Security intelligence, threat intelligence, cyber threat intelligence, or “intel” for short is a popular topic these days in the Infosec world. It seems everyone has a feed of “bad” IP addresses and hostnames they want to sell you, or share. This is an encouraging trend in that it indicates the security industry is attempting to work together to defend against known and upcoming threats. Many services like Team Cymru, ShadowServer, ThreatExpert, Clean MX, and Malware Domain List offer lists of known command and control servers, dangerous URIs, or lists of hosts in your ASN that have been checking-in with known malicious hosts. This is essentially outsourced or assisted incident detection. You can leverage these feeds to let you know what problems you already have on your network, and to prepare for future incidents. This can be very helpful, especially for organizations with no computer security incident response teams (CSIRT) or an under-resourced security or IT operations group.
There are also commercial feeds which range anywhere from basic notifications to full-blown managed security solution. Government agencies and industry specific organizations also provide feeds targeted towards specific actors and threats. Many security information and event management systems (SIEMs) offer built-in feed subscriptions available only to their platform. The field of threat intelligence services is an ever-growing one, offering options from open source and free, to commercial and classified. Full disclosure: Cisco is also in the threat intelligence business
However the intent of this article is not to convince you that one feed is better than another, or to help you select the right feed for your organization. There are too many factors to consider, and the primary intention of this post is to make you ask yourself, “I have a threat intelligence feed, now what?” Read More »
Tags: cisco sio, CSIRT, csirt-playbook, cybersecurity, incident response, infosec, operational security, security, security intel
In October, we were delighted to announce the completion of our acquisition of Sourcefire. With Sourcefire on board, Cisco provides one of the industry’s most comprehensive advanced threat protection portfolios, as well as a broad set of enforcement and remediation options that are integrated, pervasive, continuous, and open.
Within three weeks of the acquisition closing, we completed the first deployment into a highly secure data center and we are quite impressed with the results, to say the least! Within the first hour, we began seeing some interesting things from our network. The implementation was already giving us insights into our data center that we never had before!
Read More »
Tags: data center, data correlation, network visibility, security, Sourcefire, threat protection
To read the first part of the Network Matters blog series that discusses how an architectural approach to mobility is essential for the Future of Mobility, click here. To read the second part of the series that focuses on how IT leaders can rely on a network to simplify the process of onboarding new mobile technology, click here. For the third part of this series that discusses how Service Providers can deepen their enterprise customer relationships by addressing pain points and meeting new enterprise mobility challenges, click here.
In the new mobile and cloud era, applications are evolving and changing the role of networking at a rapid pace.
In this final blog post of the Network Matters series, I’ll discuss how mobility is driving an application economy that is enabled by intelligent networks.
Read More »
Tags: application centric infrastructure, Cisco, cloud, future of mobility, mobility, unified communications, wireless
Every year in Scottsdale, Arizona, there’s a unique Information Security conference created by Joyce Brocaglia at ALTA, supported by a who’s who of InfoSec companies like Cisco, RSA, and Symantec, and attended by hundreds of some of the brightest people I’ve ever met. It’s no coincidence that they are all women because this is the Executive Women’s Forum (EWF) and always a highlight of my year.
A special treat for me this year was the presentation by Edna Conway, CISO for Cisco System’s supply chain and, as it turns out, a brilliant and inspiring woman.
A few weeks earlier, after reading that Edna was to be a keynote speaker at the event, I sent her an email just to introduce myself, say “hello,” and let her know that I looked forward to hearing her presentation. Not what I expected, Edna responded with a warm welcome for me to Cisco (yup—I’m a Cisco newbie after almost 30 years with HP!) and said that she was looking forward to getting some help from me on her current focus: securing Cisco’s supply chain. Great! Love to help, let’s keep in touch. However, when she presented to the EWF audience the strategy that she’d already developed and implemented, I was humbled by what an amazingly thorough job she’d done. The other women in the audience recognized the value in her strategy as well, as they lined up to speak with her after her address, and to ask for her help at their own companies. I saw the undeniable admiration in the eyes of these successful women executives—and those aspiring to be successful women executives—and something remarkable occurred to me. Read More »
Tags: Cisco Security, cisco sio, cisco supply chain, CISO, infosec, women in tech
With several key applications moving to the clouds, how do our customers ensure application performance? What if they deploy for instance Public or Private Hosted solutions or hybrid WAN, how do they ensure application experience?
Today, we all see more and more new delivery models such as Private Cloud, Hybrid Cloud or Public Cloud, new Hybrid WAN deployment replacing or complementing MPLS by internet link to reduce cost and enhancing application delivery, Audio and Video applications deployed in enterprise, applications going HTTP or HTTPS making them more complex to detect.
How does the network play a critical role in the application experience that enterprises need to provide today to their users? How can you rely on the network to provide enough agility, flexibility and control with so much new applications, deployment models and delivery methods.
Enterprise today need to be able to rely on the network as well to handle all those new challenges. IT organizations need the ability to identify, monitor applications running on the network, define policies and better control and classify those applications, to provide the best end user experience, and keep up with new request growth but without having to replace all the actual infrastructure. Read More »
Tags: Application Visibility and Control, AVC, Cisco, cloud, enterprise networks, hybrid WAN, IWAN, Megatrends