Cisco calls for real-time information sharing within the security sector

Cisco Systems has added its voice to the increasing calls for the infosec industry to work more closely to give CISOs the tools to fight cyber threats.

The company made the call Tuesday as it released its 2015 Midyear Security Report, which says vendors have to collaborate on offering integrated threat defence architectures that provide visibility, control, intelligence, and context across many solutions.

“Organizations no longer want to accept that compromise is inevitable,” John N. Stewart, Cisco’s chief security and trust officer says in the report. “They are looking to the security industry to provide them with products that are reliable and resilient, and capable of deflecting even the most sophisticated threats.”

“The industry is making strides to share information more proactively and in appropriate ways, especially through alliances,” the report says. “But real-time, automated exchange of threat information is required to spur necessary innovation in security defense and to achieve systemic response across the stack of deployed security. The faster the industry can distribute knowledge and intelligence throughout the network in a cohesive and acceptable way, the less likely adversaries will enjoy continued success and anonymity.”

There are a myriad of associations, committees, task forces in the U.S. alone — where much of the IT security industry is headquartered — where vendors talk, as well as standards bodies like the IEEE. Some have created valuable work, like open standards for data sharing such as TAXII and STIX. Yet co-operation among these competitors can be tentative.

There are for example at least three for vendors: the Cyber Threat Alliance, (Fortinet, Intel, Palo Alto Networks, Symantec are founders), and the Cyber Security Alliance (which also counts Symantec as a member, as well as Cisco, Microsoft, IBM, Hewlett-Packard and FireEye), and the Cloud Security Alliance (for cloud providers, which includes IBM, Microsoft, EMC, Cisco, Fortinet, HP and many others).

As for what’s happened so far this year, the report says the first six months proved to be a period “of unprecedented speed in the innovation, resiliency, and evasiveness of cyberattacks. Adversaries are intent on overcoming all barriers to their success. As fast as the security industry can develop technologies to block and detect threats, miscreants pivot or change their tactics altogether.”

Among the trends spotted so far:

  • The Angler exploit kit is called “one of the most sophisticated and widely used” tools because of its innovative use of Flash, Java, Internet Explorer, and Silverlight vulnerabilities. It also excels at attempting to evade detection by employing domain shadowing, as one of its techniques, accounting for the lion’s share of domain shadowing activity.
  • Flash is Back – Exploits of Adobe Flash vulnerabilities, which are integrated into Angler and Nuclear exploit kits, are on the rise. This is due to lack of automated patching, as well as consumers who fail to update immediately.
    • In the first half of 2015, there was a 66 per cent increase in the number of Adobe Flash Player vulnerabilities reported by the Common Vulnerabilities and Exposure (CVE) system compared to all of 2014. At this rate, Flash is on pace to set an all-time record for the number of CVEs reported in 2015.
  • The Evolution of Ransomware – Ransomware remains highly lucrative for hackers as they continue to release new variants. Ransomware operations have matured to the point that they are completely automated and carried out through the dark web. To conceal payment transactions from law enforcement, ransoms are paid in cryptocurrencies, such as bitcoin.
  • Dridex: Campaigns on the Fly – The creators of these quickly mutating campaigns have a sophisticated understanding of evading security measures. As part of their evasion tactics, attackers rapidly change the emails’ content, user agents, attachments, or referrers and launch new campaigns, forcing traditional antivirus systems to detect them anew.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now