Our 2015 Midyear Security Report (MSR) is out this week, and it’s been a bumpy year when you consider the innovative, resilient, and evasive nature of the global cyber attacks we’ve seen in recent months. Our team continues to see adversaries who rapidly refine their ability to develop and deploy malware that evades detection. It is sobering to note that our MSR confirms that the security industry is just not keeping pace with the attackers.
The MSR is our follow-up to the Cisco Annual Security Report (ASR), which we publish in January. The 2015 MSR updates you on what we’ve seen in the first half of 2015, with analysis and insights about the latest attack trends and advice on what to do about them.
Some of the top troubling trends in this year’s six-month update include: Read More »
This week, Cisco provided comments on the Department of Commerce’s Bureau of Industry and Security (BIS) proposed cybersecurity regulations. These comments reflect the realities of how Cisco looks to protect both our customers and our products. They also emphasize the critical role that security researches, access to tools, and qualified talent have in cybersecurity.
Cisco has hundreds of dedicated security engineers and researchers throughout the company and around the globe, who use the latest and greatest tools and techniques to test our technology. We proactively attempt to break into our own products, our own services, and our own networks, in order to close identified weaknesses and vulnerabilities as soon as possible and to develop better protections against attack. Many of these same people are responsible for investigating reported vulnerabilities or compromises of our products and running these reports to ground with absolute certainty. In doing this, we have resolved countless bugs and vulnerabilities and continue to improve the security of our products with what we learn. Along the way we have discovered many interesting and creative adversaries and certainly learned that there are some very resourceful people out there. Read More »
In this environment of advanced threats along every point of the value chain, I’d like to talk about what it means for you, our customers and partners, to have supply chain security throughout the product lifecycle.
I’ve just finished a short video on this topic. I’d love to hear your feedback, insights and suggestions on securing the product supply chain.
Not long ago I was asked to attend a quarterly Board meeting of one of my healthcare clients and to present the recommendations of a Strategic Security Roadmap (SSR) exercise that my team and I had conducted for the organization. The meeting commenced sharply at 6am one weekday morning and I was allocated the last ten minutes to explain our recommendations and proposed structure for a revised Cybersecurity Management Program (CMP).
The client Director of Security and I waited patiently outside the Board Room while other board business was conducted inside. As is the case with many organizations, information security was not really taken seriously there, and the security team reported into IT way down the food chain, with no direct representation in the C Suite. The organization’s CMP had evolved over the years from anti-virus, patching and firewall management into other domains of the ISO27002 framework but was not complete or taken seriously by those at the top. Attempts at building out a holistic security program over the years had met with funding and staff resource constraints and Directors of Security had come and gone with nothing really changing. Read More »
I recently had the opportunity to sit down with Roland Cloutier, Global Chief Security Officer at ADP and former CISO at EMC, to discuss how they integrate and leverage threat intelligence into their security operations centers as well as their greater security technology infrastructure. It’s pretty rare for the CISO of a F500 company to discuss what technologies they use in such an open way, but it was really a testament to the trust they have for the solutions they have chosen. To hear Roland discuss it himself, watch the video at the end of this post or read the case study.
ADP had created a much more proactive, and dare I say “predictive” security program than most. They are consuming threat intelligence from numerous sources including AMP Threat Grid to create what Roland dubbed ‘intelligence-led decision making.’ How is this different from today? Most security organizations, whether it’s analysts in the Security Operations Center (SOC) or the <<other group>> tend to be in a very reactive mode. They see an alert pop up on screen and start to scramble. It’s tough to get ahead of the game when the technology you’ve invested in is merely a reactive one. Roland and his team have spent the time to develop and execute on a strategy that has flipped this model and puts them in a very proactive situation. So how have they done this? A few key elements: Read More »