Cisco Blogs


Cisco Blog > Security

Where the Rubber Meets the Road: The Security Control Framework

When Cisco introduced the Cisco SecureX Architecture at the 2011 RSA Conference in San Francisco, it aimed to provide network security practitioners the following benefits of a security architecture:

  • Contextual awareness
  • Comprehensive visibility
  • Scalable control
  • Dynamic adaptability to new threats
  • Data and application protection

What exactly does this mean? What does it do? How is it implemented? Which products are needed to achieve the benefits of a Cisco SecureX Architecture?

These are just some of the questions we hear when consulting with people tasked with the protection of an organization’s information and providing appropriate security controls around current and/or new business initiatives.

Around business initiatives, joint research conducted by IBM developerWorks and the IBM Center for Applied Insights has reported four information technologies (mobile technology, business analytics, cloud computing, and social business) that are rapidly reshaping how enterprises operate. This joint research has been published in the 2012 IBM Tech Trends report and security has been identified as a threat to innovation and a top barrier to adopting business-critical technology.

“Mobile technology, business analytics, cloud computing, and social business are rewriting strategic playbooks across industries. In these spaces, new business possibilities are emerging faster than many organizations can act on them, with significant IT skill shortages and security concerns threatening progress. Yet, some companies are equipped to innovate at the front edges of these fast-moving technology trends and drive strategic advantages for their organizations.” -- 2012 IBM Tech Trends pdf

With that introduction of how security relates to business innovation, the aim of this blog post is to raise awareness that the Cisco SecureX architecture is beyond marketing and that in the background, Cisco and our partners are developing products, technology, services, and learning curricula—to help practitioners deploy cyber security architectures using models such as the Cisco Security Control Framework—so that a security architectural blueprint can be in place to allow organizations to have the confidence and agility to accelerate business transformation.

Read More »

Tags: , ,

What Will 2013 Bring for Your Data Center Security?

With the end of the year fast approaching and the 31st Annual Gartner Data Center Conference in Las Vegas this week, this post is dedicated to a quick reflection on emerging data center trends and their impact on security.

The global technology analyst firm Ovum[1] expects the market to become further focused on cost-savings and efficient internal IT delivery methods with broader virtualization, cloud and the use of converged infrastructure systems in 2013.  This closely mirrors the agenda for the Gartner Data Center Conference where the agenda shows focus on trends such as IT Operational Excellence, Optimal Cloud Strategies and Delivering Greater Business Value.

Read More »

Tags: , , , , , ,

Cisco Presenting at BayThreat 2012 in Sunnyvale, CA

BayThreat 2012, the third annual information security conference in the South Bay of San Francisco, will be held December 7–8 at The Firehouse Brewery in downtown Sunnyvale, Calif. This technical conference is well attended by security professionals from the top technology companies in the South Bay.  Randy Ivener and Joe Karpenko, security specialists from Cisco Systems, will present “Network Threat Defense”at 10 a.m. Saturday at the conference.

Botnets, worms, and denial of service (DoS) attacks increasingly threaten the availability of every network, yet few network engineers realize the security benefits of leveraging network infrastructure to handle these attacks. “Network Threat Defense” will address how to build a more secure infrastructure and how to leverage inherent network features, such as NetFlow, to provide a full range of attack handling mechanisms. During the presentation, Ivener and Karpenko will briefly cover the following fundamental network security topics:

  • State of network security
  • Threat models for IP networks
  • Incident response
  • Secure network design
  • Device hardening
  • Introduction to NetFlow

Read More »

Tags: , , ,

Cyber Security Survival for the Holidays

A couple of days ago, I participated in a Social Video Broadcast about cyber security survival tips for the holiday season. Some of my advice is familiar. Use stronger passwords, apply the “smell test” to too-good-to-be-true on-line offers, read the manual—especially the parts about account set up and security—when turning on a new device. Others are a little less well known. I keep a separate credit card account with a low spending limit for on-line purchases. Ask your Sys Admins if it is OK to connect a new “BYOD” device to an enterprise network when you return to work in January.

But the most important advice I offer is to slow down and think before doing anything that might subject you to cyber mayhem. Technology, and the Internet in particular, has programmed us to rush through life. But the best way to make it into to the Cyber Security Victims Hall of Regret is to lose your sense of situational awareness by clicking on anything that moves. This needn’t lead to paralyzing indecision. But taking a moment to ask: “Is this for real? Is this wise? Why does that look funny?” will spare you from a lot of harm in the holiday season.

You can watch a replay of the broadcast here: http://newsroom.cisco.com/feature-content?type=webcontent&articleId=1104963

Tags: , , , , , ,

Cisco and the Association of Retail Technology Standards (ARTS)

Fellow Technologists,

Why are standards so important in Information Technology?  Standards enable interoperability between complex systems.  Many enterprises look to products that use these standards for easy integration between their existing and new systems, as well as lowering design, development, and production costs.  Further, standards allow innovation, enabling new solutions that solve business problems.

Cisco has been a member of the Association of Retail Technology Standards (ARTS) since 2006 and has contributed to many white papers and standards over the years, including Cloud, SOA, Mobile, and Social Blueprints.  Many of the standards created by ARTS focus on the messaging syntax used between systems that enable products from a diverse set of vendors to interoperate and communicate with one another—complexity made simple.

ARTS is the IT standards division of the National Retail Federation (NRF), and is comprised of over 200 international vendors and retailers dedicated to reducing the costs of technology through standards. Since 1993, ARTS has been delivering application standards exclusively to the retail industry. ARTS has four disciplines: the Standard Relational Data Model, Unified POS, XML, and Standard RFPs. The National Retail Federation (NRF) will be having its next Big Show in January at the Jacob K. Javits Convention Center in New York City.  ARTS is targeting to release several new publications at this show and Cisco will be there sharing our latest solutions developed with our technology partners. Read More »

Tags: , , , , ,