Editor’s Note: This is the first part of a four-part series featuring an in-depth overview of Infosec’s (Information Security) Unified Security Metrics Program. In this first installment, we discuss the value of security metrics at Cisco.
What does the film Moneyball have in common with security metrics? Turns out—plenty. In Moneyball, the storyline focuses on the Oakland A’s baseball team’s quest to assemble and field a competitive team. Fiscally constrained, their general manager uses a new approach towards scouting, analyzing and securing players through the use of metrics.
The general manager’s hypothesis was that player performance statistics, such as stolen bases and runs batted in (RBIs) focus on speed and contact. But other metrics, such as on-base percentage and slugging percentage have a greater influence on the team’s main goal—scoring runs and winning games.
Skeptics scoffed at the data’s reliability as a consistent performance indicator but, much to everyone’s surprise, the data held its own and the A’s became a viable competitor. By keeping their eyes squarely focused on the real problem—protecting and safeguarding their franchise’s future—the A’s used simple, meaningful metrics to manage risk, guide their operating and decision-making practices, and strengthen their brand. Read More »
Tags: infosec, metrics, security
I recently contributed a chapter titled “Advanced Technologies/Tactics Techniques, Procedures (TTPs): Closing the Attack Window, and Thresholds for Reporting and Containment” that was published in an anthology Best Practices in Computer Network Defense: Incident Detection and Response, published by the IOS press. In the chapter, I recommend a number of TTPs that can move the cybersecurity balance of power away from adversaries to infrastructure defenders. Acting on the TTPs I propose—including focusing hard work and clear thinking on network security basics—will pay maximum dividends for the cybersecurity defender.
The book’s publishers have graciously granted me permission to reproduce the chapter on the Cisco website, and you are welcome to read it here. Please take a moment to read it and let me know what you think in the form of comments on this blog post.
Thanks in advance for your thoughts and reasonably well considered opinions!
Tags: best practices, network security, security, TTPs
Is the combination of cloud computing and mobility a perfect storm of security threats?
Actually, yes. And you should prepare for them as if there is a storm coming.
As businesses become increasingly mobile, so does sensitive data. In fact, in a recent survey conducted by ESG,
31% of security professionals say that the biggest risk associated with cloud infrastructure services is, “privacy concerns associated with sensitive and/or regulated data stored and/or processed by a cloud infrastructure provider.”
With cloud-based services, it is key to have visibility into applications and provide consistent experience across devices accessing the web and cloud applications. More users are leaving the standard PC behind and engaging cloud applications through a mobile device, making application-layer security and user access security critical. Smartphones and tablets are able to connect to applications running anywhere, including public, private and hybrid cloud applications, opening your data to potential attacks. Security professionals need assurances that their cloud security provider will appropriately secure customer data while ensuring availability and uptime.
The conversation is no longer if you’ll be attacked, but when. And will you be prepared?
Read the full article: Data Security Through the Cloud
Tags: CIO, cisco annual security report, Cisco Security, Cisco Security Grand Challenge, CiscoCloud, cloud, cloud security, data security, ESG, Internet of Everything, IoE, ITaaS, security
Last week at RSA 2014, Chris Young and I joined a Live Social Broadcast from the Cisco Booth to discuss our announcements of Open Source Application Detection and Control and Advanced Malware Protection, as well as to answer questions from you, our partners and customers, about the trends, the challenges, the opportunities we’ve seen in the security industry this year.
Below is a link to view the recording of the broadcast. If you have any questions that didn’t get answered, please leave them in the comments, and Chris or I will get back to you.
Tags: malware, open source, RSA 2014, security
January 2014 started with a bang, with one in every 191 web requests resulting in a web malware encounter. The Cisco Computer Security Incident Response Team (CSIRT) observed this same trend, witnessing a 200% increase in web malware encounters experienced by Cisco employees for the month. Overall, January 1, 25, and 26 were the highest risk days for encountering web delivered malware. In the chart below, the lower the number, the higher the risk of encounters. Still, with a median encounter rate of 1:375 requests, every day of January 2014 represented significant risk for web browsing.
Read More »
Tags: 2014 annual security report, CSIRT, malware, Threat Metrics 2014, TRAC