Cisco Blogs


Cisco Blog > Security

Have You Architected Your Data Center Survival Strategy for A Dystopic Cyber Landscape?

Drawing from a recent read of “Case 1: The Seeds of Dysptopia” in the World Economic Forum 2012 Global Risks 2012 Seventh Edition, it’s now more than apparent than ever that the impact of crime and terrorism in the digital world is fast mirroring that of a physical world.  We’re living in an era where attempts to build a more secure world may have unintentionally gone astray  as evidenced in Ellen Messmer’s Worst Security Snafus of 2012  where such consequences were clearly not imagined or intended by security vendors and businesses alike.   We’re indeed dealing with the opposite of Utopia.

Our digital reality can be very fragile when one considers that how heavily we rely on mobile devices and cloud applications not only to conduct business but also in our personal lives.  And the data that is transmitted via these devices and to various cloud applications is increasingly a target for scammers, thieves and hactivists.

And, it’s not only government entities, critical infrastructure and key verticals that are the targets of such attacks; in today’s climate every organization is a prime target.  Take the very recent case of an Australian healthcare organization that is being held to ransom by hackers to the tune of AU$4,000 who recently hacked into their database and encrypted the data – it seems an extraordinary scenario for a small organization to be facing.   Not only has their data been compromised but it has been rendered inaccessible as the organization now has to find a way to decrypt that data, which is proving to be rather challenging.

So what should organizations do to shore up their defenses?  Start by treating data as the key asset to be protected versus fortifying your infrastructure.  In today’s world data takes on increased significance --  bank account statements, personal information, credit card numbers, trade secrets, government documents. Every one has data  they  need to ensure tight control off and aligning security controls to the  CIA (Confidentiality, Integrity and Availability ) triad can help ensure the right measures are taken.

When we talk about confidentiality of information, it’s about about protecting  information from disclosure to unauthorized parties. In addition to measures like encryption, look to beef up  access controls  by feeding security decisions and intelligence across various enforcement points in the network rather than only at a single choke point in the data stream. Integrity of information refers to protecting information from being modified by unauthorized parties. Leverage global correlation and threat intelligence with reputation-based feeds to protect against new threat vectors and emerging malware. Availability of information  means ensuring that authorized parties are able to access the information when needed. Think of the network as a data enforcement layer and link that to a strategy that identifies users based on contextual attributes (where, when, how and business need to know) when accessing critical of confidential information assets.  So, what I have outlined is a starting point towards moving one step at a time towards a Utopian Digital Future. What are your strategies?  We’d love to hear from you.

Tags: , ,

Let’s Hack Some Cisco Gear at SecCon!

December 18, 2012 at 8:54 am PST

Cisco SecCon 2012 brought together hundreds of engineers, live and virtually, from Cisco offices around the globe with one common goal: to share their knowledge and learn best practices about how to increase the overall security posture of Cisco products.

It is amazing to see how many definitions the word “hack” has out on the Internet. Just look at Wikipedia: http://en.wikipedia.org/wiki/Hack. In short, the word “hack” does not always mean a “bad” or “malicious” action.

I’ve had the opportunity and honor to present at SecCon several times, 2012 being my fourth year. My session this year was titled “Cisco PSIRT Vulnerability Analysis: What Has Changed Since Last SecCon”. As you probably already know (or might have guessed), I’m part of Cisco’s Product Security Incident Response Team (PSIRT). During my talk I went over an analysis of the vulnerabilities that were discovered, driven to resolution, and disclosed during this past year, as well as lessons learned from them. I also highlighted several key accomplishments Cisco has achieved during the last few years. For example, Cisco now has the ability to correlate and patch third-party software vulnerabilities. Additionally, we have grown Cisco’s Secure Development Lifecycle (CSDL) into a robust, repeatable and measurable process. As Graham Holmes mentioned in a recent blog post:

Our development processes leverage product security baseline requirements, threat modeling in design or static analysis and fuzzing in validation, and registration of third-party software to better address vulnerabilities when they are disclosed. In the innermost layer of our products, security is built-in to devices in both silicon and software. The use of runtime assurance and protection capabilities such as Address Space Layout Randomization (ASLR), Object Size Checking, and execution space protections coupled with secure boot, image signing, and common crypto modules are leading to even more resilient products in an increasingly threatening environment. Read More »

Tags: , , , , , , , ,

Cisco Wraps Up 5th Annual SecCon Conference

Having recently wrapped up the 5th Annual Cisco SecCon Conference, I’d like to take this opportunity to share with you what Cisco SecCon is and the benefits to our products and you, our customers. With that, let’s start with a brief overview!

What is Cisco SecCon?

SecCon is a security conference for Cisco engineers that focuses on two critical elements for a healthy corporate Security intelligence: 1) expansion of knowledge for all and 2) building a sense of community. We allocate two days for intensive hands-on security training, and then we provide two general session days to discuss a variety of security topics including:

  • Cisco Secure Development Lifecycle
  • Best practices for security test suites
  • Cutting-edge cryptography
  • Implementation challenges
  • Current threat landscape
  • Vulnerability trends

Read More »

Tags: , , , , , ,

Bringing Up the Social Media Baby

According to a Nielsen study, social media is no longer in its infancy.  No kidding.

During the November military confrontation between Israel and Hamas, social media played a very grown-up role.  What distinguished it from past politically-charged social media exchanges was the participation of state and pseudo-state spokespersons.  Official announcements were issued by the Israeli Defense Forces (IDF) and Hamas’ Al-Qassam Brigade via Twitter and Facebook in near real-time.

  • The IDF announced the initiation of the military campaign via Twitter, and tweeted in caps that it had “ELIMINATED” Hamas military commander Ahmed Jabari in an airstrike.
  • The Brigade responded with threats of retaliation; both sides posted minute-by-minute updates as the fighting unfolded.

The evolution of social media into an official communications venue should come as no surprise.  It follows a time-honored pattern of disruptive ideas and technologies gaining acceptability as they move into the mainstream.  The Nielsen Social Media 2012 study tells us that 30 percent of individuals’ mobile device time is spent accessing social media.  That qualifies as mainstream.

Read More »

Tags: , , , , , , , , ,

Network Attacks: The Who, What, Where and Why

As security practitioners, we generally see three types of perpetrators with different motives:

  • Financial
  • Political
  • General trouble-making

Each of these attackers can display various levels of organizational structure:

  • Individual
  • Well-organized, persistent group
  • Ad-hoc groups pursuing a common purpose

Each one of these subsets has their own techniques and goals, but unfortunately, can strike anywhere at anytime.

As different attack types come in and out of vogue, we are closely watching all of these perpetrators and their preferred methods of attack to better understand how to recognize and counteract them.

In the video linked here, I discuss some of the latest threat trends, and how businesses and individuals can prepare and protect themselves.

Tags: , , ,