The security community at Cisco is very diverse. It extends beyond the typical researcher or analyst roles to include customer-facing engineers and marketing, public relations, and legal teams. The community is comprised of individuals with greatly varied backgrounds, skill sets, and charters and contains a wealth of knowledge on just about any topic. This diversity allows Cisco Security Intelligence Operations to understand and react appropriately to today’s threats as well as those that we may face in the future.
If we think about security intelligence—which I define as raw information enhanced through correlation, processing or perspective—having an established variety of inputs is key. Our people are certainly one of those inputs.
The trick, however, is utilizing that diversity in such a way that you can create consistent and predictable outputs that can be easily absorbed and acted on.
More and more, we ask technology to play critical roles in our businesses, and our lives. Pondering that for a moment, that dependance (versus use), requires careful thought on how much we trust that the technology is working as we want it, only as we want it, and nothing more. For many businesses or governments, testing via FIPS or Common Criteria increases that confidence level, combined with detailed operational plans to ensure running the services after they are installed is going correctly. For many technology vendors, innovation and commitment, can help here.
Our commitment at Cisco, and our innovation, for trustworthiness have never been stronger than they are today. Nearly 5 years ago, we started down a road which ultimately led to Cisco’s Secure Development Lifecycle (CSDL), and in our most recent FY12 SEC 10-K, acknowledged that work, our secure supply chain work, and our innovation efforts for Secure Boot and Anti-Tamper. For reference, that 10K, or 2012 Annual Report, is posted here: http://investor.cisco.com/
We foresaw the need for trustworthiness by listening to our customers, and we started early. Early results are in, and we’ve both reduced externally found security flaws, as well as increased the resiliency for multiple products anti-tamper. Have we done it on every product? Not yet, although rest assured, that’s exactly where we are going. I’ll keep you posted.
Following up on our Data Center launch on Sept. 12, there have been significant enhancements to Cisco AnyConnect Secure Mobility Solution, the industry recognized SSL/VPN solution. With a track record of leading the traditional VPN market, Cisco hit market milestones in the past with built-in features to the AnyConnect Secure Mobility Client, such as network access manager that offers administrators the ability to control which network end points are able to connect to and other built-in modules that enable web security either through the on-premises Cisco Web Security Appliance (WSA) or the cloud-based Cisco Cloud Web Security offering.
Now, with AnyConnect Secure Mobility Client 3.1, Cisco continues to help enterprise customers with their business transformation needs (ie-BYOD) securely. As long as ‘consumerization of IT’ continues to gain inroads into the corporate network, IT professionals will seek investments in tools that will help support their attitude change from mandate to choice. Having a mobile DNA has been a significant attribute for Cisco as AnyConnect continues to support one of the broadest OS (desktop and mobile) and browser portfolios in the market today.
We chatted with Waheed Choudhry, President and COO, and Mike Zozaya, Practice Manager of Security, Mobility, and Infrastructure at Nexus to get some insights on what their customers are trying to achieve in the data center and how Cisco Security is helping them get there.
Security automation is a hot topic these days. Most organizations have many systems to patch and configure securely, with numerous versions of software and features enabled. Many security administrators are seeking ways to leverage standards and available tools to reduce the complexity and time necessary to respond to security advisories, assess their devices, and ensure compliance so they can allocate resources to focus on other areas of their network and security infrastructure.
Cisco is committed to protect customers by sharing critical security-related information in different formats.