Cisco Unveils New Security To Thwart 'Targeted' Attacks

Cisco Systems, which reported recently that mass spam email attacks on computer users are being replaced with more sophisticated, targeted attacks, has introduced a new security technology to thwart those attacks. At its Cisco Live conference in Las Vegas, the company unveiled Cisco IronPort Outbreak Filters, which, when spotting a suspicious email containing what might be a malware link, rewrites the link to direct it to a Cisco security tool that will determine if it is malware and, if so, block it.

Also at Cisco Live, the company unveiled a Business Class E-mail (BCE) system that delivers automatic user identification, embedded email controls, added encryption security and universal device support. The latter is designed to extend security to the personal devices workers now use in the workplace, such as smartphones and tablet computers.

The Outbreak Filters product is designed to respond to new targeted attacks on specific email users. At a news conference in the San Francisco area June 30, Cisco shared results of an internal study that showed that mass spam attacks, in which messages are sent to millions of inboxes, are on the decline because they’re increasingly ineffective. Instead, cyber criminals are launching targeted attacks that are written to a specific individual with a message more likely to trick him or her into clicking on a link that downloads a malware payload.

Outbreak Filters look out for such messages, and when a suspicious one is found, it rewrites the link before sending it on to the intended recipient, says Nick Edwards, director of Cisco's Security Technology Business Unit. Rewriting the link redirects it to Cisco’s ScanSafe Cloud Web Security system--technology from a Cisco acquisition done a year and a half ago--which scans the link destination to determine if it is a malware site. If it is malware, ScanSafe blocks user access, preventing the download; if it’s legitimate, the site opens up.

"Rewriting the link is what allows us to scan the payload that would come from that site," Edwards explains. "We do a deep scrub, determine the context of [that link] and where that email originated."These new targeted attacks go after specific individuals whom cyber criminals have profiled based on publicly available information online, including on social networking sites, he says. To reporters, Edwards detailed the case of a high net worth Brazilian businessman, whose identity he concealed. The businessman was targeted with an email with specific personal information about him in order to make him think the sender was legitimate.

"We’re all IT professionals; we may not fall for this, but the bad guys are smart enough to go after people they think are susceptible," Edwards said at the news conference.

Enhanced email controls in BCE allow senders to recall an email recently sent, obtain a receipt that the recipient actually read a message and set an expiration date to delete an email if the recipient hasn’t done so on his or her own. The automatic user identification feature uses the security assertion markup language (SAML) email security standard that leverages a recipient's corporate identity to allow only that person to decrypt an email intended for him or her.

See more on this topic by subscribing to Network Computing Pro Reports Strategy: Stop SQL Injection (subscription required).