Cisco says system admins need to be more proactive to cyberhacks
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
January 21, 2015
Cisco's latest annual security report reveals a mix of the usual elements and emerging trends these days-- people are still naive, there's too much unpatched software out there, and there are new internet security threat types emerging almost everyday as attackers respond to current security patches.
The Cisco report notes that attackers are learning to thread more carefully. For example, rather than get caught quickly by spam filters and the like, attackers are using what's referred to as “snowshoe” attacks-- recruiting large numbers of compromised hosts that send only low volumes of spam on a per-host basis.
In addition to our coverage of the study, Vulture South spoke to Cisco Security's general manager Anthony Stitt about the report, and asked him what findings he thought were most relevant.
Stitt highlighted a “discrepancy between the level of comfort between system admins about their level of protection,” he said.
IT managers and sys admins are prone to overconfidence, Stitt explained, which suggests there's a big information gap between management and the admins themselves.
“There's a real opportunity for them to be more transparent about their operational security”, he said.
Vulture South wonders if this couldn't be considered an “insurmountable opportunity”. In any case, it was worth asking Stitt how various personnel could tell management “we're less secure than you think we are” without getting fired.
“As you would appreciate, we would like to approach the market saying you're never 100 percent secure,” he answered.
“Security is about appropriate-- what's the level of risk, and what's happening in the threat environment, etc. “That's a detailed and nuanced conversation,” he said, emphasising the need “to talk about security in business terms”.
“For its part, Cisco is trying to foster that discussion, working on the visibility component with what we have and what we sell. We've also been championing the idea of security as a “before, during and after” activity: scope, containment and remediation after attacks”, he added.
“System admins could also have that conversation with management-- 'we're getting compromised, but here are the steps we're taking to deal with issues in a matter of hours rather than in days, weeks or months.' “What we've learned from high-profile attacks is that attackers have been in an environment for a long time. I think organizations need to talk about that, acknowledge it internally, and approach it as a before-during-after activity.
He added: “We need these tools, this funding, these headcounts, because we want to take 12 hours, not 24 or 48, because that's the window our business can work with.”
In some environments, browser patching seems almost intractable, Stitt said. Around 64 percent of browsing activity observed by Cisco came from patched browsers. If the browser happened to be Chrome.
At the other end of the scale, however, only 10 percent of browsing on Internet Explorer came from patched browsers.
“So in 90 percent of all transactions, there would be some level of insecurity”, he said.
While we're thinking about patches-- Heartbleed is still out there, Stitt said, with “something like 56 percent of SSL instances that we saw hadn't been patched, 56 percent of OpenSSL versions are over 4 1/2 years old, and that's unacceptable”.
In a lot of cases, he said, the “guilty parties” are abandoned Websites that their owners have forgotten and never get patched.
As evidence of the zombie site, Stitt said, “You only have to look at how exploiters using botnets on old, forgotten, unpatched WordPress sites”.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!