Cisco’s holistic approach to cyber security solutions

[Sponsored Article]

Imagine that after a coffee in the morning you return to your office, feeling fresh and prepared to start the day. After switching on your computer you realise that there is something odd and that it is unbootable. You cannot access any file on your computer - no documents, no images, and no audio files. Instead of your familiar screen that greets you every time you switch on your computer, there is a blinking note that demands payment of a ransom in order to restore the operation of the computer. This is ransomware at work.

The scenario may be horrifying to most unprepared individuals, but the incidents of ransomware are on the rise. According to the US Federal Bureau of Investigation (FBI), ransomware will be a US$1 billion market this year.

More worrying still is the trend that ransomware is evolving and becoming more pervasive as well as more difficult to deal with. If you think ordinary ransomware is bad for an individual computer, wait until you come to terms with ransomware that targets an entire computer network and architecture. Watch the below video to see how an effective ransomware attack comes together.

Releasing key findings taken from threat intelligence and the latest cybersecurity trends, the Cisco 2016 Midyear Cybersecurity Report shows some threat actors, or malicious actors, are now targeting network and server-side vulnerabilities. This is referred to as ransomware 2.0 by some cyber security specialists.

For an organisation, the time and resources required to unlock a system and contain the damage will be much higher if architecture is infected. If any file is not properly backed up, everything that is treasured in the affected company or organisation will be compromised including all kinds of data, trade secrets, and customers’ personal information. If it happens to a healthcare organisation, this attack can result in a more widespread implication in people’s health and well-being. As a result, the damage caused by today’s ransomware can be beyond financial terms.

As the world is getting more digitised every day with more and more devices connected, the threat landscape to networks has never been greater. The fact that today’s biggest security challenges occur in multiple levels of a network represents new security challenges which call for new problem-solving and a new security model to deal with the threats.

Conventionally, in response to today’s security threats, organisations resort to a multi-layered, niche-products approach thinking on guarding network security. We found that companies are deploying up to 70 disparate security products to address various needs. The shortcomings with such an approach is that it creates an extremely sophisticated and complex environment for an organisation as numerous disparate products and disjointed solutions are applied at the same time. The lapses in coordination among dozens of products and solutions result in unavoidable security gaps, creating a security concern all in itself.

Now, we need to tackle security with a threat-centric architectural approach, such as that developed by Cisco, to battle complexity by integrating all the products together on the network architecture and creating a force multiplier of effectiveness. By integrating the devices together, we are letting them share context and intelligence with each other, and enable that “see it once, stop it everywhere.” The core principle is that we need a simple, open and automated security architecture to achieve effective security.

Contrary to the limitations of conventional solutions, Cisco’s threat-centric security model addresses security across the entire attack continuum – before, during, and after an attack, getting measures in place to first defend against, block and finally contain the attack. It offers the best breadth of solutions, while overcoming the biggest security challenges with the entire attack continuum covered. After all, with the advancing of the threat landscape, it is unrealistic to assume all threats can be blocked – companies must pay equal attention to how to detect and contain a threat, and remediate immediately from an attack to minimize associated impact to business.

Cisco’s network-as-a-sensor and network-as-an-enforcer approaches leverage the Identity Services Engine, TrustSec and Stealthwatch technologies to provide great visibility, context, and control into the network and endpoints for organisations. The company has recently completed its acquisition of CloudLock, a company specialized in cloud access security broker (CASB) technology that understands and monitors user behaviour and sensitive data in cloud applications, further extending its security capabilities into the cloud. It is estimated that Cisco’s architectural approach detects more threats and greatly contributes to reducing a customer’s time when it comes to detection to 13 hours, compared to the industry standard of 100 days.

What makes Cisco’s security offerings so powerful is not only the technology but also the intelligence. Talos is Cisco’s threat intelligence organization, an elite group of security experts devoted to tracking threats across end points, networks, cloud environments, web, and email in real-time, and providing a comprehensive understanding of cyber threats, their root causes, and scopes of outbreaks. It has recently taken down a large malvertising campaign affecting potentially millions of users across the globe, and thwarted access to a massive international exploit kit generating US$60M annually from ransomware.

Put simply, Cisco offers a new, holistic approach to cover the entire continuum of a possible cyber-attack, including but not limited to ransomware attack. With greater effectiveness, faster detection and quicker response times, the new Cisco approach allows an organisation to make the best of the increasingly digitised world, with added confidence in defending their extended network and with security solutions to seize business opportunities. 

Click to learn more about Cisco Security.