Cisco Updates IronPort Security to Thwart Spear Phishing, Targeted Attacks
Cisco updated its IronPort security family with two new features designed to combat sophisticated email and Web threats, such as spear phishing.
Cisco unveiled the IronPort Outbreak Filters and Business Class E-Mail on July 13 at Cisco Live in Las Vegas. The new features highlight what Cisco claims are new trends in cyber-crime.
While spam is still a problem, it is not growing at the same exponential rate, and in some cases may be declining, Cisco said in a recent study. Since targeted attacks are on the rise, Cisco created new security services to focus on the new email and Web threats.
Cisco is using network intelligence to improve email and Web security.
IronPort Outbreak Filters are designed to fight off targeted attacks because, as a recent Cisco study found, targeted attacks are highly lucrative and thus are popular attack vectors. The filters run on a custom-built engine based on IronPort and ScanSafe technologies and identify messages that may be part of a targeted attack.
Whenever a user opens an email message that fits the filter parameters, the IronPort system rewrites the malicious URLs embedded in those messages to go through Cisco's ScanSafe Cloud Web Security system. If the user still goes ahead and clicks on the rewritten link, the Web content is passed through additional Cisco filters in the cloud security service, which scans and identifies any potential malware that may be on the site and blocks them from downloading when necessary.
"Rewriting the link is what allows us to scan the payload that would come from that site," said Nick Edwards, director of Cisco's Security Technology Business Unit. A "deep scrub" helps determine the context of the link, he said.
Spear phishing attacks use publicly available information online, including social networking sites, to go after specific individuals the attackers have profiled as likely to fall for the malicious email, Edwards said. The IronPort Outbreak Filters offer enterprises a strong layer of protection for these kinds of "low-volume attacks" where only a handful of people within the enterprise are targeted, Edwards said.
The other feature, Business Class E-Mail, takes on the new era of threats such as spear phishing by bundling together various authentication and filtering technologies that can also handle user authentication. Business Class E-Mail focuses on four main features, including automatic user identification, embedded email controls, strong security and universal device support.
The goal is to extend security to personal devices that employees use to access corporate data in the workplace, such as smartphones and tablets, Cisco said. It is platform-independent because it depends on plug-ins to hook into appropriate operating systems. While Cisco plans to support smartphones, initial support will be limited to iOS devices, with Android support coming next year.
The company incorporated its existing authentication services in single sign-on, including Cisco Registered Envelope Service, Cisco IronPort WSA and WebEx into Business Class E-Mail, and the existing email encryption product. New controls, such as message recall, message expiration and read receipts, have also been added.
Business Class E-Mail is a "new approach" to email security as it combines the network and the cloud, Edwards said.
Cisco officials also unveiled additions to the company's UCS (Unified Computing System) infrastructure offering, Nexus switches and WAAS (Wide Area Application Service) at Cisco Live.