history. This ensures you maintain anonymity and are safe while using the internet.
Yes, an additional layer of protection to your online activities is always good practice. A VPN allows individuals using a personal computer to stay vigilant, protect their data, and maintain anonymity while allowing them to still enjoy their online experience.
VPNs provide more benefits than just serving as an additional layer for cybercriminals to pass through.
Depending on the VPN you’re using, it can be a straightforward process to connect a VPN to your Mac, Windows, iPhone, or Android mobile device. McAfee’s VPN works with multiple platforms and operating systems, including Microsoft Windows, macOS, Android, and iOS.
Use this guide to quickly set up a VPN with your device in a few simple steps.
With McAfee +, you can minimize your digital footprint through a secure connection channel without compromising your browsing experience. Connect to public networks, make financial transactions online, and keep your personal data safe with McAfee.
With our bank-grade AES-256 bit encryption technology and automatic protection, McAfee VPN protection can help safeguard all your online activities — allowing you to enjoy the internet the way it was meant to be enjoyed.
Explore our full suite of cybersecurity tools included in McAfee +, including our newest service, Personal Data Cleanup. We can help find and remove your personal data on some of the riskiest data broker sites.
The post What’s the Meaning of VPN? VPN Defined appeared first on McAfee Blog.
It’s hard to imagine a world without cellphones. Whether it be a smartphone or a flip phone, these devices have truly shaped the late 20th century and will continue to do so for the foreseeable future. But while users have become accustomed to having almost everything they could ever want at fingertips length, cybercriminals were busy setting up shop. To trick unsuspecting users, cybercriminals have set up crafty mobile threats – some that users may not even be fully aware of. These sneaky cyberthreats include SMSishing, fake networks, malicious apps, and grayware, which have all grown in sophistication over time. This means users need to be equipped with the know-how to navigate the choppy waters that come with these smartphone-related cyberthreats. Let’s get started.
If you use email, then you are probably familiar with what phishing is. And while phishing is commonly executed through email and malicious links, there is a form of phishing that specifically targets mobile devices called SMSishing. This growing threat allows cybercriminals to utilize messaging apps to send unsuspecting users a SMSishing message. These messages serve one purpose – to obtain personal information, such as logins and financial information. With that information, cybercriminals could impersonate the user to access banking records or steal their identity.
While this threat was once a rarity, it’s rise in popularity is two-fold. The first aspect being that users have been educated to distrust email messages and the second being the rise in mobile phone usage throughout the world. Although this threat shows no sign of slowing down, there are ways to avoid a cybercriminal’s SMSishing hooks. Get started with these tips:
Public and free Wi-Fi is practically everywhere nowadays, with some destinations even having city-wide Wi-Fi set up. But that Wi-Fi users are connecting their mobile device to may not be the most secure, given cybercriminals can exploit weaknesses in these networks to intercept messages, login credentials, or other personal information. Beyond exploiting weaknesses, some cybercriminals take it a step further and create fake networks with generic names that trick unsuspecting users into connecting their devices. These networks are called “evil-twin” networks. For help in spotting these imposters, there are few tricks the savvy user can deploy to prevent an evil twin network from wreaking havoc on their mobile device:
Fake apps have become a rampant problem for Android and iPhone users alike. This is mainly in part due to malicious apps hiding in plain sight on legitimate sources, such as the Google Play Store and Apple’s App Store. After users download a faulty app, cybercriminals deploy malware that operates in the background of mobile devices which makes it difficult for users to realize anything is wrong. And while users think they’ve just downloaded another run-of-the-mill app, the malware is hard at work obtaining personal data.
In order to keep sensitive information out of the hands of cybercriminals, here are a few things users can look for when they need to determine whether an app is fact or fiction:
With so many types of malware out in the world, it’s hard to keep track of them all. But there is one in particular that mobile device users need to be keenly aware of called grayware. As a coverall term for software or code that sits between normal and malicious, grayware comes in many forms, such as adware, spyware or madware. While adware and spyware can sometimes operate simultaneously on infected computers, madware — or adware on mobile devices — infiltrates smartphones by hiding within rogue apps. Once a mobile device is infected with madware from a malicious app, ads can infiltrate almost every aspect on a user’s phone. Madware isn’t just annoying; it also is a security and privacy risk, as some threats will try to obtain users’ data. To avoid the annoyance, as well as the cybersecurity risks of grayware, users can prepare their devices with these cautionary steps:
The post Cybercrime’s Most Wanted: Four Mobile Threats that Might Surprise You appeared first on McAfee Blog.
The concept of zero trust is not a new one, and some may even argue that the term is overused. In reality, however, its criticality is growing with each passing day. Why? Because many of today’s attacks begin with the user. According to Verizon’s Data Breach Investigations Report, 82% of breaches involve the human element — whether it’s stolen credentials, phishing, misuse or error.
Additionally, today’s businesses are hyper-connected, meaning that — in addition to your employees — customers, partners and suppliers are all part of your ecosystem. Couple that with hybrid work, IoT, the move to the cloud, and more emboldened attackers, and organizational risk increases exponentially.
Adopting a zero trust model can dramatically reduce this risk by eliminating implicit trust. It has become so crucial, in fact, that several governments including the U.S., UK and Australia have released mandates and guidance for how organizations should deploy zero trust to improve national security.
However, because zero trust is more of a concept than a technology, and so many vendors use the term, organizations struggle with the best way to implement it. At Cisco, we believe you should take a holistic approach to zero trust, starting with what you have and adding on as you identify gaps in your defenses. And while layers of protection are necessary for powerful security, so is ease of use.
Zero trust plays a major role in building security resilience, or the ability to withstand unpredictable threats or changes and emerge stronger. Through zero trust, the identity and security posture of users, devices and applications are continuously checked and verified to prevent network intrusions — and to also limit impact if an unauthorized entity does gain access.
Organizations with high zero trust maturity are twice as likely to achieve business resilience.
– Cisco’s Guide to Zero Trust Maturity
Eliminating trust, however, doesn’t really conjure up images of user-friendly technology. No matter how necessary they are for the business, employees are unlikely to embrace security measures that make their jobs more cumbersome and time-consuming. Instead, they want fast, consistent access to any application no matter where they are or which device they are using.
