News Summary:

• Cisco intends to acquire privately held Isovalent, Inc., a leader in open source cloud native networking and security. 
• Together, Cisco and Isovalent will build leading edge protection for every workload on every cloud.
• Cisco is committed to nurturing, investing in and contributing to eBPF, Cilium, Tetragon, and cloud native open source communities. 

SAN JOSE, Calif., Dec. 21, 2023 /PRNewswire/ -- Cisco (NASDAQ: CSCO) today announced the intent to acquire Isovalent, a leader in open source cloud native networking and security, to bolster its secure networking capabilities across public clouds.

The acquisition of Isovalent will build on the Cisco Security Cloud vision, an AI-driven, cloud delivered, integrated security platform for organizations of any shape and size. The Cisco Security Cloud enables customers to abstract security controls from multicloud infrastructure to provide advanced protection against emerging threats across any cloud, application or workload.

"Together with Isovalent, Cisco will build on the open source power of Cilium to create a truly unique multicloud security and networking capability to help customers simplify and accelerate their digital transformation journeys," said Jeetu Patel, executive vice president and general manager of Security and Collaboration at Cisco. "Imagine in today's distributed environment - of applications, virtual machines, containers and cloud assets - having security controls with total visibility, without hindering networking and application performance. The combination of Cisco and Isovalent will make this a reality."

Isovalent's team is a major contributor to the open source technology eBPF, and has led the development of Cilium, the leading cloud native solution for networking and security. eBPF provides unmatched visibility into the inner workings of the operating system - an ideal interface for building security systems that can protect a workload while it runs. Cilium provides IT and platform engineering teams with powerful networking capabilities and unparalleled visibility into the behavior and communication of cloud native applications, enabling seamless policy definition of software-defined networks. Isovalent has also recently introduced:

• Cilium Mesh:  allows for the easy connection of Kubernetes clusters with existing infrastructure across hybrid clouds,
• Tetragon: an eBPF-based open source security solution that provides visibility to and enforces runtime behavior within an application and on the network.  
• Isovalent Enterprise: an enterprise distribution of Cilium and Tetragon

Cisco intends to continue offering and building on Isovalent's slate of innovations for customers, including Isovalent Enterprise.

"Cisco is committed to nurturing, investing in, and contributing to the eBPF and Cilium open source communities," said Stephen Augustus, Head of Open Source at Cisco. "Isovalent's team will join Cisco's deep bench of open source governance and technical leadership to solve complex cloud native, security, and networking challenges. Their knowledge will accelerate innovation across the business and help further strengthen the Cisco Security Cloud platform to meet the growing demands of our customers."

Isovalent holds leadership positions in the Cloud Native Computing Foundation and eBPF Foundation, in addition to upstream software contributions, and this acquisition strengthens Cisco's role in supporting the open source ecosystem. Together as leaders in networking and security, Cisco and Isovalent will build solutions powered by eBPF technology that aim to solve the challenge of protecting workloads no matter where they reside. Cisco is committed to Cilium and Tetragon as open source projects and intends to create an independent advisory board to help steer Cisco's contributions to these important efforts in a way that is aligned with the needs of the open source community. 

The Isovalent team will join the Cisco Security Business Group once the acquisition closes, which is expected in the third quarter of fiscal year 2024. 

Additional Resources  

About Cisco
Cisco (NASDAQ: CSCO) is the worldwide technology leader that securely connects everything to make anything possible. Our purpose is to power an inclusive future for all by helping our customers reimagine their applications, power hybrid work, secure their enterprise, transform their infrastructure, and meet their sustainability goals. Discover more on The Newsroom and follow us on X at @Cisco.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

View original content to download multimedia:https://www.prnewswire.com/news-releases/cisco-to-acquire-isovalent-to-define-the-future-of-multicloud-networking-and-security-302021005.html

SOURCE Cisco

Cisco’s two SD-WAN solutions, one of which is powered by Viptela, is helping the tech giant take a big chunk of market share in the increasingly crowded SD-WAN market.

