CA: Cisco Attack Shows Need For Identity-Centric Security
Sep18

CA: Cisco Attack Shows Need For Identity-Centric Security

This week’s news of a major attack against networking’s premier vendor illustrates the critical importance of controlling user access appropriately, and reinforces CA Technologies’ recent acquisition of Xceedium. At least that’s the story according to Mordecai (Mo) Rosen, CA Technologies VP, Product Management and Strategy for Privileged Access Management, who joined the company a month ago when the Xceedium deal closed. This all started on Tuesday when network security vendor FireEye announced it had discovered at least 14 Cisco router implants spread across four countries|: Ukraine, Philippines, Mexico and India. Called SYNful Knock, it is ‘a stealthy modification of the router’s firmware image that can be used to maintain persistence within a victim’s network. It is customizable and modular in nature and thus can be updated once implanted.’ “If you own (seize control of) the router, you own the data of all the companies and government organizations that sit behind that router,” FireEye Chief Executive Dave DeWalt told Reuters of his company’s discovery. “This is the ultimate spying tool, the ultimate corporate espionage tool, the ultimate cybercrime tool.” The attacks have hit multiple industries and government agencies, he said. Cisco acknowledged the news the same day, saying it had recently alerted customers ‘around the evolution of attacks against Cisco IOS Software platforms.’ Cisco worked with Mandiant/FireEye and ‘confirmed that the attack did not leverage any product vulnerabilities and that it was shown to require valid administrative credentials or physical access to the victim’s device’, blogged Omar Santos, Incident Manager, Cisco Product Security Incident Response Team (PSIRT) Security Research and Operations. On Wednesday Cisco released a security advisory about multiple vulnerabilities in Cisco Prime Collaboration Assurance. It has released software updates that address these vulnerabilities, but noted that workarounds that mitigate these vulnerabilities are not available. This attack reinforces CA’s identity-centric approach to breach prevention and detection, said Rosen. “The Cisco SYNful breach is a very common pattern familiar to all of us.” The breach is the norm, not the exception, and the linchpin was privileged account management, he said. Rosen referred to the FireEye report that found breaches can go undetected for years. “The average gestation period from breach to discovery, was 9 months.” He used the military term adopted by infosec, killchain, to describe the three-step process in cyber attacks: obtain access; elevate privilege; and wreak havoc. The industry’s traditional perimeter approach is largely to blame, he added. “A tech refresh has to happen in security.” For most of the last 30 years, it’s been a case of building a perimeter and then letting everybody in. “Identity management… has to become an enormous priority”. Protecting against attacks on...

Read More

Enterprise[s]… Establishing a “Cybersecurity Cavalry”

Based upon numerous discussions I’ve had with CISOs, the cybersecurity cavalry [highly-skilled and well-armed troops that establish security outposts to encounter adversaries out on the frontier] isn’t a passing fad but rather a major organizational shift that is gaining momentum. Indeed, large organizations are rapidly adding headcount and increasing budgets for this group. I’ve also seen financial services, defense contractors, and retail organizations giving CISOs the cybersecurity equivalent of eminent domain, allowing them to commandeer IT segments, sound alarm bells, and establish active network policy enforcement actions to improve threat response, even if these actions may temporarily disrupt business operations. This type of authority was unheard of in the past. To read the complete article, CLICK HERE Share this:TweetMoreEmailPrintShare on...

Read More

Palo Alto Endpoint Security Announcement: A Proof…

Did you see the Palo Alto Networks announcement yesterday? If not, here’s my synopsis. PAN introduced a new endpoint security technology named “Traps” that is the ultimate result of the company’s acquisition of Cyvera this past March. In simple terms, Traps provides three core security functions: To read the complete article, CLICK HERE Share this:TweetMoreEmailPrintShare on...

Read More

Cisco, FireEye Announcements: A Microcosm of the …

The Cisco and FireEye announcements are a microcosm of what’s happening in cybersecurity. Large organizations are abandoning individual point tools in favor of integrated cybersecurity technology architectures – exactly why Cisco bought Sourcefire and is now bringing the best of both companies together. Aside from technology alone, CISOs also need to supplement internal infosec resources with the right skills. FireEye is now addressing this. These trends are not a secret – other vendors including HP, IBM, RSA, and Symantec have their own plans for integrated security technology architecture and managed/professional services. This may be the market direction but it’s important to note that the move toward integrated security architecture and managed services represents a major cybersecurity transition for enterprise organizations. Vendors who can guide customers through this evolution with the right project plans, reference architectures, and industry-specific implementation guidelines will put themselves in the best position. To read the complete article, CLICK HERE Share this:TweetMoreEmailPrintShare on...

Read More

…Security Professionals Speak Out on SDN Use Cases…

At this week’s VMworld shin dig in San Francisco, many networking and security vendors will crow about software-defined security and software use cases for SDN. Some of this rhetoric will be nothing more than industry hype while other banter may prove to be extremely useful in the near future. Yes, there are many interesting ways that SDN could work to enhance network security. That said, which SDN/network security use cases are really compelling and which could be considered second-tier? ESG research asked this specific question to security professionals working at enterprise organizations (i.e., more than 1,000 employees) as part of a recent ESG research report, Network Security Trends in the Era of Cloud and Mobile Computing. Here are the top 5 SDN use cases for network security: To read the complete article, CLICK HERE Share this:TweetMoreEmailPrintShare on...

Read More