Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cisco Security. Show all posts

Cisco: Leadership Awareness Fuels the Booming Identity Market


The latest research conducted by Cisco Investments with venture capital firms reveals that most CISOs believe complexity in tools, number of solutions and technical glossaries are among the many barriers to zero trust. 

It has been observed that around 85% of the IT decision-makers are now setting identity and access management investments as their main priority, rather than any other security solution. This is stated in the CISO Survival Guide published by Cisco Investments, the startup division of Cisco, along with the venture capital firms Forgepoint Capital, NightDragon, and Team8.

Interviews with Cisco customers, chief information security officers, innovators, startup founders, and other experts led to the creation of the 'guide', which examined the cybersecurity market in relation to identity management, data protection, software supply chain integrity, and cloud migration.

From 30,000 feet up: More interoperability, less friction, and data that is genuinely relevant and understandable for decision-makers, according to interviewees, are the most essential requirements.

The main spending priorities of the report were fairly evenly distributed, with user and device identity, cloud identity, governance, and remote access receiving the most mentions from CISOs. 

Cloud security turned out to be the primary concern, with a focus on the newly emerging field of managing cloud infrastructure entitlements.

Demands of CISOs: Ease of Use, Holistic Platforms, CIEMs

The three main areas of identity access management, clouds, and data that CISOs believe are most concerning are:

  • The fragmented world of security silos is because of the lack of unified platforms for IAMs, identity governance and administration, and privileged access control. 
  • Enterprise clients are embracing cloud service providers' offerings for managing cloud infrastructure entitlements.
  • The CISOs were against the use of acronyms since they were bothered by the overuse of acronyms like CIEM.

Moreover, the authors of the Cisco Investment Study note that “This trend imposes cycles for CISOs to vet and unpack these purportedly new categories, only for them to discover they are a rehash of existing solutions.”

Top Motivators Will Look for Management Solutions 

Apparently, some top motivators cited by CISCOs will be investing in identity management solutions for the management of user access privileges, identity compliance, and the swift expansion of companies' threat surfaces.

Here, we are mentioning some of the changes that the IT decision-makers look forward to in the next-generation identity platforms: 

  • Ease of integration (21% of those polled). 
  • Platform-based solution, versus single-point or endpoint offerings (15%). • Ratings from independent analysts (15%). 
  • Price (11%). 
  • Market adoption (11%). 
  • Simplicity of deployment and operations (10%). 
  • Ability to deploy at scale quickly (9%). 
  • Ability to add features easily (8%).     

50% of KEV Catalog Were Big Corporations

According to Grey Noise, almost 50% of the upgrades to the KEV catalog in 2022 were due to actively exploited vulnerabilities in Microsoft, Adobe, Cisco, and Apple products. The KEV catalog's earlier vulnerabilities from before 2022 made up 77% of the updates. 

In the initial year of the catalog's existence, CISA identified over 850 vulnerabilities, excluding   300 vulnerabilities reported in November and December 2021. As per CSW's Decoding of the CISA KEV study, "the fact they are a part of CISA KEV is rather significant as it suggests that many businesses are still using these outdated systems and therefore are ideal targets for attackers."

Based on a study by a team from Cyber Security Works, a handful of the vulnerabilities in the KEV catalog come from devices that have already reached End-of-Life (EOL) and End-of-Service-Life (EOSL). Despite the fact that Windows Server 2008 and Windows 7 are EOSL products, the KEV catalog identifies 127 Server 2008 vulnerabilities and 117 Windows 7 vulnerabilities.

The catalog has evolved into the official source for information on vulnerabilities by attackers, even though it was initially designed for vital infrastructure and public service firms. It is crucial since, by 2022, the National Vulnerability Database assigned Common Vulnerabilities and Exposures (CVE) identifiers to over 12,000 vulnerabilities.  Corporate teams can establish customized priority lists using the catalog's curated list of CVEs that are currently being attacked. 

In reality, CSW discovered there was a slight delay between the time a CVE Numbering Authority (CNA) like Mozilla or MITRE issued a CVE to a flaw and the time the vulnerability was posted to the NVD. For instance, the BitPaymer ransomware took advantage of a vulnerability in Apple WebKitGTK (CVE-2019-8720), which Red Hat assigned a CVE for in October 2019 but was added to the KEV catalog in March. As of the beginning of November, it has not been included in the NVD.  

According to CSW, 22% of the vulnerabilities in the catalog are privileging execution issues while 36% of the vulnerabilities are remote code execution problems. Whenever a vulnerability is actively being exploited, has a CVE assigned to it, and is supported by clear mitigation instructions, does CISA update the KEV catalog. 


Snort Vulnerability Leads Various Cisco Products Exposed to Vulnerabilities

 


Earlier this week, the company told its customers that several Cisco products have been exposed to DoS (Denial of Service) attacks due to Snort detection engine vulnerability. Known as CVE-2021-1285, the flaw is rated high severity, and hackers can exploit it. The attacker must be on the layer 2 domain similar to the victim, as to compel a device to fall to a DoS attack via sending it specifically made Ethernet frames. As per Cisco, the flaw exists in the Ethernet Frame Decoder part of the Snort. 