Cisco Systems came out ahead of the pack in the $1.4 billion SD-WAN infrastructure market last year, according to market research firm IDC.

The latest IDC market share report ranks Cisco in first place for 2018 market share worldwide for SD-WAN Infrastructure, which was up 64.0 percent last year. Cisco, according to the report, captured 46.4 percent of the total SD-WAN market last year or $637.7 million, an increase of 55.4 percent year-over-year.

Trailing Cisco was the "rest of market" segment, which included a mix of emerging SD-WAN players such as CloudGenix, Fortinet, and Versa Networks. The “rest of market” segment captured 20.8 percent of the SD-WAN market in 2018 or $285.9 million, up 86.1 percent year-over-year.

[Related: 6 Hot SD-WAN Technologies To Follow In 2019]

Rohit Mehra, vice president of network infrastructure for IDC and one of the report's authors, told CRN that Cisco's significant share in the SD-WAN space is thanks to its extensive routing portfolio it uses in SD-WAN deployments. Cisco is also bringing two SD-WAN solutions to the table: its flagship SD-WAN platform powered by technology it acquired from Viptela in August 2017 and a Meraki SD-WAN offering.

"Additionally, [Cisco] is able to leverage their large installed base of enterprise routers sold through VARs and telcos, all of which can now be upgraded with Viptela SD-WAN functionality," Mehra said.

Katalyst, a Charlotte, N.C.-based solution provider that is reselling Cisco SD-WAN, is also offering a white-labeled, managed SD-WAN services based on Cisco's offering. Katalyst made the choice to "go big" with Cisco in the SD-WAN space because of the tech giant's footprint in the market, and because security is about 40 percent of Katalyst's business today, said Jesse White, field CTO for the solution provider.

A Cisco Gold and Master security partner, Katalyst has been able to bundle SD-WAN and security into a managed service for its customers, White said.

"Cisco made some early integrations with cybersecurity with are included in SD-WAN," he said. "We've found harmony with our customers is in taking away devices -- so simplifying the IT environment and providing customers with a box that can do Layer 7 firewalling as well as all the SD-WAN benefits."

Cisco in June integrated its Viptela-powered SD-WAN offering with Cisco Umbrella, the company's cloud-based secure internet gateway. The combination is letting partners and end customers secure their SD-WAN from the cloud.

IDC this year predicted that the SD-WAN infrastructure market will grow to $4.5 billion by 2022. The combination of SD-WAN and security managed services, specifically, is a "massive" opportunity for the channel, according to Cisco's Senior Vice President and General Manager of enterprise networking Scott Harrell.

"It's not only a market where partners are distributing the classical WAN market, but they also have an opportunity to play for the security spend as well," Harrell said.

The Viptela acquisition, Katalyst's White said, has also been key in helping to boost Cisco's presence in the SD-WAN market.

"Viptela was by far one of Cisco's more strategic acquisitions," he said. "It has served them very well."

Cisco's Viptella-powered solution has helped differentiate its SD-WAN solution in the crowded market, said Wanda Castelvecchi, national practice manager for ePlus, a Cisco Gold Certified Partner that is offering both Cisco's Viptela SD-WAN solution as well as the Cisco Meraki offering, in addition to SD-WAN products from other providers.

"Viptela had been making a little headway on its own -- we had customers that were already customers of Viptela before the acquisition -- which I definitely think helped [Cisco] stand out and even add some simplicity to their previous iteration of SD-WAN," Castelvecchi said.

Market research firm Gartner in its 2018 Magic Quadrant for WAN Edge Infrastructure also named Cisco in its "Leader" quadrant, alongside fellow leaders VMware and Silver Peak.

