As with anything threat-related, a defense-in-depth security posture designed to address critical infrastructure will go a long way in protecting your organization.
Our #1 tip is to simply keep systems up to date and patch regularly. For example, in the case of Sea Turtle (the DNS hijacking case), attackers infiltrated systems by exploiting vulnerabilities, some of which were 10 years old.
Critical to that is to leverage threat intelligence as the backbone of your defense strategy. If you own a Cisco Security product, you're harnessing the power of Talos' threat intelligence, which flows to each and every one of our products.
Below is a list of solutions that form part of a layered defense, and a key for highlighting which threats each solution addresses.
Umbrella Investigate is a DNS inspection console that gives a complete view of the relationships and evolution of Internet domains, IPs, and files — helping to pinpoint attackers’ infrastructures, predict future threats, and allow you to quickly find changes to DNS records. Being able to connect to C2 domains is also vital for many threats to function. Cisco Umbrella uses DNS to stop threats over all ports and protocols, even direct-to-IP connections, preventing connections to attackers’ servers.
Threats protected against: DNS hijacking, RATs, targeted ransomware, threats in encrypted traffic
As more devices enter your network, it’s crucial to understand what attacks are being leveraged at your endpoints, block them proactively, and respond rapidly to anything that breaches your defenses. Cisco AMP for Endpoints blocks malware at point of entry, then detects, contains, and remediates advanced threats.
Threats protected against: RATs
MFA solutions like Cisco Duo verify users' identities, gain visibility into every device, and enforce adaptive policies to secure access to every application. MFA can also prevent an attacker from logging into a system if they manage to obtain login credentials.
Threats protected against: RATs, targeted ransomware, DNS hijacking
Monitoring for unauthorized activity is important. Cisco Stealthwatch is the most comprehensive visibility and network traffic security analytics solution that uses enterprise telemetry from the existing network infrastructure. Stealthwatch also includes Encrypted Traffic Analytics, which can find threats in encrypted traffic.
Threats protected against: RATs, threats in encrypted traffic
As well as the basics such as spam, virus, and malware prevention, consider more advanced phishing protections for email security that use machine learning to understand and authenticate email identities and behavioral relationships to block advanced phishing attacks.
Threats protected against: Office 365 phishing, RATs, digital extortion
A solution like Cisco Threat Grid hunts for malicious files and automatically informs all Cisco Security products. Threat Grid combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware.
Threats protected against: Targeted ransomware, RATs
Holistically stop new infections, breach propagation and data exfiltration across multiple vectors and impacted systems with a platform approach such as Cisco Threat Response (CTR). The CTR platform automates and accelerates primary security operations functions: detection, investigation, and remediation. It is a key pillar of Cisco's integrated security architecture.
Threats protected against: All
Strengthen your readiness and response to attacks. Talos Incident Response can help you prepare, respond, and recover from a breach by giving you direct access to the same threat intelligence available to Cisco. Our experts will work with you to evaluate existing plans, develop a new plan, and provide rapid assistance when you need it most.
