Cisco Systems has added its voice to the increasing calls for the infosec industry to work more closely to give CISOs the tools to fight cyber threats.
The company made the call Tuesday as it released its 2015 Midyear Security Report, which says vendors have to collaborate on offering integrated threat defence architectures that provide visibility, control, intelligence, and context across many solutions.
“Organizations no longer want to accept that compromise is inevitable,” John N. Stewart, Cisco’s chief security and trust officer says in the report. “They are looking to the security industry to provide them with products that are reliable and resilient, and capable of deflecting even the most sophisticated threats.”
“The industry is making strides to share information more proactively and in appropriate ways, especially through alliances,” the report says. “But real-time, automated exchange of threat information is required to spur necessary innovation in security defense and to achieve systemic response across the stack of deployed security. The faster the industry can distribute knowledge and intelligence throughout the network in a cohesive and acceptable way, the less likely adversaries will enjoy continued success and anonymity.”
There are a myriad of associations, committees, task forces in the U.S. alone — where much of the IT security industry is headquartered — where vendors talk, as well as standards bodies like the IEEE. Some have created valuable work, like open standards for data sharing such as TAXII and STIX. Yet co-operation among these competitors can be tentative.
There are for example at least three for vendors: the Cyber Threat Alliance, (Fortinet, Intel, Palo Alto Networks, Symantec are founders), and the Cyber Security Alliance (which also counts Symantec as a member, as well as Cisco, Microsoft, IBM, Hewlett-Packard and FireEye), and the Cloud Security Alliance (for cloud providers, which includes IBM, Microsoft, EMC, Cisco, Fortinet, HP and many others).
As for what’s happened so far this year, the report says the first six months proved to be a period “of unprecedented speed in the innovation, resiliency, and evasiveness of cyberattacks. Adversaries are intent on overcoming all barriers to their success. As fast as the security industry can develop technologies to block and detect threats, miscreants pivot or change their tactics altogether.”
Among the trends spotted so far:
- The Angler exploit kit is called “one of the most sophisticated and widely used” tools because of its innovative use of Flash, Java, Internet Explorer, and Silverlight vulnerabilities. It also excels at attempting to evade detection by employing domain shadowing, as one of its techniques, accounting for the lion’s share of domain shadowing activity.
- Flash is Back – Exploits of Adobe Flash vulnerabilities, which are integrated into Angler and Nuclear exploit kits, are on the rise. This is due to lack of automated patching, as well as consumers who fail to update immediately.
- In the first half of 2015, there was a 66 per cent increase in the number of Adobe Flash Player vulnerabilities reported by the Common Vulnerabilities and Exposure (CVE) system compared to all of 2014. At this rate, Flash is on pace to set an all-time record for the number of CVEs reported in 2015.
- In the first half of 2015, there was a 66 per cent increase in the number of Adobe Flash Player vulnerabilities reported by the Common Vulnerabilities and Exposure (CVE) system compared to all of 2014. At this rate, Flash is on pace to set an all-time record for the number of CVEs reported in 2015.
- The Evolution of Ransomware – Ransomware remains highly lucrative for hackers as they continue to release new variants. Ransomware operations have matured to the point that they are completely automated and carried out through the dark web. To conceal payment transactions from law enforcement, ransoms are paid in cryptocurrencies, such as bitcoin.
- Dridex: Campaigns on the Fly – The creators of these quickly mutating campaigns have a sophisticated understanding of evading security measures. As part of their evasion tactics, attackers rapidly change the emails’ content, user agents, attachments, or referrers and launch new campaigns, forcing traditional antivirus systems to detect them anew.