IDC's 2018 SD-WAN infrastructure market share report listed VMware as capturing 8.8 percent of the market or $121.2 million, a 39.9 percent increase year-over-year that was in part driven by its SD-WAN service powered by VeloCloud, which the Palo Alto, Calif.-based provider acquired in December 2017.

Silver Peak followed at 7.4 percent or $101.1 million, a 93 percent year-over-year increase. Aside from the “rest of the market” segment, VMware and Silver Peak were the two closest vendors to Cisco.

The modern world thrives on the internet, even if there are some bizarre unintended consequences from tying everything to an Ethernet cable or wireless signal. And as networks grow, the demand for people who know how to design, build, maintain, and protect them becomes even more important. The 2021 Cisco CCNA & CCNP Certification Training Bundle will get you the certifications you need to become a professional network engineer.

Both certifications were created by the networking company Cisco as they realized their products were becoming more complex, while educational materials weren't keeping up. For IT professionals, that's meant getting two key certifications, starting with the Cisco Certified Network Associate certification, or CCNA. Tied to the #200-301 exam, a CCNA certifies that you're able to set up, run, and maintain a network for a small or medium-sized business.

The first course in this bundle explores that in detail with 150 lectures across nearly 47 hours discussing routing protocols, WAN technology, device monitoring and management and security fundamentals. Whether you're new to IT or just want to update your skills, it's perfect for all levels.

Then the bundle turns to the Cisco Certified Network Professional certification, or CCNP. This expands on what you learned in the CCNA course to apply it to much larger networks, adding network architecture lessons, how to employ virtualization for users, and network infrastructure and assurance. Even if you're not going for your CCNP, it's information worth knowing for any IT professional or engineer who will deals with networks.

Courses are run by ITU Online Training, which has won a ton of industry awards, including honors at the Best in Biz Awards and the Cybersecurity Excellence Awards.

The demand for IT networking professionals is only growing, and a certification will help you move forward in your career, or launch a new one. The 2021 Cisco CCNA & CCNP Certification Training Bundle is normally $198, yet right now you can save 74% and get both courses for just $49.99.

Prices subject to change.

Futurism fans: To create this content, a non-editorial team worked with an affiliate partner. We may collect a small commission on items purchased through this page. This post does not necessarily reflect the views or the endorsement of the Futurism.com editorial staff.

The Cisco Talos Year in Review report released Tuesday highlights new trends in the cybersecurity threat landscape. We’ll focus on three courses covered: the ransomware cybercriminal ecosystem, network infrastructure attacks and commodity loader malware.

More ransomware actors switched to extortion rather than encryption, while commodity loaders evolved to be stealthier and highly effective, although new major security improvements have seen the day in 2023, such as Microsoft Office disabling macros by default. Network devices are increasingly impacted by cybercriminals and state-sponsored threat actors.

Jump to:

The ransomware cybercriminal ecosystem changed

Most targeted vertical

In terms of ransomware, the most targeted vertical, as observed by Cisco Talos in 2023, was the healthcare and public health sector, which is not surprising since the organizations in that sector often suffer from underfunded budgets for cybersecurity and low downtime tolerance (Figure A). In addition, those organizations are interesting targets because they possess protected health information.

Figure A

Some ransomware groups have been changing

The most active ransomware group for the second year in a row was LockBit (25.3% of the total number of posts made to data leak sites), followed by ALPHV (10.7%) and Clop (8.2%).

Yet some ransomware groups kept changing in 2023; those structures often merged or rebranded in an attempt to confuse law enforcement and researchers tracking them. The cybercriminals active in the field often work for several ransomware-as-a-service services at the same time.

Multiple leaks of ransomware source code and builders also affected the ransomware threat landscape because these allowed more people (even those with little technical knowledge) to start their own operations.

Zero-days exploited at an unprecedented pace

Highly technical actors have been exploiting zero-day vulnerabilities at an unprecedented pace. The Clop ransomware group in particular has been able to exploit multiple zero-day vulnerabilities, including vulnerabilities in the GoAnywhere MFT platform, MOVEit and PaperCut.