That’s why Cisco is taking a different approach to zero trust — one that removes friction for the user. For example, with Cisco Secure Access by Duo, organizations can provide those connecting to their network with several quick, easy authentication options. This way, they can put in place multi-factor authentication (MFA) that frustrates attackers, not users.
Cisco Secure Access by Duo is a key pillar of zero trust security, providing industry-leading features for secure access, authentication and device monitoring. Duo is customizable, straightforward to use, and simple to set up. It enables the use of modern authentication methods including biometrics, passwordless and single sign-on (SSO) to help organizations advance zero trust without sacrificing user experience. Duo also provides the flexibility organizations need to enable secure remote access with or without a VPN connection.
During Cisco’s own roll-out of Duo to over 100,000 people, less than 1% of users contacted the help desk for assistance. On an annual basis, Duo is saving Cisco $3.4 million in employee productivity and $500,000 in IT help desk support costs. Furthermore, 86,000 potential compromises are averted by Duo each month.
La-Z-Boy, one of the world’s leading residential furniture producers, also wanted to defend its employees against cybersecurity breaches through MFA and zero trust. It needed a data security solution that worked agnostically, could grow with the company, and that was easy to roll out and implement.
“When COVID first hit and people were sent home to work remotely, we started seeing more hacking activity…” said Craig Vincent, director of IT infrastructure and operations at La-Z-Boy. “We were looking for opportunities to secure our environment with a second factor…. We knew that even post-pandemic we would need a hybrid solution.”
“It was very quick and easy to see where Duo fit into our environment quite well, and worked with any application or legacy app, while deploying quickly.” – Craig Vincent, Director of IT Infrastructure and Operations, La-Z-Boy
Today, Duo helps La-Z-Boy maintain a zero trust framework, stay compliant, and get clear visibility into what is connecting to its network and VPN. Zero trust helps La-Z-Boy secure its organization against threats such as phishing, stolen credentials and out-of-date devices that may be vulnerable to known exploits and malware.
As mentioned, zero trust is a framework, not a single product or technology. For zero trust to be truly effective, it must do four things:
Many technology companies may offer a single component of zero trust, or one aspect of protection, but Cisco’s robust networking and security expertise enables us to provide a holistic zero trust solution. Not only can we support all the steps above, but we can do so across your whole IT ecosystem.
Modern organizations are operating multi-environment ecosystems that include a mix of on-premises and cloud technologies from various vendors. Zero trust solutions should be able to protect across all this infrastructure, no matter which providers are in use. Protections should also extend from the network and cloud to users, devices, applications and data. With Cisco’s extensive security portfolio, operating on multiple clouds and platforms, zero trust controls can be embedded at every layer.
Depending on where you are in your security journey, embedding zero trust at every layer of your infrastructure may sound like a lofty endeavor. That’s why we meet customers where they are on their path to zero trust. Whether your first priority is to meet regulatory requirements, secure hybrid work, protect the cloud, or something else, we have the expertise to help you get started. We provide clear guidance and technologies for zero trust security mapped to established frameworks from organizations like CISA and NIST.
Much of our Cisco Secure portfolio can be used to build a successful zero trust framework, but some examples of what we offer include:
All of our technologies and services are backed by the unparalleled intelligence of Cisco Talos — so you always have up-to-date protection as you build your zero trust architecture. Additionally, our open, integrated security platform — Cisco SecureX — makes it simple to expand and scale your security controls, knowing they will work with your other technologies for more unified defenses.
As Italy’s leading insurance company, Sara Assicurazioni requires complete visibility into its extended network, including a multi-cloud architecture and hybrid workforce. The company has adopted a comprehensive zero trust strategy through Cisco Secure.
“Our decentralized users, endpoints, and cloud-based servers and workloads contribute to a large attack surface,” says Paolo Perrucci, director of information and communications technology architectures and operations at Sara Assicurazioni. “With Cisco, we have the right level of visibility on this surface.”
“The main reason we chose Cisco is that only Cisco can offer a global security solution rather than covering one specific point…. Thanks to Cisco Secure, I’m quite confident that our security posture is now many times better because we are leveraging more scalable, state-of-the-art security solutions.” – Luigi Vassallo, COO & CTO, Sara Assicurazioni
To learn more, explore our zero trust page and sign up for one of our free zero trust workshops.
Watch video: How Cisco implemented zero trust in just five months
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Just a few years ago when the topic of supporting offsite workers arose, some of the key conversation topics were related to purchase, logistics, deployment, maintenance and similar issues. The discussions back then were more like “special cases” vs. today’s environment where supporting workers offsite (now known as the hybrid workforce) has become a critical mainstream topic.
Now with the bulk of many organization’s workers off-premise, the topic of security and the ability of a security vendor to help support an organization’s hybrid workers has risen to the top of the selection criteria. In a soon to be released Cisco endpoint survey, it’s not surprising that the ability of a security vendor to make supporting the hybrid workforce easier and more efficient was the key motivating factor when organizations choose security solutions.
Today, when prospects and existing customers look at Cisco’s ability to support hybrid workers with our advanced security solution set and open platform, it’s quite clear that we can deliver on that promise. But, yes, good tools make it easier and more efficient, but the reality is that running a SOC or any security group, large or small, still takes a lot of work. Most organizations not only rely on advanced security tools but utilize a set of best practices to provide clarity of roles, efficiency of operation, and for the more prepared, have tested these best practices to prove to themselves that they are prepared for what’s next.
Knowing that not all organizations have this degree of security maturity and preparedness, we gathered a couple of subject matter experts together to discuss 5 areas of time-tested best practices that, besides the advanced tools offered by Cisco and others, can help your SOC (or small security team) yield actionable insights and guide you faster, and with more confidence, toward the outcomes you want.
In this webinar you will hear practical advice from Cisco technical marketing and a representative from our award winning Talos Threat Intelligence group, the same group who have created and are maintaining breach defense in partnership with Fortune 500 Security Operating Centers (SOC) around the globe.
You can expect to hear our 5 Best Practices recommendations on the following topics;
Check out our webinar to find out how you can become more security resilient and be better prepared for what’s next.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
The last few years have proved to be a catalyst for digital transformation for many of our enterprise customers. Application modernization and adopting multicloud are the foundational building blocks for digitizing business. Customers employ CI/CD (continuous integration, continuous delivery) to modernize their applications, building them on a cloud infrastructure. This evolution has given rise to new application security challenges in terms of speed, scale, as well as new and unfamiliar control points – not to mention siloed organizations and tools.
