Overview of Services
Firewall
Cisco Secure Firewall includes network security features to detect malicious files attempting to enter a network from the internet or moving within a network. Network segmentation intel in Cisco Identity Services Engine (ISE) can prevent the lateral movement of threats, and Firewall as a Service (FWaaS) with intrusion prevention system (IPS) blocks unwanted non-web traffic.
Security analytics
Cisco Secure Network Analytics provides network visibility and can detect internal network anomalies, including malware activating its payload. It can even detect malware in encrypted traffic without decryption. Multilayer machine learning and advanced behavioral analytics identify who is accessing your network or your public cloud infrastructure.
Email security
Cisco Secure Email Threat Defense technology addresses email security for the inbox with phishing protection, advanced spam filtering, and defense against Business Email Compromised (BEC) with Domain Based Message Authentication Reporting (DMARC). Cisco Secure Email software, deployed on-premises or in the cloud, blocks malware in phishing emails sent by threat actors.
Threat intelligence teams
Comprised of world-class researchers, analysts and engineers, Cisco Talos is one of the largest commercial threat intelligence teams in the world. This team harnesses sophisticated systems to create accurate, rapid, and actionable threat intelligence for Cisco customers, products, and services.
Glossary of top cyberthreat terms
Know your adversary. Learn about the most common cyberthreats and the security solutions that defend against them.
Security threats
Phishing: Threat vector which uses spam email that appears authentic with the goal of stealing credentials. A malicious attachment or link in an email can deploy malware. Links presented in emails should be handled with caution. With the toolkits available to attackers, phishing emails are harder to detect. Other methods like SMS text phishing (or SMiShing) are also on the rise.
Exploit: Attackers know about vulnerabilities in software and systems. They take advantage of these exploits, often using social engineering tactics, to deliver malware. These vulnerabilities can be minimized by keeping software up to date and becoming cyber-aware of social engineering techniques like phishing.
Spear phishing: Phishing targeted to an individual user. Vishing uses the phone or call center to steal information. Pretexting is the attacker’s use of a scenario that increases the chance of success (for example, lost my password and internet connection). Baiting refers to leaving desirable items to be taken and used and then infect computers with malware (for example, USB drives at conferences). Tailgating allows an attacker to gain unauthorized access to a building by closely following a person with authorized badge access through a secured door.
Social engineering: A person using psychological manipulation of a user to carry out an action or divulge information. They trick someone into doing a desired action such as wiring money or divulging login credentials through phishing, spear phishing, vishing, pretexting, baiting, and tailgating.
Malvertising: When cybercriminals deploy malicious JavaScript inside online advertising. The ads direct users to websites or popups often used in money scams.
Malware: Malicious software intended to damage or disrupt computers and computer networks. Common types of malware are phishing attachments and “malvertising.” An insider attack is when malware is deployed inside a network. This type of intrusion can be harder for security teams to detect because it might look like users are performing a task.
Data breach: A security violation or incident that leads to the theft of sensitive or critical data or its exposure to an unauthorized party. The ultimate goal of an attack is almost always data access and data exfiltration.
Spoofing: A cybercrime in which someone forges the sender’s information, impersonating a legitimate source or trusted contact with the intent of gaining access to personal information. The goal of spoofing often includes stealing data or money or spreading malware. Other forms of spoofing include IP address spoofing, DNS spoofing, and URL spoofing.
Ransomware: Malicious software that threatens to publish or perpetually block access to a victim’s data unless a ransom is paid. It is often delivered through phishing email. If organizations don’t have a backup plan, they may have to pay the attackers to get their data back, often with cryptocurrency.
Advanced persistent threat (APT): A long-term and covert cyberattack on a computer network where the attacker gains and maintains unauthorized access to a network and remains undetected for weeks, months, even years. Stealing data is usually the end goal of an APT attack.
Viruses: A computer virus is malware that self-replicates by injecting its code into other software programs. It spreads from one computer to another, with the intent of disrupting a system’s ability to operate. Having a data backup can be critical when it comes to recovering from a virus or ransomware.
0-Day, or zero-day attack: When a cybercriminal exploits a new or previously unknown software vulnerability for which no patch has been developed, thus exposing the organization to harm.
Software worm: A piece of software that can propagate on its own to spread to other computers, performing malicious actions where it spreads. Unlike a virus or malware, a software worm exists as a standalone entity; it isn’t hidden inside something else like an attachment.