Cisco Talos states that “Clop’s repeated efforts to exploit zero-day vulnerabilities is highly unusual for a ransomware group given the resources required to develop such capabilities,” yet it is still unsure that they do develop exploits on their own. When questioned about it in an email interview, a Cisco spokesperson told TechRepublic, “Because of the murkiness in the relationships that constitute the ransomware ecosystem, it can be difficult to accurately parse out which personnel/organizations are responsible for which actions. Because of this, we do not have direct insight into how Cl0p obtained the 0days and have not observed any indications that they purchased them. Regardless of whether they developed them themselves or purchased them, the usage suggests Cl0p is well-resourced, either in engineering talent or in finances and connections that would allow them to obtain from a third party.”

More affiliates are using a data theft extortion model

Another remarkable shift in the ransomware threat landscape is that more affiliates are now switching to a data theft extortion model rather than the usual encryption model. In these attacks, cybercriminals do not deploy ransomware; instead, they steal organizations’ sensitive information before asking for a ransom.

The improvements in ransomware detection capabilities from Endpoint Detection and Response and Extended Detection and Response software might be one reason for switching tactics and stopping deploying ransomware on the targeted systems. Cisco Talos also suspects the aggressive pursuits from U.S. and international law enforcement against ransomware actors might be another reason for that change.

Network infrastructure attacks increased

Cisco Talos observed an increase in attacks on networking devices in 2023, particularly attacks operated by China- and Russia-based groups looking to advance espionage objectives and facilitate stealthy operations against secondary targets. The researchers observed such activity from other cybercriminals, including initial access brokers and ransomware threat actors.

Weak security on network devices

Networking devices, although being key components to any organization’s IT infrastructure, are not often examined from a security point of view and are often poorly patched, making them an interesting target for cybercriminals. Yet those devices often run on non-standard operating systems, rendering their exploitation harder by cybercriminals but also unmonitored by standard security solutions.

The typical compromise of those devices starts with threat actors exploiting unpatched vulnerabilities, weak or default credentials, or insecure device configuration.

A Cisco spokesman told TechRepublic that “the continued prevalence of default credentials may be partly explained by the sheer number of vendors and products combined with the lack of uniform standards/best practices. The move away from default credentials should certainly help Boost the situation. It is important to note that weak credentials can also be exploited if the actor is able to brute-force or password-spray, and that access brokers still achieve success in obtaining credentials and selling them on the dark web. This means that even if organizations are not using default credentials, it’s essential they create unique and complex passwords, employ MFA where possible, and emphasize additional security measures such as segmentation and IR planning as well.”

Targeted devices had a high severity score

Vulnerabilities affecting network devices in 2023 all had a high severity score, meaning those devices were easily exploitable and had the potential to cause significant operational impact, according to Cisco Talos.

Once compromised, those devices allow attackers to capture sensitive network information, facilitating further access to the target’s networks. Attackers also might plant malware on the devices to establish an initial foothold in the target’s infrastructure without the need for any authentication, or to redirect network traffic to actor-controlled servers. Finally, the devices are also often used by attackers as anonymization proxies for conducting attacks on other targets.

Commodity loader malware evolved

Commodity loader malware such as Qakbot, Ursnif, Emotet, Trickbot and IcedID have been around for years. They were initially banking trojans, looking for credit card information theft on infected computers.

In late 2023, new variants of IcedID and Ursnif appeared with a striking difference as compared to their older versions: Their banking trojan capabilities had been removed, and their dropper functionalities had been improved. The IcedID new samples have been used by initial access brokers known for commonly selling network accesses to ransomware groups. The latest Ursnif variants were used by the Royal ransomware group.

Qakbot also evolved, deploying new features ideally suited to help ransomware groups.

