Cisco Blogs


Cisco Blog > Security

Summary: IoT Holds Great Promise – But Ensuring Its Security Takes Strong Leadership and Teamwork!

Despite the many benefits of IoT, the billions of connected sensors, devices, and other smart objects it comprises will also dramatically increase the diversity of threats we will face. As a result, ensuring that we can reap the overwhelming benefits of IoT without undermining security will take strong leadership and a great deal of teamwork throughout the industry. That’s why I’m proud that Chris Young, Senior Vice President, Cisco Security Group, recently made the list as one of the top 100 thought leaders for IoT!

Read the full blog post to learn more.

Tags: , , , , , , , , ,

On Cisco.com password changes

Last week I published a brief blog about the OpenSSL heartbeat extension vulnerability, also known as the Heartbleed bug.

One commenter asked, “What about the Cisco.com website? Is it safe to change our passwords on the site?” We received a handful of similar questions from customers today, so I would like to offer our formal advice.

The Cisco Security Incident Response Team (CSIRT) has not found any Cisco.com infrastructure that was vulnerable to the Heartbleed vulnerability. There is also no evidence to suggest a compromise of Cisco.com user accounts.

You are safe to change your password by visiting the Cisco.com profile management page – in fact regular password changes are something we actively recommend.

Regardless of the website you are visiting, use of a strong password and regular password changes are an important part of online safety. If you are looking for more password advice, we recommend the following US-CERT security tip: Choosing and Protecting Passwords.

Tags: , , ,

Not If, but When: The case for Advanced Malware Protection Everywhere

A recent Bloor Research Market Update on Advanced Threat Protection reminds us of something that many security vendors have long been loath to acknowledge: traditional, point-in-time technologies, like anti-virus or sandboxes, are not entirely effective when defending against complex, sophisticated attacks.

This is due to something we have said before and we will say again: malware is “the weapon of choice” for malicious actors. We know blended threats introduce malware. Our 2014 Annual Security Report notes that every Fortune 500 company that was spoken to for the report had traffic going to websites that host malware. Bloor tells us all, once again, that attack methods are becoming more complex.

To put it plainly, when it comes to networks being breached, it is not a case of if, but when.

Read More »

Tags: , , , , , , , ,

Making Your Metrics Program Effective Beyond Just Charts and Numbers

Editor’s Note: This is the third part of a four-part series featuring an in-depth overview of Infosec’s (Information Security) Unified Security Metrics Program (USM). In this installment, we discuss the effectiveness of the USM program at Cisco.

Information security is all about risk reduction, and risks are notoriously difficult to measure – ask any insurance salesman or actuary. So how do we handle this conundrum for a security metrics program that hasn’t even reached its second anniversary yet?

Peter Drucker, noted business management author, once said, “Efficiency is doing the thing right. Effectiveness is doing the right thing.” Even at this early stage of the USM program, we can see four clear indicators demonstrating we’re doing the right things to improve Cisco’s security posture across the IT organization and Cisco. They include the creation of newly defined partnerships, leveraging existing IT risk management frameworks, developing well-defined feedback mechanisms, and gaining increased support and visibility at the CIO level.

Read More »

Tags: , , , , ,

Cisco Live 2014 San Francisco: Security Technology Track

Cisco Live, May 18-24, 2014, is quickly approaching and registration is open. This is the 25th anniversary of Cisco Live and we return to the Bay Area at San Francisco’s Moscone Center. Educational sessions are organized into technology tracks to make it easy to find the topics that most interest you. With network and data security being top of mind, I’d like to highlight the Security technology track’s exciting content lineup. Read More »

Tags: , , , , , , , , , , , , , , , , , ,