To address these security challenges, Cisco Secure Workload delivers zero trust microsegmentation in an infrastructure, location, and form factor agnostic way. It safeguards application workloads, wherever they live across the hybrid and multicloud environment. The recent release of Secure Workload 3.7 introduces “policy as code” support – delivering security at the speed of DevOps. It enables Secure Workload to be integrated with the customer’s choice of CI/CD toolchains, such as Jenkins or GitLab, and ingest the application security policy during the build phase of the application. Secure Workload then renders the policies onto the relevant workloads when the application goes live.
As the graphic below illustrates, Secure Workload ingests policies using Terraform or Ansible, which are widely adopted tools used by the DevOps team to automate infrastructure related tasks. Secure Workload integrates with the CI/CD toolchains using a YAML (.yml) manifest to ingest the policy. It then programs the same policies to the relevant enforcement point to achieve least privilege access for the newly built or upgraded application.
Policy as code helps customers automate policy deployment at the speed and scale of modern applications. It also simplifies collaboration between DevOps/DevSecOps and NetSec teams. The policies are written in the application language and give appropriate controls to developers to write their requirements into the application while the NetSec team ensures full compliance to the infosec policies dictated by the CISO organization.
In summary, Secure Workload removes the barriers to achieving automated application deployment across highly distributed multicloud environments, without compromising security, compliance, or user experience. The result – stronger security, faster application deployment, and more efficient collaboration.
For more information on policy as code, contact your Cisco Account Team or Partner Account Manager.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
The word is out! Cisco Secure Endpoint’s effectiveness is off the charts in protecting your enterprise environment.
This is not just a baseless opinion; however, the facts are rooted in actual test results from the annual AV-Comparative EPR Test Report published in October 2022. Not only did Secure Endpoint knock it out of the park in enterprise protection; but Cisco Secure Endpoint obtained the lowest total cost of ownership (TCO) per agent at $587 over 5 years. No one else was remotely close in this area. More to come on that later.
If you are not familiar with the “AV-Comparatives Endpoint Prevention and Response Test is the most comprehensive test of EPR products ever performed. The 10 products in the test were subjected to 50 separate targeted attack scenarios, which used a variety of different techniques.”
These results are from an industry-respected third-party organization that assesses antivirus software and has just confirmed what we know and believe here at Cisco, which is our Secure Endpoint product is the industry’s best of the best.
Look for yourself at where we landed. That’s right, Cisco Secure Endpoint smashed this test, we are almost off the quadrant as one of the “Strategic Leaders”.
We ended up here for a combination of reasons, with the top being our efficacy in protecting our customers’ environments in this real-world test that emulates multi-stage attacks similar to MITRE’s ATT&CK evaluations which are conducted as part of this process (click here for an overview of MITRE ATT&CK techniques). Out of all the 50 scenarios tested, Secure Endpoint was the only product that STOPPED 100% of targeted threats toward enterprise users, which prevented further infiltration into the organization.
In addition, this test not only assesses the efficacy of endpoint security products but also analyzes their cost-effectiveness. Following up on my earlier remarks about achieving the lowest cost of ownership, the graph below displays how we stacked up against other industry players in this space including several well-known vendors that chose not to display their names due to poor results.
These results provide a meaningful proof point that Cisco Secure Endpoint is perfectly positioned to secure the enterprise as well as secure the future of hybrid workers.
Enriched with built-in Extended Detection and Response (XDR) capabilities, Cisco Secure Endpoint has allowed our customers to maintain resiliency when faced with outside threats.
As we embark on securing “what’s next” by staying ahead of unforeseen cyber threats of tomorrow, Cisco Secure Endpoint integration with the complete Cisco Secure Solutions portfolio allows you to move forward with the peace of mind that if it’s connected, we can and will protect it.
Now that you have seen how effective Secure Endpoint is with live real-world testing, try it for yourself with one of our live instant demos. Click here to access instructions on how to download and install your demo account for a test drive.
Click here to see what analysts, customers, and third-party testing organizations have to say about Cisco Secure Endpoint Security efficacy, easy implementation and overall low total cost of ownership for their organization —and stay ahead of threats.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Organizations embrace the public cloud for the agility, scalability, and reliability it offers when running applications. But just as organizations need these capabilities to ensure their applications operate where needed and as needed, they also require their security does the same. Organizations may introduce multiple individual firewalls into their AWS infrastructure to produce this outcome. In theory, this may be a good decision, but in practice—this could lead to asymmetric routing issues. Complex SNAT configuration can mitigate asymmetric routing issues, but this isn’t practical for sustaining public cloud operations. Organizations are looking out for their long-term cloud strategies by ruling out SNAT and are calling for a more reliable and scalable solution for connecting their applications and security for always-on protection.
To solve these challenges, Cisco created stateful firewall clustering with Secure Firewall in AWS.
Firewall clustering for Secure Firewall Threat Defense Virtual provides a highly resilient and reliable architecture for securing your AWS cloud environment. This capability lets you group multiple Secure Firewall Threat Defense Virtual appliances together as a single logical device, known as a “cluster.”
A cluster provides all the conveniences of a single device (management and integration into a network) while taking advantage of the increased throughput and redundancy you would expect from deploying multiple devices individually. Cisco uses Cluster Control Link (CCL) for forwarding asymmetric traffic across devices in the cluster. Clusters can go up to 16 members, and we use VxLAN for CCL.
In this case, clustering has the following roles:
The above diagram explains traffic flow between the client and the server with the insertion of the firewall cluster in the network. Below defines the roles of clustering and how packet flow interacts at each step.
Owner: The Owner is the node in the cluster that initially receives the connection.
Backup Owner: The node that stores TCP/UDP state information received from the Owner so that the connection can be seamlessly transferred to a new owner in case of failure.
Director: The Director is the node in the cluster that handles owner lookup requests from the Forwarder(s).
Forwarder: The Forwarder is a node in the cluster that redirects packets to the Owner.
Fragment Owner: For fragmented packets, cluster nodes that receive a fragment determine a Fragment Owner using a hash of the fragment source IP address, destination IP address, and the packet ID. All fragments are then redirected to the Fragment Owner over Cluster Control Link.