The vulnerability affects all variants of the famous intrusion detection and intrusion prevention system (IDS/IPS) made before 2.9.17, which has a bug patch. According to Security Week, "Snort is an open-source tool developed by Cisco that provides real-time traffic analysis and packet logging capabilities. It has been downloaded millions of times and it has more than 600,000 registered users, with Cisco claiming that it’s the most widely deployed IPS in the world. The alpha version of Snort 3 was announced in December 2014 and now it has finally become generally available."

Catalyst Edge software and platform, 1000v series Cloud Services Router products, and Integrated Service Router (ISR) are said to be affected by the CVE-2021-1285. But they'll be affected only if they are using a version of Cisco UTD Snort IPS engine software that is vulnerable for IOS XE or Cisco UTD Engine for IOS XE SD-WAN, and if these are configured to pass through the Ethernet frames to Snort. According to Cisco, the flaw is linked to FTD (Firepower Threat Defense) issue that was patched in October last year. 

The vulnerabilities were found during solving a support case, however, no evidence has been found to point that these vulnerabilities were exploited in any attacks. Besides this, on Wednesday Cisco issued an advisory on few other vulnerabilities, of medium severe ratings. "These impact Webex, SD-WAN, ASR, Network Services Orchestrator, IP phones, and Email Security Appliance products, and they can lead to information disclosure, path traversal, authorization bypass, DoS attacks, privilege escalation, and SQL injection," says SecurityWeek.

Cyber Security Solutions for Enterprises Launched by Bharti Airtel


Bharti Airtel Ltd recently dispatched a 'suite of cybersecurity solutions' for large, medium and small businesses as they move on to digital and cloud platforms, expanding the need to protect information from online attacks.

Airtel Secure, the suite, will have a security intelligence centre, a best in class infrastructure with admittance to cutting edge innovation and artificial intelligence tools. 

The telco has put about ₹100 crore in Airtel security intelligence centre situated in the National Capital region (NCR), the chief executive Gopal Vittal said in a press conference.

“… Cybersecurity is a critical requirement. Airtel Secure has been built to serve this need. It combines Airtel’s robust network security with cutting-edge solutions delivered through global partnerships to deliver end-to-end managed security services," he added further. 

The telco has also collaborated with global firms Cisco, Radware, VMWare, and Forcepoint who will together give digital protection solutions under the product, Airtel Secure. 

Cisco's solutions will be accessible for enterprises just as governments.

The solutions under Airtel Secure have been 'beta tested' by 20 huge organizations who are now utilizing the security intelligence centre, Vittal stated, including later that the telco will soon begin building them for medium and small businesses with low spending plans.

“Smaller businesses may not have the budgets that larger companies do, so we are engineering a product portfolio that can be bundled for our smaller enterprises to protect their information as well," Vittal said. 

However, he included later that the whole portfolio of the security intelligence centre, in any case, can't be accessed by those with lower spending plans, yet they will hold of the essentials, like a 'secure internet, data and remote access'.

Cisco Vulnerable Again; May Lead To Arbitrary Code Execution!


Earlier this year Cisco was in the headlines for the Zero-day vulnerabilities that were discovered in several of its devices including IP Phones, routers, cameras and switches.

The vulnerabilities that were quite exploitable were found in the Cisco Discovery Protocol (CDP), which is a layer 2 network protocol so that any discrepancies of the devices could be tracked.

Now again, Cisco has been found to be more unreliable than ever. Only this time the researchers learnt about numerous severe security vulnerabilities.

These susceptibilities could let the attackers or hackers execute “arbitrary commands” with the supposed “consent” of the user. Per sources, the affected Cisco parts this time happen to be the software, namely the Cisco UCS Manager Software, Cisco NX-OS Software and Cisco FXOS Software.

Reports reveal that the vulnerability in the Cisco FXOS and NX-OS Software admits unauthorized “adjacent” attackers into the system and lets them execute arbitrary code in order to achieve the “DoS”. (Denial of Service)

The vulnerabilities in Cisco FXOS and UCS Manager Software lets unauthenticated “local attackers” to execute arbitrary commands on the victim’s devices.

The reason for this vulnerability rises from the absence of “input validation”. The misuse of this makes it way easy for attackers to execute the arbitrary code making use of the user’s authority (which they don’t even know about) who’s logged in, per sources.

The other vulnerabilities in the Cisco FXOS and UCS Software include allowing unauthenticated local attackers to execute arbitrary commands.

A hacker could also try to send specially structures “arguments” to certain commands. This exploit if successful could grant admittance to the hacker to not only enter but also execute arbitrary commands.

All the exploitable loopholes of the Cisco software are really dangerous and critical in all the possible terms. Cisco has been in the limelight for more times than that could be overlooked. It is up to the users now to be well stacked with respect to security mechanisms.

However, understanding the seriousness of the vulnerabilities in the software, Cisco has indeed released various security updates that work for all the vulnerable software, in its Software Security Advisory.

The users are advised to get on top of the updates as soon as possible.