Title | Cisco Security Intelligence Operations Explained Network World |
---|---|
Author | Lil MungPi |
Course | Experience |
Institution | University of Northern Iowa |
Pages | 5 |
File Size | 581.1 KB |
File Type | |
Total Downloads | 26 |
Total Views | 162 |
Download Cisco Security Intelligence Operations Explained Network World PDF
UNITED STATES
About
CISCO SECURITY EXPERT By Jamey Heary, Distinguished Systems Engineer, Network World DEC 31, 2010 5:38 PM PST
Jamey Heary, CCIE #7680, is a Distinguished Systems Engineer at Cisco Systems and has authored several security books.
Cisco Security Intelligence Operations Explained Cisco SIO provides IP reputation to Cisco security products
This post is a followup post from my colleague Garett Redelings, Enjoy! --- Last month I had written about Cisco's IronPort Application Visibility Controls. The information here on the Cisco SIO is a follow up based on readers comments to the previous article. You can read that article by clicking here. What is the Cisco Security Intelligence Operations? The Cisco Security Intelligence Operations or SIO operates as the telemetry hub for Cisco's email, web, and IPS services. These systems participate in a network of data analysis and that calculates threat risk ratings and reputation scores. What sets the Cisco's SIO apart from other solutions is their unique ability to leverage a well established footprint of security solutions to provide the widest range of sampling data. Cisco then uses this telemetry data to increase blocking accuracy and capture rate as well as fine-tune its signature-based systems; such as the IronPort Email Security Appliance, the IronPort Web Security Appliance, and the Cisco IPS.
MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords
Why the data matters
One of the key concepts of the Cisco SIO is that the data incorporates multiple sources. This telemetry of data drives features like Reputation Services beyond a typical signature based approach that oen fail to identify a wider range of malicious traic based on the same treat source. Multiple data feeds also support a system of crosschecking and correlation that increases accuracy as well as provide a wider spectrum of protection against malicious traic sources. Web Reputation
The concept behind Cisco's Web Reputation technology involves tracking an IP address's behavior in eort to make filtering decisions based on threat risk. Many conventional URL filtering solutions have categories for Malware or Threat URLs but there are fundamental dierences between categorizing a website as a threat V.S. tracking a
$12 for 12 weeks of Insider Pro
website's behavior dynamically and over time. For example, a typical URL filtering system will need to have seen START YOUR TRIAL
web traic from a specific source at some point in time in order to analyze and then categorize that site as being malicious. This approach works for identifying known malicious websites but will provide little to no protection from new web server IP address, uncategorized URLs, web outbreaks, and zero-day attacks.
[ Prepare to become a Certified Information Security Systems Professional with this comprehensive online course from PluralSight. Now oering a 10-day free trial! ]
The reputation system on the Cisco IronPort Web Security Appliance provides a scoring range from -10 (bad) to 10 (good) and the mechanism to choose when to block, when to allow, and when to scan the data for malware and viruses. This scoring system is the foundation for protecting against new threats from low scoring sites as well as bypassing scanning from high scoring sites. A system that can block without having to scan and/or bypass unnecessary scanning for trusted IP address will boost performance and capture rate provided that the scores are backed by good data. Having a lot of data is important but boiling all of that down into useful information is the key to an eective solution. SponsoredPost Sponsored by BMC Soware
Get facts on the threats, challenges & best practices that define IT security.
Web Reputation and Telemetry The Cisco IronPort Web Security Appliance utilizes data from the SIO in its Web Reputation technology. This data has been distilled from specific web threats in addition to that of email security, IPS, and Cisco's Threat Operations Center comprising research and additional data feeds. During a process called Global Correlation, information about a particular web server is associated with any previous activity from that IP address, weather it be email traic, attack history, web content, or forensic information. The SIO telemetry data can then be used not only to block a user's browser from going to this malicious site but could also block emails from this IP address as well as assign additional risk ratings to IPS signatures. For web security, the telemetry information from multiple sources in the SIO is what gives the solution an advantage over simple URL categorization or reputation scores based solely on web traic. Consider a new web outbreak event or the uncategorized URL/IP address that begins hosting malware. Perhaps no signature is available to identify the malicious data on a newly registered site but this same system has been a spamming server for months and then suddenly starting hosting malicious web content. Cisco's SIO had been tracking and analyzing the spam traic from this IP address and correlating it with additional information such as domain registration within a block of IP$12 addresses known to be botnet for 12 weeks ofserving Insider Procommand and control. The email and START YOUR TRIAL
botnet data in this example along with additional IPS signature samples (based on attack history) gathered by the Cisco SIO are combined to produce a web reputation score than can then be used to block traic to this site even before it is categorized or has its first victim visit the site. With the coming of the Security Intelligence Operations, Cisco is attempting boost the eectiveness of its IronPort Web, IronPort Email, and Intrusion Prevention Systems. By using data telemetry, Cisco is gathering and processing huge amounts of data and then concentrating that into information that it's security appliances can utilize. In the future we may see additional Cisco devices take advantage of SIO information and this would make quite an impact in the security realm. Until then, the Cisco SIO continues to provide a unique advantage for its email, web, and IPS solutions. SponsoredPost Sponsored by Logicalis
Can your data center support you everywhere and any way you need?
For more information on the Cisco SIO, click here. Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind. Copyright © 2010 IDG Communications, Inc.
▻ IT Salary Survey: The results are in
SPONSORED STORIES
Clogged Gutters? We Have The Solution For Your Home! leaffilterguards.com
$12 for 12 weeks of Insider Pro START YOUR TRIAL
Plastic Surgeon Tells: “Doing This Every Morning Can Snap Back Sagging Skin (No Creams
10 Tips for Coping With Chemotherapy
Try Not To Chuckle At These Windshield Notes
Healthgrades
Post Fun
What is the internet backbone and how it works
Cisco, Microsoft team to control growing IoT networks
UK startup tests Wi-Fi for autonomous vehicles with Cisco
Homepage
Homepage
Homepage
Beverly Hills MD
Chiropractors Baffled: Simple Stretch Relieves Years of Back Pain (Watch)
Read This Before You Renew Amazon Prime Again Wikibuy
healthbenefits.vip
$12 for 12 weeks of Insider Pro START YOUR TRIAL
Private cloud reimagined as equal partner in multi-cloud
Cisco moves WiFi roaming technology to wireless
COVID-19 vs. Raspberry Pi: Researchers bring IoT
Homepage
Homepage
Homepage
One Thing All Liars Have in Common, Brace Yourself
Student loan debt? Here’s some great news. NerdWallet
TruthFinder
SPONSORED LINKS Transform Your Data Center with Seamless Visibility Accelerate Digital Transformation With Visibility Without Borders See What Others Can't. Take control And Solve Problems Faster With NETSCOUT dtSearch® instantly searches terabytes of files, emails, databases, web data. See site for hundreds of reviews; enterprise & developer evaluations
Copyright © 2020 IDG Communications, Inc.
$12 for 12 weeks of Insider Pro START YOUR TRIAL /...