Threat Actors are constantly on the prowl for new vulnerabilities that they can exploit to launch attacks, that affect not only organizations but impact the lives of hundreds of thousands of people across continents. Such attacks typically target enterprises which host mission-critical data, necessary to maintain day-to-day operations. Encrypting this data and rendering it useless ensures that organizations have an adequate incentive to pay ransom in the cryptocurrency demanded by the hackers for its release.
For example, the ongoing WannaCry ransomware attack impacted computer systems all over the world, that included health care providers causing widespread havoc, slowing down patient processing and care. A detailed analysis of WannaCry is provided by Talos (Cisco’s security research group).
Ransomware attacks have been around for a while and are well studied but recently, attacks against Internet of things (IoT) devices like smart watches, home appliances, CCTV cameras, cars and more, all susceptible to exploitable connectivity, have started to proliferate. These devices are vulnerable because they are manufactured without security in mind! Most have been shipped with hard-coded default credentials for login/telnet/ssh access making them inherently unsecure, hard to patch and ripe for exploitation.
For example, the Mirai botnet attack on Dyn used over 600,000 IoT devices and took down the network of major companies. KrebsOnSecurity lists a set of devices that were targeted by Mirai. As it stands today, attackers are using IoT devices found in home networks as botnet infrastructure but the lack of stability and predictability of these devices and the networks they are in pose serious challenges to a successful outcome for attackers. Threat actors are therefore actively trying to infect IoT devices in enterprise networks in addition to home networks posing serious problems for security practitioners in enterprise businesses.
The deployment of IoT devices, virulent threats like WannaCry, and the ever-evolving threat landscape pose a significant challenge to enterprise network security. Security providers constantly analyze, publish and update indicators of compromise (IOCs) for emerging threats, making it tough for enterprise security groups to not only keep track and ingest threat intelligence from the many diverse and ever growing sources but also keep the myriad of security devices deployed in their network up to date with the ingested security intelligence.
Another challenge faced by security practitioners is keeping up with the large volume of events detected by security devices and correlating across multiple independent events to quickly identify an attack in progress and the prioritization of the detected incidents so that they can be quickly acted upon.
At the upcoming Cisco Live USA 2017 conference, please stop by my session where we will showcase Cisco Threat Intelligence Director (TID), an exciting new upcoming feature on Cisco’s Firepower Management Center (FMC) product offering that automates the operationalization of threat intelligence. TID has the ability to consume STIX over TAXII, simple blacklist intelligence and allows uploads/downloads of STIX and simple blacklist intelligence. All the imported intelligence is automatically operationalized and distributed to Cisco’s Next Generation Firewall (NGFW) product allowing the customer to configure defensive actions. A detection of the ingested intelligence on the network automatically generates incidents in real time that can be analyzed by customers. TID also has a rich set of APIs which can be leveraged to automate ingestion of intelligence, its management and the retrieval of incidents using 3rd party applications.
Hello, I'm new to Cisco Technology, I'd like to know how to get income call number.The requirement is get incoming call and save the external number in a Database. I'm trying with AXL, with ECC but i can't find how. Appreciate your hel...
Is it possible within the a CCX script to get the details around the holiday. For example I would like to reference the name that is entered when configuring the calendar in the CCX admin GUI from within the script to play specific audio prompts.
Hi all, I'm trying to do more with the vManage REST API and have found a lot of great information on GET calls but not much information on POST. I am trying to work with a call that uses the POST method in order to retrieve a CSV, but I have no...
I'm learning Python and in the very first stages so please be patient with me. I'm trying to write a script to ping devices from a CSV. Specifically, the CSV is an export from Cisco ISE. We audit our TACACS devices ever so often because ...