This evolution from banking trojan to loader is attractive for cybercriminals who want to be stealthier; the banking trojan function removal renders those malware less detectable.

The infecting vector for Qakbot, IcedID and Ursnif evolved, as Microsoft’s new security measures on Office products affected the malware threat landscape, forcing cybercriminals to find new ways to use macros undetected or avoid using them completely (Figure B).

Figure B

Threat actors used different methods compared to previous years for spreading their malware and infecting devices, such as using JavaScript, PowerShell, OneNote documents, or HTA files, to name a few. They also used the Google Ads platform to deploy malware such as Ursnif, IcedID or Trickbot, fully avoiding macros.

Some other threat actors deploying Emotet, IcedID and Ursnif have been observed using older methods with macros, probably because the success rate on unpatched enterprise legacy systems is still high.

How to protect your business from these cybersecurity threats

The threat landscape evolves to suit cybercriminals’ needs, and your security team needs to ensure its mitigation strategies are keeping up with the trends. Here are some tips for securing your business from these cyberthreats. In addition, all operating systems and software must be up to date and patched to avoid being compromised by common vulnerabilities.

Ransomware

Access control mechanisms should be carefully reviewed in all corporate environments, and data segmentation should be applied for storing sensitive data because ransomware threat actors are increasingly trying to steal sensitive data rather than encrypt it.

Network devices

Network devices must be up to date and patched. Default passwords, if any, must be changed to strong passwords. All of the devices’ configuration files should be carefully analyzed and tuned to avoid any malicious exploitation. When possible, multifactor authentication must be deployed on those devices. Also, inbound and outbound communications from the devices should be monitored to detect malicious communication.

Commodity loaders

The main families of commodity loaders have dropped their banking trojan capabilities to be lighter and stealthier, even without using macros — often to facilitate ransomware operations. Organizations should educate their employees to handle more file types with caution, such as PDF files or ZIP archives that might contain malicious files.

Disclosure: I work for Trend Micro, but the views expressed in this article are mine.

We released our annual Purpose Report, which reflects and celebrates the past year’s work towards Powering an Inclusive Future for All—the progress we’ve made against our goals, and the people and lives we’ve touched. The report explores the theme, The Power of Purpose, because we recognize that when we intersect our business, technology, and a network of partners together with our purpose, we create a powerful force for lasting change. And we have some incredible examples from this year, including the announcement that we achieved our goal of positively impacting 1 billion lives, and did so over a year early!

For many years, the purpose of our Purpose Report has been to look back. But we must also look ahead.

Any company looking to successfully execute their business strategy must consider the changing terrain, identify upcoming challenges and trends, and anticipate how to best meet evolving requirements. The same is true for purpose. This year’s Purpose Report begins to explore the landscape, and where we see opportunities for Purpose to grow.

Our biggest challenges are interconnected and interdependent

The past several years brought us all unprecedented challenges, and a world more prone to polarization than before. But instead of binary questions and issues, a more multipolar world has emerged, requiring us to operate with more nuance and greater context than ever. In this context one thing is clear—we are more interconnected and interdependent than ever.

Our lives and futures are linked by our shared dependence on our planet and its environments. We have a global responsibility to solve the climate crisis together. We see the growth of an increasingly digital and global economy, keeping us connected through ecosystems of financial interdependence. And as we learned in the exact pandemic, our collective health is also inextricably linked.

Global crises also continue to grow increasingly interconnected­­––and the consequences disproportionately fall on vulnerable communities. Developing nations who often contribute the least to climate change bear the brunt of its impact. And due to a lack of infrastructure and technological advancement, they are often the least equipped to respond to natural disasters. While the digital economy continues to grow, 2.6 billion people remain unconnected, denying them access to the opportunities and resources available. The consequences of each crisis exacerbate others­­—access to education is disrupted, progress for women and girls is set back, and extreme poverty rates rise.

Pursuing our Purpose can and must be the glue that brings us together to meet this moment and address these complex, interconnected issues. The question we must continue to ask as we look ahead is, how?