DDoS (distributed denial of service) A denial of service attack carried out by a group of individual computers or bots, including IoT devices, that unify to engage in an attack against one resource. This attack typically floods a server or network with unwanted traffic to prevent normal access and application performance.
Cryptomining: Malicious cryptomining is a browser- or software-based threat that enables hackers to infiltrate system resources to generate cryptocurrencies. Similar to a botnet, cryptomining occurs when computer resources are taken over to help build a ledger for cryptocurrency. Attackers aren’t stealing data but are using your CPU resources and power.
Botnet: Derived from robot network, meaning a network of victim computers infected with malicious software and controlled as a group without the owner’s knowledge. This is a form of malware deployed to a group of robot computers the attackers exploit to carry out their malicious intent, which is often a Denial of Service (DoS) attack.
DoS (denial of service): Denial of service is an attack that prevents access to a computing resource (service, network, storage, memory, or CPU.) This attack attempts to disable a website, preventing it from being accessed. A group of botnets performs a DoS attack.
Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users through ransomware; or interrupting normal business processes.
Implementing effective cybersecurity measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative.
A successful cybersecurity posture has multiple layers of protection spread across the computers, networks, programs, or data that one intends to keep safe. In an organization, a unified threat management gateway system can automate integrations across products and accelerate key security operations functions: detection, investigation, and remediation. People, processes, and technology must all complement one another to create an effective defense from cyberattacks.
People
Users must understand and comply with basic data protection and privacy security principles like choosing strong passwords, being wary of attachments in email, and backing up data.
Processes
Organizations must have a framework for how they deal with both attempted and successful cyberattacks. One well-respected model, the NIST cybersecurity framework, can guide you. It explains how you can identify attacks, protect systems, detect and respond to threats, and recover from successful attacks.
Technology
Technology is essential to giving organizations and individuals the computer security tools needed to protect themselves from cyberattacks. Three main entities must be protected: endpoint devices like computers, smart devices, and routers; networks; and the cloud. Common technology used to protect these entities include next-generation firewalls, Domain Name System (DNS) filtering, malware protection, antivirus software, and email security solutions.
——–
Types of cybersecurity threats
Cloud security
Cloud security provides rapid threat detection and remediation, enhancing visibility and intelligence to prevent malware impacts. It delivers robust protection in multicloud environments, streamlining security without affecting user productivity, and is essential for the safety of applications, data, and users in both hybrid and remote work settings. The scalable nature of cloud security allows for the defense of an expanding array of users, devices, and cloud applications, ensuring comprehensive coverage across all points of potential attack.
Identity
Identity security and access management involve safeguarding the digital identities of individuals, devices, and organizations. This involves implementing security processes, tools, and policies that control user access to accounts and enable productivity with frictionless access to important information without risk.
The three main goals of identity security are to:
- Authenticate a user’s identity
- Authorize access to appropriate resources
- Monitor access activity for weak posture and suspicious activity
Malware
Malware is a type of software designed to gain unauthorized access or to cause damage to a computer.
Phishing
Phishing is the practice of sending fraudulent emails that resemble emails from reputable sources. The aim is to steal sensitive data, such as credit card numbers and login information, and is the most common type of cyberattack. You can help protect yourself through education or a technology solution that filters malicious emails.
Ransomware
Ransomware is a type of malicious software that is designed to extort money by blocking access to files or the computer system until the ransom is paid. Paying the ransom does not guarantee that the files will be recovered or the system restored.
Social engineering
Social engineering is a tactic that adversaries use to trick you into revealing sensitive information. Attackers can solicit a monetary payment or gain access to your confidential data. Social engineering can be combined with any of the threats mentioned above to make you more likely to click on links, download malware, or trust a malicious source.
Threat detection
An effective extended detection and response (XDR) system integrates solutions across the security stack, making it easier for analysts to focus on comprehensive threat detection, prioritize incident response, and improve productivity. With more visibility and context into data security threats, events that would not have been addressed before will surface to a higher level of awareness, thus allowing cybersecurity teams to quickly eliminate any further impact and reduce the severity and scope of the attack.
Zero trust
Zero trust isn’t a single product or technology. It’s a security strategy that is best implemented by keeping an organization’s business operations, risks, and security outcomes in mind. Although there are various paths to achieving zero trust maturity, most organizations prioritize deployment of technologies such as multi-factor authentication (MFA), device posture checks, zero trust network access (ZTNA), and network segmentation as they implement zero-trust security.