Cisco brought support for AWS Gateway Load Balancer (Figure 2). This feature enables organizations to scale their firewall presence as needed to meet demand (see details here).
Building off the previous figure, organizations can take advantage of the AWS Gateway Load Balancer with Secure Firewall’s clustering capability to evenly distribute traffic at the Secure Firewall cluster. This enables organizations to maximize the benefits of clustering capabilities including increased throughput and redundancy. Figure 3 shows how positioning a Secure Firewall cluster behind the AWS Gateway Load Balancer creates a resilient architecture. Let’s take a closer look at what is going on in the diagram.
Figure 3 shows an Internet user looking to access a workload. Before the user can access the workload, the user’s traffic is routed to Firewall Node 2 for inspection. The traffic flow for this example includes:
User -> IGW -> GWLBe -> GWLB -> Secure Firewall (2) -> GLWB -> GWLBe -> Workload
In the event of failure, the AWS Gateway Load Balancer cuts off existing connections to the failed node, making the above solution non-stateful.
Recently, AWS announced a new feature for their load balancers known as Target Failover for Existing Flows. This feature enables forwarding of existing connections to another target in the event of failure.
Cisco is an early adaptor of this feature and has combined Target Failover for Existing Flows with Secure Firewall clustering capabilities to create the industry’s first stateful cluster in AWS.
Figure 4 shows a firewall failure event and how the AWS Gateway Load Balancer uses the Target Failover for Existing Flows feature to switch the traffic flow from Firewall Node 2 to Firewall Node 3. The traffic flow for this example includes:
User -> IGW -> GWLBe -> GWLB -> Secure Firewall (3) -> GLWB -> GWLBe -> Workload
Organizations need reliable and scalable security to protect always-on applications in their AWS cloud environment. With stateful firewall clustering capabilities from Cisco, organizations can protect their applications while maintaining cloud benefits such as agility, scalability, and reliability.
Cisco Secure Firewall Threat Defense Virtual is available in the AWS marketplace, providing features like firewalling, application visibility & control, IPS, URL filtering, and malware defense. Cisco offers flexible options for firewall licensing, such as pay-as-you-go (PAYG) and bring-your-own-license (BYOL). To learn more about how Cisco Secure Firewall clustering capabilities can help protect your AWS applications, see our additional resources, check out our 30-day free trial, or speak to your Cisco sales representative.
Cisco Secure Firewall Clustering in the Cloud
Introducing AWS Gateway Load Balancer Target Failover for Existing Flows
Secure Firewall for Public Cloud webpage
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Since 1996, United Nations members have commemorated Nov. 16 as International Day of Tolerance. As a word, tolerance can mean different things to different people and cultures. The UN defines tolerance as: “respect, acceptance and appreciation of the rich diversity of our world’s cultures, our forms of expression and ways of being human.” I define it slightly differently. To me, tolerance is acceptance. Tolerance is inclusion. Tolerance is humanity. Tolerance is letting people be and live authentically as they choose.
Being able to live authentically is key. It’s about creating an environment for everyone to fit in and feel a sense of belonging. In a way, this means obfuscating the “standard” and stop paying attention to the degrees of variation from it. Tolerance is a step one in that process and a critical step toward a more diverse and tolerant world.
But if this is the goal, I say we have lots of work left in promoting this within our workforce, especially in the cybersecurity industry. I wrote extensively about this in a blog last year on why diversity matters so much to create stronger cybersecurity organizations. I pointed out that cybersecurity as a technology is multi-faceted and constantly changing. So, it would make sense that a highly diverse organization would provide different perspectives and more creative solutions to these challenges.
Even in the face of this logical goal of creating more diverse workforces, legacy recruiting, education, and even hiring practices are holding us back as an industry. I’ll look at one workforce populations specifically, women in cybersecurity. Currently, women constitute less than 25 percent of the workforce in cybersecurity. Of course, this is inclusive of all roles in cybersecurity meaning that I think it’s fair to say that the percentage of women in technical cybersecurity roles (e.g., software and hardware engineering) would be much lower. That’s discouraging, especially when there are still more than 700,000 cybersecurity positions that remain unfilled, many of them being high-paying roles.
Perhaps the more important question is “why?” The International Information System Security Certification Consortium (ISC2) commissioned a study to examine this issue closely and came up with some important conclusions that I’ll summarize.
In promoting the International Day of Tolerance, Secretary-General Ban Ki-moon listed three ways we as a global society can be more tolerant: education, inclusion, and opportunities. As it happens, those are also exactly the approaches required to create more diverse workforces.
Of the three, I believe education (the earlier the better) is key as it’s foundational to being able to take advantage of inclusion and opportunities. Yes, we must continue to invest in STEM education and encourage more girls and minorities to take part. But the harder challenge is to somehow overcome the perception issue among large parts of these populations that the STEM field is not for them.
I believe that will require an investment in time and interaction in the form of mentoring and community outreach. For example, the Cisco Women in Technology employee resource organization that I’m proud to be the executive sponsor for, started a coding bootcamp targeting underrepresented populations. There will be many more bootcamps next year including weeklong camps in the summer. We need more of this, much more and I know there are many companies in cybersecurity who have similar aspirations and programs.
So, on this International Day of Tolerance, I ask my fellow cybersecurity professionals to at least think of ways they can influence someone in an underrepresented population to explore a career in the STEM field including cybersecurity. Take part in local volunteer activities at a school, especially in an inner-city one, like the kind that the Cisco Networking Academy is renowned for. Join and be an active participant in one of many cybersecurity organizations and affinity groups. Become a sponsor and a mentor to a girl or a minority and help encourage them to get ready to join this exciting and lucrative industry.
But whatever you do, get started. Author and activist Rachel Cargle spoke to us earlier this year as part of our Black History Month celebration about what it means to show up with purpose toward addressing many injustices that still exist today. “There’s an incredible disconnect here between humanity and dignity and all of this stuff in the country, and that should hopefully push you to action,” she said. Indeed, as these are issues that have existed for decades, and we will not solve them in a day, a month, or even a year. But if we don’t start, I’m afraid that the diversity issues that I’ve highlighted will be much the same in the International Day of Tolerance for years to come.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Cyber security implies protecting the confidentiality, availability and integrity of computer systems and networks. Often security researchers and security teams focus on threats to software and the risks associated with authenticating and managing users. However, computing systems are built upon a tall stack of computing resources.
