An often overused yarn of our day is that “we live in an increasingly more connected world.” While overused, I can’t think of any better way to describe what Cisco is doing in our security ecosystem with Cisco Platform Exchange Grid (pxGrid). And it has been quite an active first year since release of pxGrid for use in customer deployments, from building an ecosystem of 30 partners to work in multiple security standards groups in the IETF.
Cisco pxGrid is an information grid that security and other IT platforms can integrate with to share relevant contextual information with any other platform connected to it. Cisco platforms can exchange information with Cisco platforms. Partners can exchange information with Cisco platforms. Partners can exchange information with other partners. It is one of the main methods used by technology partners to create use-case focused product integrations within the Cisco Security Technical Alliance Ecosystem Program.
Read More »
Tags: Check Point, ietf, InfoBlox, LogRythm, pxGrid
In a recent post, “Evolution of attacks on Cisco IOS devices”, we discussed how threats against network devices have evolved. There was no evidence that a remote attack vector or vulnerability in Cisco IOS was related to these attacks. This reinforces the value of creating more hardened and resilient systems.
The strategy for creating more secure technology has an unending goal, yet it’s a journey worth sharing.
Much has been written about and shared on our secure development lifecycle and our efforts to ensure security in the supply chain. However, there are two lesser-known initiatives that have had significant impact on Cisco product security: 1) the use of Common Security Modules and 2) sophisticated attack-focused penetration testing.
Read More »
According to the Centers for Disease Control and Prevention (CDC), “If you’re ready for a zombie apocalypse, then you’re ready for any emergency.” While events haven’t yet risen to the level of “zombie apocalypse”, computer attackers are continuing to use their voodoo to zombify Internet domains, and repurpose them for their own heinous crimes.
Image from the CDC’s Zombie Apocalypse preparedness site
Read More >>
Those of us who work in security operations are well accustomed to blind spots. Depending on the size of the network, our security technologies can trigger thousands of security alerts daily. We know from experience that the vast majority of these alerts are false-positives – innocuous activity that behaves a bit funny. But we also know that real threats are hiding in plain sight among the throng, finding safety in numbers. If threats are wolves in sheep’s clothing, false-positives are the sheep masquerading as wolves. How can we know the difference?
We can eliminate a sizable proportion of false-positives with reasonable certainty through investigation, but we struggle to cut this list down to a small number of confirmed threats, and we waste a lot of time chasing wild geese in the process. To hone in on confirmed threats, we need a better sieve for sifting through alerts. Advanced analytics and granular forensic technologies enable overburdened security operations personnel to separate the wheat from the chaff through high-fidelity threat investigation. Using advanced data analytics methodologies enables Cisco Active Threat Analytics investigators to weed out a huge proportion of false-positive alerts with great accuracy, and applying data enrichment and deep packet inspection tools in the threat investigation process equips us to validate confirmed threats quickly. Read More »
Tags: Active Threat Analytics, ATA, full packet capture, pcap, threat detection, threat investigation, threat management
Did you know that October is National Cyber Security Awareness Month? Here at Cisco, we understand how important cybersecurity is in today’s interconnected world. Because the Internet touches an increasingly large part of our lives, it’s necessary to engage and educate the public about how to stay protected. While we highlight the importance of cybersecurity in October, at Cisco we have initiatives and programs in place to make sure the education continues throughout the rest of the year as well.
We start from the inside out, making sure that our own employees are fully educated and trained in the latest in cybersecurity. Our Cisco Security Ninja Program, which challenges participants to reach for higher degrees of competency and proficiency in product security, has been a huge success. Employees can earn four distinct belts– white, green, blue, brown and black – that represent their advancing cybersecurity knowledge. Additionally, we offer a program in conjunction with San Jose State University that enables Cisco employees to earn their Master’s degree in Software Engineering with an emphasis in Cybersecurity. Plus, every year we have an internal conference on security – SecCon – that brings together hundreds of engineers from Cisco offices around the globe to share their knowledge and increase the overall security posture of Cisco products. All of these programs help ensure that our own employees are experts at the latest in cyber protection. Read More »
Tags: CyberAware, cybersecurity, National Cyber Security Awareness Month, NCSAM, security