In August 2014, Cisco published their Midyear Security Report 2014 which covered security intelligence from the first half of 2014. This report noted that the Internet of Things (IoT) may represent a growing attack target in the coming years as more IP-enabled embedded devices connect to networks. This report covered Cisco's "Inside Out" project where they looked at outgoing DNS queries were destined for Dynamic DNS (DDNS) systems. Cisco's recommendation is for organizations to use a system like Infoblox's DNS Firewall to restrict DNS queries destined to malicious systems. This midyear report also confirmed the increase in Java exploits and recommends organizations update to more secure updated Java 8 versions. The report covered the recent NTP packet amplification attacks and showed how attackers can change their tactics rapidly based on effectiveness of the attacks.
Cisco just today released their 2015 Annual Security Report. This year's report covered events occurring in 2014. This ASR noted that there is an ever-widening gap between the capabilities of defenders and attackers. This report also noted the decline in Java exploits. The report also found that many organizations are over-confident about their security posture because there are still many of these same companies who are experiencing breaches. There was also a large percentage of unpatched OpenSSL servers operating showing that many organizations are not patching frequently enough.
Microsoft Security Intelligence Report (SIR)
Microsoft publishes their annual Security Intelligence Report (SIR) that provides information on current threats based on their host operating systems, popular enterprise and consumer applications and cloud-based service perspective on security. Microsoft has been publishing these reports every 6 months since 2006 and they have been the go-to source for information on current security threats. The Microsoft Security Intelligence Report (SIR) Volume 16 covered issues occurring from July 2013 to December 2013. The latest Microsoft Security Intelligence Report, Volume 17, published in November 2014, covers issues from the first half of this year: January through June 2014.
Sign up for CIO Asia eNewsletters.