Each layer within the stack is exposed to specific threats which need to be considered as part of a cyber security strategy. As the threat landscape evolves and exposure to risk changes, organizations need to review their threat exposure and consider if current mitigations are sufficient for their needs.
The recent disruption of the Nord Stream submarine gas pipeline in the Baltic Sea by an apparent act of sabotage highlights the risks to infrastructure located beneath the waves. The telecommunications infrastructure that carries internet traffic between countries and continents is often provided by submarine cables. These cables are relatively few in number but carry vast amounts of internet and enterprise traffic, potentially from many different service providers.
The seabed is a challenging environment for infrastructure. Sea water is corrosive, the pressure on the ocean floor can be extreme, while earthquakes, ship’s anchors and dredging provide additional risks to may result in the severing of a cable. Submarine cables are only expected to achieve a lifespan in the region of 25 years before failure.
Repairing or replacing a submarine cable is expensive and time consuming. It may be many months before a failed cable can be repaired or replaced. In the absence of a functioning cable, internet connections must be rerouted to avoid disruption. However, this risks saturating the remaining infrastructure and adversely affecting the quality of connections.
Organizations that require high availability international or intercontinental network connections should review their exposure to the risk of submarine cables failure. The nature of this risk will depend on how services are currently delivered.
At the time of writing there is no specific threat to undersea infrastructure. Other than attacks against terrestrial cables, no cable damage has been shown to be due to sabotage. Nevertheless, the Secretary General of NATO has stressed the importance of undersea cables to civilian society and military capability [1]. The British Chief of Defense Staff has warned how seriously intentional damage to telecommunications cables would be taken [2].
Physical infrastructure can not be taken for granted. Organizations would do well to review the impact of one or more submarine cables being taken out of service. Preparing response plans and contingencies in advance ensures that disruption is kept to a minimum in the event that such a scenario occurs.
[1]. Press Conference (22 Oct 2020), NATO Secretary General Jens Stoltenberg.
https://www.nato.int/cps/en/natohq/opinions_178946.htm?selectedLocale=en
[2]. “Chief of Defence Staff: Russia cutting underwater cables could be ‘an act of war’” (8 Jan 2022), Forces.net.
https://www.forces.net/news/chief-defence-staff-russia-cutting-underwater-cables-could-be-act-war
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Have you ever been browsing online and clicked a link or search result that took you to a site that triggers a “your connection is not private” or “your connection is not secure” error code? If you’re not too interested in that particular result, you may simply move on to another result option. But if you’re tempted to visit the site anyway, you should be sure you understand what the warning means, what the risks are, and how to bypass the error if you need to.
A “your connection is not private” error means that your browser cannot determine with certainty that a website has safe encryption protocols in place to protect your device and data. You can bump into this error on any device connected to the internet — computer, smartphone, or tablet.
So, what exactly is going on when you see the “this connection is not private” error?
For starters, it’s important to know that seeing the error is just a warning, and it does not mean any of your private information is compromised. A “your connection is not private” error means the website you were trying to visit does not have an up-to-date SSL (secure sockets layer) security certificate.
Website owners must maintain the licensing regularly to ensure the site encryption capabilities are up to date. If the website’s SSL certificate is outdated, it means the site owners have not kept their encryption licensing current, but it doesn’t necessarily mean they are up to no good. Even major websites like LinkedIn have had momentary lapses that would throw the error. LinkedIn mistakenly let their subdomain SSL certificates lapse.
In late 2021, a significant provider of SSL certificates, Let’s Encrypt, went out of business. When their root domain officially lapsed, it created issues for many domain names and SSL certificates owned by legitimate companies. The privacy error created problems for unwitting businesses, as many of their website visitors were rightfully concerned about site security.
While it does not always mean a website is unsafe to browse, it should not be ignored. A secure internet connection is critical to protecting yourself online. Many nefarious websites are dangerous to visit, and this SSL certificate error will protect you from walking into them unaware.
SSL certification standards have helped make the web a safer place to transact. It helps ensure online activities like paying bills online, ordering products, connecting to online banking, or keeping your private email accounts safe and secure. Online security continues to improve with a new Transport Layer Security (TLS) standard, which promises to be the successor protocol to SSL.
So be careful whenever visiting sites that trigger the “connection is not private” error, as those sites can potentially make your personal data less secure and make your devices vulnerable to viruses and malware.
Note: The “your connection is not private” error is Google Chrome‘s phrasing. Microsoft Edge or Mozilla Firefox users will instead see a “your connection is not secure” error as the warning message.
If you feel confident that a website or page is safe, despite the warning from your web browser, there are a few things you can do to troubleshoot the error.
Remember, you are taking your chances anytime you ignore an error. As we mentioned, you could leave yourself vulnerable to hackers after your passwords, personal information, and other risks.
Your data and private information are valuable to hackers, so they will continue to find new ways to try and procure it. Here are some ways to protect yourself and your data when browsing online.
As we continue to do more critical business online, we must also do our best to address the risks of the internet’s many conveniences.
A comprehensive cybersecurity tool like McAfee+ Ultimate can help protect you from online scams, identity theft, and phishing attempts, and ensure you always have a secure connection. McAfee helps keep your sensitive information out of the hands of hackers and can help you keep your digital data footprints lighter with personal data cleanup.
With McAfee’s experts on your side, you can enjoy everything the web offers with the confidence of total protection.
The post “This Connection Is Not Private” – What it Means and How to Protect Your Privacy appeared first on McAfee Blog.
cryptorom-1200
Cybersecurity has changed dramatically since the dawn of firewalls in the 1980s. But despite all the upheaval and innovation, they have stood the test of time. The basic concept of allowing “good” traffic to flow and blocking the bad stuff remains essential. Of course, it looks much different now than in the era of Care Bears and Cabbage Patch Kids.
Today’s workers, data, and applications are everywhere, and firewalls must be as well. There’s no longer just one finite space to defend. With the recent explosion of hybrid work and the rapid transition to multi-cloud environments, it’s imperative that firewalls evolve alongside a business — and be ready for whatever’s next.
