As a business or technical leader, you know you need to protect your company in a rapidly evolving mobile ecosystem. However, threats are not always obvious. As malware and attacks become more sophisticated over time, business decision makers must work with technical decision makers to navigate security threats in a mobile world.
This blog series, authored by Kathy Trahan, will explore the topic of enterprise mobility security from a situational level and provide insight into what leaders can do now to mitigate risk. To read the first post focused on securing device freedom, click here. – Bret Hartman, Chief Technology Officer (CTO) for Cisco’s Security Technology Group
Imagine two of your executives are using a SaaS platform while working off an unsecure hotel Wi-Fi network nearby. Did you know that SaaS and B2B applications are 15 times more likely than pornography to deliver malicious content across a network?
The threats against a remote connection are unfortunately very real and using an unprotected network to access company assets (whether on-premise or in the cloud) can have serious consequences.
As the growth of mobility and cloud blur the lines of our personal and business lives, the “mobile cloud” has drawn users (consumer or employee) to its convenience. According to a recent Gallup poll, nearly 80% of workers had positive feelings for using their own computers and mobile devices to stay connected to work outside of normal business hours.
For IT, the mobile cloud offers huge management efficiencies. Recent Cisco mobility research confirms that mobility strategies are converging with cloud strategies. However, it also forces IT and business leaders to find a happy medium between encouraging corporate productivity and addressing a new wave of security concerns. From the same research, nearly half of the organizational leaders surveyed say security risks can prevent them from moving forward with mobility initiatives.
Despite these risks, It is hard to dispute that off premise access provides significant productivity gains especially as organizations see mobility as a competitive edge to embrace.
As more mobile users enter the market, (over half a billion devices were added just last year) and the number of remote workers becomes more ubiquitous, the expectation is that networks and access should be the same, regardless of location.
Read More »
Tags: Cisco, future of mobility, mobile security, mobility, security
Noted business management author Peter Drucker famously said, “What’s measured is improved.” When applied to the world of security, meaningful security metrics can literally transform an organization and solve real business problems. At Cisco, Unified Security Metrics (USM) combines multiple sources of data to create higher-value actionable business metrics and decision-making capabilities to protect the company’s data, business processes, operational integrity, and brand from security threats.
Hessel Heerebout, Program Manager for Cisco’s award-winning USM program, will give an overview entitled “Cisco Unified Security Metrics: Measuring Your Organization’s Security Health” (Session ID #SEC-W05) at RSA Singapore on July 23. Read More »
Tags: information security, metrics, security, Unified Security Metrics, unified security metrics program
Phishing attacks use social engineering in an attempt to lure victims to fake websites. The websites could allow the attacker to retrieve sensitive or private information such as usernames, passwords, and credit card details. Attacks of this kind have been around since 1995, evolving in sophistication in order to increase their success rate. Up until now, phishing attacks were generally viewed as isolated events that were dealt with on a case-by-case basis. The dawn of big data analysis in computer security allows us to store data indefinitely and watch the changes and growth of attacks over long periods of time. In 2012, we began tracking a sophisticated phishing campaign that is still going strong.
Google, one of the largest players in the cloud business, offers dozens of free cloud services: Google Email, Google Drive, Google Docs, Google Analytics, YouTube, etc. To enable easy access across all of these properties, Google built what they call, “One account. All of Google.” Read More »
Tags: anti-spam, Google, identity theft, phishing, scam, spam, spear phishing, threat intelligence, TRAC, TRAC Big Data Analysis
As a business or technical leader, you know you need to protect your company in a rapidly evolving mobile ecosystem.
However, threats are not always obvious. As malware and attacks become more sophisticated over time, business decision makers must work with technical decision makers to navigate security threats in a mobile world.
I’m excited to introduce a new blog series, authored by Kathy Trahan, which will explore the topic of enterprise mobility security from a situational level and provide insight into what leaders can do now to mitigate risk.
This first post will discuss the security concerns presented by the rapid-fire growth of BYOD (Bring Your Own Device) and how implementing specific policies can help organizations reap the benefits of true mobility now and in the future.
Senior Security Solutions Marketing Manager
With the increasing amount of tablets, wearables, and other connected “things” in the workplace, it’s no wonder that the BYOD trend is causing a dynamic shift in security policies and protocol.
This heightened focus on security only increases when the security threat evolution shows that attackers seem to stay one step ahead of the security measures in place to stop them. And while the BYOD movement does present special challenges to ensuring data security, it also affords BDMs and TDMs an opportunity to collaborate and come up with security solutions that balance the need to secure company assets while still allowing employees to conduct business on devices that are familiar and comfortable to them.
As enterprises look for ways to improve productivity, efficiency, and flexibility for their workforces, mobility has become a key factor. A Gartner survey predicts that by 2017, half of employers will require their employees to provide their own devices for work purposes. And as use of and reliance on mobility increase, so does the need for security policies that allow employees to function in a work world that extends beyond their cubicle and office walls.
Read More »
Tags: Cisco, device, future of mobility, mobility, navigating security, security, Security Threats
In my final post in this series, I wanted to focus on another powerful innovation made possible by combining a big data architecture and a continuous approach for more effective protection: automated, advanced analytics.
Today’s advanced malware compromises environments from an array of attack vectors, takes endless form factors, launches attacks over time, and can obfuscate the exfiltration of data. To detect advanced attacks as they move laterally through the network and across endpoints, defenders need technologies that automatically look for Indicators of Compromise (IoCs) left behind by malware and exploits, as well as more advanced behaviors of compromise that happen over time. Read More »
Tags: AMP, automated advanced analytics, indicators of compromise, security