From encrypted traffic analytics to Talos detecting malware in CCleaner, Cisco made huge strides in keeping companies and individuals secure.December 18, 2017
Time and again, companies say one of their most important priorities centers around secure networks. With so many reports of malware and ransomware attacks, it's easy to see why.
Cisco has continued to invest and innovate in the security space. A signature security feature made the June launch of The Network Intuitive stand out in a unique way. A team of Cisco security experts found a way to detect potential threats in encrypted traffic, without having to decrypt it. Called Encrypted Traffic Analytics (ETA), the team put this machine learning based technology into the new Catalyst 9000 switches and Cisco 400 Series Integrated Services Routers. This software is the most advanced way of investigating anomalies across billions of devices and data.
As Cisco CEO Chuck Robbins explained to CNBC's David Farber, "We're ushering in a new era of networking, that's powered by intent, informed by context and over time continues to adapt and learn."
Cisco Talos, the company's security threat intelligence group, uncovers malware in CCleaner software
Cisco doesn't just rely on the intent based network to detect potential cyberattacks. The Talos team spends its time analyzing existing and emerging threats and offers solutions to protect against attacks and malware. The detection of malware in the CCleaner software back in September is a perfect example of how the Talos team used their security expertise to help millions of people.
CCleaner is a security software distributed by Avast that cleans unwanted files, including temporary internet files where malicious programs tend to live. The Talos group discovered that hackers hijacked the software and loaded it with a backdoor, invisible to the company's security checks. As a result, the Cisco Talos team revealed evidence that the hackers targeted at least 18 tech firms, and infiltrated computers at about half of those companies. "We know this was being used as a dragnet to target these [companies] worldwide...to get footholds in companies that have valuable things to steal, including Cisco unfortunately," Talos research manager Craig Williams told Wired magazine.
Midyear Cybersecurity Report
Cisco's 2017 midyear cybersecurity report alluded to the great lengths hackers will go to wreak havoc on people and businesses. In a blog post about 2017 midyear cybersecurity report, David Ulevitch, Cisco's Vice President for Security Business Group, said the report "exposed that bad actors are adding new and sophisticated spins to their exploits." The attackers are going one step further though, and are working to attack and destroy. The report even coined a new phrase for this, calling it destruction of service.
Cisco's median time to detection, which is the window of time between a compromise and the detection of a threat, has plummeted, from 39 hours in 2015, to as low as 3.5 hours in the last half of 2017.While this sounds ominous, there is encouraging news. Cisco's median time to detection, which is the window of time between a compromise and the detection of a threat, has plummeted, from 39 hours in 2015, to as low as 3.5 hours in the last half of 2017. Faster time to detection is critical to constrain attackers' operational space and minimize damage from intrusions.
Cisco has taken a bold approach to security. This has proven to be far more effective than battling cyber attacks at different points in a network with a slew of various technologies that can't communicate with each other. Using threat intelligence as a backbone, Cisco's products work together across multiple platforms by talking to each other. This adds up to real savings for businesses. A 2016 Forrester Total Economic Impact Study found that customers got a 38% return on their investment when they used Cisco's integrated security architecture compared to using a wide variety of security vendors. Customers also reduced their security software license fees by 25% and a 20% drop in security hardware costs.