So, can your firewall grow with you? Or is it stuck in the age of Hair Bands and He-Man?
The past few years have brought about a keen focus on resilience — remaining strong, yet adaptable in the face of unexpected and even unfathomable challenges. But an organization cannot persevere without security being at the forefront of any resilience strategy.
96% of executives consider security resilience highly important to their business.
– Cisco Security Outcomes Report
Firewalls are a critical foundation for building powerful, resilient security infrastructure. Yet contemporary firewalls have to be and do more than one thing. Cisco Secure Firewall delivers world-class security controls wherever you need them, with unified visibility and consistent policy management and enforcement.
As a worldwide leader in networking and security, Cisco is better positioned than any other vendor to incorporate effective firewall controls into your infrastructure — anywhere your data and applications reside. According to a study conducted on behalf of Cisco by Forrester Research, Cisco Secure Firewall customers can:
Cisco Secure Firewall delivers on several key aspects necessary for security resilience: visibility, flexibility, intelligence, integration, and unified controls. Together, they enable organizations to close gaps, see and detect threats faster, and adapt quickly to change.
Watch video: Cisco Secure Firewall Overview
With most of today’s internet traffic being encrypted, security measures can become obsolete without the ability to see into all traffic, encrypted or not. While decryption is commonplace, it is simply not feasible in many cases, and can have serious impacts on network performance. With its Encrypted Visibility Engine, Cisco Secure Firewall leverages deep packet inspection (DPI) to identify potentially malicious applications in encrypted traffic without offloading to another appliance and degrading performance.
Due to a highly distributed network and workforce, as well as constantly maturing attacks, the ability to see into every corner of your ecosystem is crucial. Cisco Secure Firewall blends multiple technologies to detect and block more threats in more places. By combining traditional firewall capabilities with URL filtering, application visibility and control, malware defense, and Snort 3 intrusion prevention, organizations gain robust protection against even the most sophisticated threats.
Cisco offers a wide variety of firewalls for defending the different areas of your network — including physical, virtual, and cloud-native — as well as cloud-delivered. We can secure businesses and offices of all types and sizes, from the data center to the cloud.
Cisco Secure also provides flexible firewall management options, enabling you to deploy and operate your security architecture in a way that is tailored to the unique requirements of your NetOps, SecOps, and DevOps teams. No matter which firewall models you choose or environments you operate in (physical or virtual), you can use a single, simplified application to manage all your firewalls from one place.
The threat landscape changes every day, and our defenses must change with it. Cisco Talos is one of the largest and most trusted threat intelligence groups in the world. Its in-depth insight into global threats, and advanced research and analysis, enable us to quickly incorporate protections for new threats into our products via hourly updates. That way, Cisco customers are continuously safeguarded from both known and unknown threats.
“When the Log4j vulnerability was discovered, we were protected before we even completed our patching,” said Paul Smith, network administrator at Marian University. “As a result of automated hourly updates from Talos, Cisco Secure Firewall had an early detection signature, so it was already blocking the concerning traffic from infiltrating our network.”
Another differentiator for Cisco Secure Firewall is that it’s part of an integrated security ecosystem. With Cisco SecureX, organizations can correlate data from multiple technologies and unleash XDR capabilities for a centralized, automated response to threats.
“At the end of the day, it’s about protecting the data, and we do that with the integration of [Cisco] Secure Endpoint, Umbrella, and Secure Firewall, which combine to protect the networks, endpoints, workstations, and servers — and all of this can be correlated easily within SecureX.”
– Elliott Bujan, IT Security Manager, Marine Credit Union
The new Cloud-delivered Firewall Management Center leverages the cloud to facilitate agile, simplified operations for a distributed, hybrid network. It provides efficiency at scale by allowing security teams to swiftly deploy and update policies across their environment with just a few clicks, as well as take coordinated actions to prioritize, investigate, and remediate threats within a single pane of glass. And with a cloud-delivered management center, Cisco regularly updates its software behind the scenes, which reduces risk, maintains compliance, and gives your team more time to focus on other priorities.
Additionally, Cisco Secure Firewall dynamically shares policies driven by intelligence from Cisco Secure Workload, which uses microsegmentation to prevent lateral movement of attackers throughout a network. This allows security policies to be harmonized across both the network and application environments, boosting efficacy and fostering collaboration between teams.
These are just some examples of what makes up a comprehensive, modernized firewall. But Cisco is not stopping there. We continue to innovate to meet evolving business needs. For example, the new enterprise-class 3100 Series firewalls are specially designed for hybrid work, supporting more end users with high-performance remote access for increased organizational flexibility.
Additionally, Cisco Secure Firewall serves as a key component of advanced security strategies including XDR, SASE, and zero trust, helping businesses keep pace with accelerating digital transformation. According to Cisco’s most recent Security Outcomes Report, organizations with mature XDR, SASE, and zero trust implementations all boast significantly higher levels of security resilience.
Fuel and energy retailer, Ampol, uses a variety of Cisco technologies, including Secure Firewall, to segment and safeguard its network. “Cisco was an integral part of our success during COVID-19 as we were able to serve customers without interruption in stores,” said Amir Yassa, senior project specialist at Ampol. “Deploying our retail resilience project, mostly comprised of Cisco products, enabled us to reduce our IT-related incidents by 90%, thus enabling us to serve our customers better now and into the future.”
Is your firewall keeping up with future demands, or is it still stuck in the 80s teasing its hair? If it’s the latter, we can help. Visit cisco.com/go/firewall and learn how to refresh your firewall.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Nowadays, “cybersecurity” is the buzzword du jour, infiltrating every organization, invited or not. Furthermore, this is the case around the world, where an increasing proportion of all services now have an online presence, prompting businesses to reconsider the security of their systems. This, however, is not news to Cisco, as we anticipated it and were prepared to serve and assist clients worldwide.
Secure Cloud Analytics, part of the Cisco Threat, Detection, and Response (TD&R) portfolio, is an industry-leading tool for tackling core Network Detection and Response (NDR) use cases. These workflows focus primarily on threat detection and how security teams may recognize the most critical issues around hunting and forensic investigations to improve their mean-time-to-respond.