This year’s report reflects on how—how we achieved our goal of positively impacting 1 billion lives, how the private sector can work in new ways to address critical issues facing our societies, and how we can apply lessons from the past to build resilience in our communities for the future.

Where do we go from here?

There is no doubt that the path forward for business in a multipolar world isn’t entirely clear. There is significant work ahead to address risks in supply chains and manufacturing, and complex questions on how to best navigate a shifting geopolitical terrain. But should these challenges and uncertainties also apply to Purpose?

I don’t think so. In fact, in this moment when many are shying away from a global mindset and approach, our Purpose work proceeds by pursuing what is most meaningful, regardless if that is at the local or global level. Purpose can flex. It operates in a lane that is valued around the world, giving all of us who do this work the space to create and iterate, to sway and pivot, and find our rhythm. And when we do, pursuing our Purpose holds the door open for economic initiatives.

As we close the year in which we reached a goal of positively impacting one billion people, I’m looking ahead and considering the next goal we’ll set for ourselves. We are stronger with our partners by our side—an ecosystem focused on driving impact. We’ll continue to do this if we integrate the lessons of the past and take a new approach in the days and years ahead. I hope you’ll join us on this journey and read about our impact this year, and my reflections on what’s next, in our FY23 Purpose Report. Together, we can do good for our communities, good for our businesses, and good for all.

Read the full Cisco FY23 Purpose Report

View original content here.

Earning specialized certifications is a surefire way to advance your career in the IT field, regardless of industry or current career level. The right certification validates your skills and knowledge, which makes you more desirable to future employers who want to attract and retain the best employees. Below, we’ll explore the top IT certifications and share how to examine your goals to choose the right path forward. 

The exploitation of a vulnerability in Progress Software’s MOVEit file transfer application was one of the biggest cybersecurity news headlines of the year.

However, according to Cisco Systems, the most targeted vulnerabilities this year — as in previous years — were older security flaws in common applications.

That again underscores the preference of threat actors to target unpatched systems that can cause major disruptions, Cisco’s Talos threat intelligence division said in its annual Year in Review report.

In many cases, the vulnerabilities were more than 10 years old, giving users lots of time for them to have been patched. In fact, four of the top five most targeted vulnerabilities were also cited by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as being frequently exploited in prior years.

The top 10 targeted vulnerabilities were

–CVE-2017-01999, found in Microsoft Office and WordPad;
–CVE-2017-11882, found in Microsoft Exchange server;
–CVE-2020-1472, found in Microsoft Windows’ Netlogon utility;
–CVE-2012-1461, found in the Gzip file parser utility;
–CVE-2012-0158, found in Microsoft Office;
–CVE-2010-1907, found in Apple’s Safari browser;
–CVE-2021-1675, found in Windows’ print spooler;
–CVE-2015-0507, found in Oracle’s Java SE;
–CVE-2015-2426, found in Windows’ font driver.

Most of the vulnerabilities would cause substantial impact if exploited, the report notes, with seven receiving the highest “critical” score from the Common Vulnerability Scoring System (CVSS).

Ransomware continued to threaten enterprises globally in 2023, the report notes, with LockBit remaining the top threat in this space for the second year in a row. Healthcare was the top targeted industry this year, as adversaries maintained their focus on entities that have cybersecurity funding constraints and low downtime tolerance.

However, some ransomware groups such as Clop/Cl0p — behind the MOVEit exploits — deployed a collection of zero-day exploits, behavior usually associated with advanced persistent threat (APT) activity, the report says. A new trend of ransomware actors turning to pure extortion, skipping encryption altogether while threatening to leak sensitive data, also emerged.

At the same time, the report adds, leaked ransomware source code allowed low-skilled actors to enter the market.

One other point the report notes: The use of valid accounts was consistently a top weakness in Talos incident response engagements.