Threat Actors are constantly on the prowl for new vulnerabilities that they can exploit to launch attacks, that affect not only organizations but impact the lives of hundreds of thousands of people across continents. Such attacks typically target enterprises which host mission-critical data, necessary to maintain day-to-day operations. Encrypting this data and rendering it useless ensures that organizations have an adequate incentive to pay ransom in the cryptocurrency demanded by the hackers for its release. For example, the ongoing WannaCry ransomware attack impacted computer systems all over the world, that included health care providers causing widespread havoc, slowing down patient processing and care. A detailed analysis of WannaCry is provided by Talos (Cisco’s security research group). Ransomware attacks have been around for a while and are well studied but recently, attacks against Internet of things (IoT) devices like smart watches, home appliances, CCTV cameras, cars and more, all susceptible to exploitable connectivity, have started to proliferate. These devices are vulnerable because they are manufactured without security in mind! Most have been shipped with hard-coded default credentials for login/telnet/ssh access making them inherently unsecure , hard to patch and ripe for exploitation. For example, the Mirai botnet attack on Dyn used over 600,000 IoT devices and took down the network of major companies. KrebsOnSecurity lists a set of devices that were targeted by Mirai. As it stands today, attackers are using IoT devices found in home networks as botnet infrastructure but the lack of stability and predictability of these devices and the networks they are in pose serious challenges to a successful outcome for attackers. Threat actors are therefore actively trying to infect IoT devices in enterprise networks in addition to home networks posing serious problems for security practitioners in enterprise businesses. The deployment of IoT devices, virulent threats like WannaCry, and the ever-evolving threat landscape pose a significant challenge to enterprise network security. Security providers constantly analyze, publish and update indicators of compromise (IOCs) for emerging threats, making it tough for enterprise security groups to not only keep track and ingest threat intelligence from the many diverse and ever growing sources but also keep the myriad of security devices deployed in their network up to date with the ingested security intelligence. Another challenge faced by security practitioners is keeping up with the large volume of events detected by security devices and correlating across multiple independent events to quickly identify an attack in progress and the prioritization of the detected incidents so that they can be quickly acted upon. At the upcoming Cisco Live USA 2017 conference, please stop by my session where we will showcase Cisco Threat Intelligence Director (TID), an exciting new upcoming feature on Cisco’s Firepower Management Center (FMC) product offering that automates the operationalization of threat intelligence. TID has the ability to consume STIX over TAXII , simple blacklist intelligence and allows uploads/downloads of STIX and simple blacklist intelligence. All the imported intelligence is automatically operationalized and distributed to Cisco’s Next Generation Firewall (NGFW) product allowing the customer to configure defensive actions. A detection of the ingested intelligence on the network automatically generates incidents in real time that can be analyzed by customers. TID also has a rich set of APIs which can be leveraged to automate ingestion of intelligence, its management and the retrieval of incidents using 3rd party applications. Course Session ID: DEVNET-1774 Speaker: Pramod Chandrashekar , Sr. Manager, Engineering , Cisco Blog post by Pramod Chandrashekar and Yatish Joshi, Cisco See you in Las Vegas! We have limited edition Snortinator Stickers!!!
... View more
For those of you who do not know what a Firepower Management Center (FMC) is? The Firepower Management Center (FMC) helps manage and monitor Cisco Next Generation Firewalls, also known as Firepower Threat Defense (FTD) systems, and legacy Firepower Devices. FMCs are your administrative nerve center for managing critical Cisco network security solutions. They provide complete and unified management of firewalls, application control, intrusion prevention, URL filtering, and advanced malware protection. FMCs allow you to easily go from managing a firewall to controlling applications to investigating and remediating malware outbreaks. Before the FMC’s 6.1 release, the management console could only be accessed via a web-based GUI. In version 6.1, we have released the first set of REST APIs to access some of the most desired features of FMC. The features we expose via REST APIs are already supported on the FMC via its web GUI. So, if the features are already available in the GUI, why are we providing these REST APIs? This is just another way of doing the same thing. What do APIs get us? Well, first, the REST API allows other Cisco products to integrate with the FMC to provide an enhanced solution. Second, if you have existing applications, REST APIs provide an easy way to integrate the FMC with those applications. Finally, if you have certain workflows for your specific use cases that you currently perform using the UI, REST APIs let you automate those workflows. REST APIs transform the FMC into a security development platform enabling our customers, partners or other developers to create innovative applications based on FMC functionality, which we might not have even imagined. Come join us at Cisco Live Berlin 2017 to see the power and potential of the REST API at two workshop sessions Firepower Management Center REST APIs (please register here) Wednesday, Feb 22, 9:00 a.m Krishan Veer ( firstname.lastname@example.org ) Firepower management APIs provide an industry standard programmable management interface (using RESTful API and JSON) to facilitate setup, configuration, and policy management of Firepower devices. FMC REST APIs enable multiple use cases for customers and partners, including automation, migration, and compliance workflows. Network Threat Defense for the developers (please register here) Wednesday, Feb 22 , 2017 3:00 p.m Pramod Chandrashekar ( email@example.com ) The latest Cisco Next Generation Firewall offering brings a number of new and exciting threat detection and prevention technologies to the security professional's toolbox. We will explore configuration of threat centric rules and analysis of security events using APIs. Please note: Firepower management center REST APIs is a prerequisite for this session.
... View more