Over the last year, the product team worked tirelessly to strengthen the NDR offering. New telemetry sources, more advanced detections, and observations supplement the context of essential infrastructure aspects as well as usability and interoperability improvements. Additionally, the long-awaited solution Cisco Telemetry Broker is now available, providing a richer SecOps experience across the product.
As part of our innovation story on alerting capabilities, Secure Cloud Analytics now features new detections tied to the MITRE ATT&CK framework such as Worm Propagation, Suspicious User Agent, and Azure OAuth Bypass.
Additionally, various new roles and observations were added to the Secure Cloud Analytics to improve and change user alerts, that are foundational pieces of our detections. Alerts now include a direct link to AWS’ assets and their VPC, as well as direct access to Azure Security Groups, enabling further investigation capabilities through simplified workflows. In addition, the Public Cloud Providers are now included in coverage reports that provide a gap analysis to determine which accounts are covered. Alert Details offers new device information, such as host names, subnets, and role metrics that emphasize detection techniques. To better configure alerts, we are adding telemetry to gain contextual reference on their priority. Furthermore, the ingest process has grown more robust due to data from the Talos intelligence feed and ISE.
The highly anticipated SecureX integration is now available in a single click, with no API credentials required and smooth interaction between the two platforms. Most importantly, Secure Cloud Analytics alerts may now be configured to automatically publish as incidents to the SecureX Incident Manager. The Talos Intelligence Watchlist Hits Alert is on by default due to its prominence among the many alert types.
Among other enhancements to graphs and visualizations, the Encrypted Traffic widget allows for an hourly breakdown of data. Simultaneously, the Device Report contains traffic data for a specific timestamp, which may be downloaded as a CSV. Furthermore, the Event Viewer now displays bi-directional session traffic to provide even more context to Secure Cloud Analytics flows, as well as additional columns to help with telemetry log comprehension: Cloud Account, Cloud Region, Cloud VPC, Sensor and Exporter.
On-premises sensors now provide additional telemetry on the overview page and a dedicated page where users can look further into the telemetry flowing through them in Sensor Health. To optimize the Secure Cloud Analytics deployment and improve the user experience, sensors may now be deleted from the interface.
Regarding telemetry, Cisco Telemetry Broker can now serve as a sensor in Secure Cloud Analytics, so users can identify and respond to threats faster with additional context sent to Secure Cloud Analytics. In addition, there will soon be support for other telemetry types besides IPFIX and NetFlow.
As we can see from the vast number of new additions to Secure Cloud Analytics, the product team has been working hard to understand the latest market trends, listen to the customers’ requests, and build one of the finest SaaS products in the NDR industry segment. The efforts strongly underline how Secure Cloud Analytics can solve some of the most important challenges in the NDR space around visibility, fidelity of alerts and deployment complexity by providing a cloud hosted platform that can offer insights on-premise and on cloud environments simultaneously from the same dashboard. Learn more about new features that allow Secure Cloud Analytics to detect, analyze, and respond to the most critical dangers to their company much more quickly.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
For Cisco engineers working on Duo, having a remote-first workplace has helped them reach life goals, connect with colleagues around the world, and be intentional communicators. We understand that working remotely can be an adjustment — that’s why we’ve compiled the 10 parts of remote work that surprised our team members most and their advice for navigating the nuances. If you’re interested in being part of a remote-first workplace, check out our open positions.
Senior Engineering Leader David Rines has worked remotely for the past seven years. He’s found that Cisco’s approach to distributed teams has “enabled us to pick up the right talent, and not necessarily local talent. We are moving towards a global, follow the sun environment,” he said.
One of the aspects Rines appreciates most of this structure is getting “a widely varied set of perspectives and experiences that help build a more reliable, more robust product, which is why we’re here.”
Another benefit to having colleagues across the globe is the sharing of recipes, a perk Senior Site Reliability Engineer Bernard Ting particularly enjoys. Proactively communicating with colleagues virtually “helps you to form bonds with people from other teams. You can always learn something new about cultures elsewhere. I talk to people about food and so I’m always gathering recipes from people from all over the world,” Ting shared.
While some may fear that working remotely could lead to feelings of isolation and loneliness, a different camaraderie can flourish in the structure of our distributed teams. With colleagues across time zones, “there’s always someone there who you can reach out to help solve your problem,” Rines said.
Collaboration hours are another way Site Reliability Engineering Manager Jaya Sistla has cultivated virtual community and problem-solving. These hours are blocked off for team members to talk about what they’re working on. “The main thing is being able to ask for help so you don’t go into the rabbit hole debugging things,” Sistla said.
Ting points out that working in a distributed model allows you to really engage in virtual events and conversations. Given that the team mainly communicates through online chat, Ting has found that “forces you to see everyone as equally approachable, which has made me more comfortable reaching out to people from anywhere in the world.”
For folks sharing an office, collaboration can happen through casual chats over coffee. When facing a challenge, you can ask your neighbor for support. While ideally virtual communication could have a similar cadence and spontaneity, the logistics of remote and distributed work require intentionality and being proactive in connecting with colleagues as people and as co-workers.
When Ting first started working remotely, he felt that every meeting needed to be formal and have a business objective. By sharing his feelings with his manager, he was reassured that “socializing is a very important part of teamwork, because if you don’t have a good relationship with your colleagues you’re not going to be able to have healthy discussions, healthy conflict or be able to critique each other when the situation arises.”
Since that conversation, Ting has been more proactive about catching up with colleagues, which can include sharing a coffee over video chat. Duo’s “coffee roulette” formalizes the process as every month, employees who opt in can be randomly paired up for a quick half-hour chat focused exclusively on socializing. Ting has found being proactive about socializing virtually helpful. “It’s made me more intentional with my time and really treasure the social experience you can get,” he said.
Some folks may be concerned that without a manager observing their efforts and work ethic day in and day out, it may be harder to recognize accomplishments and challenges. Ting found that within his team “when you work on projects and in your one-on-ones with your managers, they’re always very intentional about learning what you’ve been doing and seeing what your progress is like on certain projects. I’ve been asked, ‘How do you think you can improve? What are some of the things you’ve been doing outside of the team work?’”
To cultivate cross-team collaboration and education, there are thoughtfully planned virtual lunch and learns. “We schedule training sessions and common meetings at times that are flexible for everyone. If it has to be repeated, we do it so people can comfortably attend rather than stretching themselves and attending at odd hours,” Sistla said.
