Cisco Annual Security Report 2014
In this report, Cisco offers data on and insights into top security concerns, such as shifts in malware, trends in vulnerabilities, and the resurgence of distributed denial-of service (DDoS) attacks. The report also looks at campaigns that target specific organizations, groups and industries, as well as the growing sophistication of those who attempt to steal sensitive information. The report concludes with recommendations for examining security models holistically and gaining visibility across the entire attack continuum—before, during, and after an attack.
The following are the key findings of the reports:
- Attacks against infrastructure are targeting significant resources across the Internet
- Malicious exploits are gaining access to web hosting servers, nameservers, and data centers. This suggests the forming of überbots that seek high-reputation and resource-rich assets.
- Buffer errors are a leading threat, at 21 percent of the Common Weakness Enumeration (CWE) threat categories.
- Malware encounters are shifting toward electronics manufacturing and the agriculture and mining industries at about six times the average encounter rate across industry verticals.
- Malicious actors are using trusted applications to exploit gaps in perimeter security
- Spam continues its downward trend, although the proportion of maliciously intended spam remains constant.
- Java comprises 91 percent of web exploits; 76 percent of companies using Cisco Web Security services are running Java 6, an end-of-life, unsupported version.
- “Watering hole” attacks are targeting specific industry-related websites to deliver malware.
- Investigations of multinational companies show evidence of internal compromise. Suspicious traffic is emanating from their networks and attempting to connect to questionable sites (100 percent of companies are calling malicious malware hosts)
- Indicators of compromise suggest network penetrations may be undetected over long periods.
- Threat alerts grew 14 percent year over year; new alerts (not updated alerts) are on the rise.
- Ninety-nine percent of all mobile malware in 2013 targeted Android devices. Android users also have the highest encounter rate (71 percent) with all forms of web-delivered malware.
Protect your IT environment from security risks!
One of the best ways to mitigate IT security risks is to equip your security personnel with the expertise and experience to help them adapt their security models to the challenges presented by cloud computing, mobility, and other new ways of doing business that are driven by technology advancements.
NIL Learning’s security training will prepare your security team for designing, configuring, and maintaining secure network infrastructures using the latest Cisco security devices, technologies, and appliances. Students gain real-world security implementation and troubleshooting skills that enable them to successfully respond to IT security threats.
Our portfolio of security trainings covers the following areas:
- Cisco Intrusion Prevention System (IPS)
- Content Security
- Identity Management
- Router Security
- Virtual Private Networks (VPNs)