For Software Engineer Nick Aspinall, an important and fun part of working remotely is keeping in touch with virtual messaging. One unique perk has been getting to create and customize emojis with team members including a few of himself in “various ridiculous states,” he said.
Connecting with colleagues on themed channels focused on personal and professional interests from coffee to pets “makes it really cool because you can meet people across different teams and still get some of the feeling of rubbing elbows that you get when you’re in the office,” Aspinall said. Participating in these virtual conversations boosts morale while also providing an endless supply of cute animal pics.
Given the multi-faceted nature of our work and the importance of consistent information sharing, having different communication channels and formats to communicate data with varying degrees of complexity is vital. Having information readily accessible, accurate and updated is particularly necessary in a field like cybersecurity.
Senior Software Engineer Mario Lopez finds that the variety of information sources contributes to an easeful remote working experience. For instance, for complex architecture decisions or detailing, Duo’s Wiki is the best source.
Software Engineer Hanna Fernandez has benefited from chat channels dedicated to design and engineering topics to “see what everyone’s up to and what thoughts people have,” she said. Sista pointed out these are great places to ask questions and open up dialogue to solve problems.
Our culture is “video-on,” meaning that it is preferred that during video meetings, as much as possible, attendees have their cameras on. Lopez loves this because “you get a bit of that personal human element.”
“We’re all people behind these screens. You definitely get some of people’s personality through text, but you get it more when you actually see them. It’s infectious when you see someone smiling. You’ve got to smile back,” he shared (while we both smiled).
When Fernandez started at Cisco, she was advised to schedule individual meetings with everyone she would be working with on every team that she joined. That suggestion is one she’s applied even virtually.
“It’s a great strategy because I already know that my team is super talented and very smart, but this way I also get to know them as humans beyond their roles,” Fernandez said. Fernandez also finds it important to check in with co-workers and ask how they’re feeling and how their time off was. “I know a lot of people hate small talk, but it’s not just small talk. I’m genuinely interested in how my co-workers are doing.”
One of Ting’s biggest goals was buying his first house in the countryside outside of London. By working remotely, Ting has flexibility in his location which allowed him to achieve his goal of buying a house and settling down with his partner, while giving their dogs the space they need to be dogs.
When transitioning from fully remote to hybrid, it’s important to recognize that there will be some shifts to get accustomed to. As the structures of remote, distributed and hybrid work evolve, it’s important to stay flexible and notice what’s possible through multiple modalities of team building. Many teams have enjoyed in-person gatherings and connecting through virtual lunches and team games when remote.
Fernandez has had multiple roles with multiple structures at Cisco. As an intern, she was fully in person and shared desk space with other interns who collaborated on full stack engineering. While working in finance IT, Fernandez was hybrid and many of her colleagues were distributed among multiple offices. The pandemic began while she was in a DevOps role, forcing her to maintain boundaries around her work time while working fully remotely. In her current role working on Duo, Fernandez is completely remote but advocates for in-person events if possible, because “humans are social creatures who want to see each other’s faces in real life once in a while.”
For Aspinall, “when we did come back to the office, there was a bit of an adjustment period where you were overstimulated from the office.” He also wanted to ensure team members who were 100% remote were fully included. Now he sees that while half his team is fully remote and the other half is hybrid, “that doesn’t stop anyone from doing anything. All of our meetings feel the same. They’re all seamless.”
If you’re interested in joining our team from wherever you are in the world, check out our open roles.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
In today’s security climate, NetOps and SecOps teams are witnessing increased attack surface area as applications and workloads move far beyond the boundaries of their data center. These applications/workloads move to, and reside in multi-cloud architecture, adding complexity to connectivity, visibility, and control. In the multi-cloud world, the SecOps teams use a distributed security model that is expensive, difficult to deploy, and complex to manage.
Cisco has partnered with Alkira to help secure your multi-cloud environment. Combining Alkira’s simplified cloud connection through their cloud network-as-a-service platform (SaaS-like model) with Cisco’s industry-leading security controls, we can deliver a centralized security model for multi-cloud architecture that is easy to deploy, manage, and increases visibility and control.
Cisco Secure Firewall Threat Defense Virtual provides unmatched security controls such as stateful firewalling, Snort3 IPS, URL filtering, malware defense, application visibility and control, and more. Additionally, with the purchase of Secure Firewall Threat Defense Virtual, you will receive license entitlement to Cisco SecureX, our open XDR and orchestration platform, helping you accelerate threat detection, investigation, and remediation.
Cisco Secure Firewall Management Center (FMC) is required for managing Secure Firewall Threat Defense Virtual, helping administrators enforce consistent access policies, rapidly troubleshoot security events, and view summarized reports across the deployment.
Secure Firewall Threat Defense Virtual is available on Alkira’s service marketplace through Bring-Your-Own-License (BYOL) and Pay-As-You-Go licensing options. Customers can seamlessly deploy and insert Secure Firewall in their Alkira Cloud Exchange Points (CXP).
Benefits of this integrated architecture include:
The Cisco Secure Firewall Threat Defense brings the following capabilities to the environment:
Figure 1 shows a multi-cloud environment inter-connected using Alkira Cloud Exhange Platform (CXP). In the above architecture, Cisco provides seamless insertion of security controls and enables the following use cases for firewall insertion:
Using Alkira’s customer portal, Cisco Secure Firewall Threat Defense Virtual can be easily inserted in the traffic path within minutes. Figure 2 shows how automation & orchestration eliminates additional configuration required in the legacy insertion model.
Cisco Secure Firewall Threat Defense Virtual is managed using Cisco Secure Firewall Management Center (FMC). Customers can use on-premises FMC or build a virtual FMC instance in the cloud. Cisco and Alkira support both models of deployment.
Cisco Secure Firewall Threat Defense Virtual protects the following traffic flows in Alkira CXP:
Alkira and Cisco’s partnership simplifies the deployment of enterprise-grade security in the cloud while enabling multi-cloud visibility and end-to-end threat defense for customers.
Additional Resources:
Cisco Secure Firewall Threat Defense
Cisco Secure Firewall Data Sheet
Cisco Secure Firewall Management Center
Alkira blog on Cisco Secure Firewall Threat Defense
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels