Cisco Blogs


Cisco Blog > Security

Embracing Security Related User Groups

Security is a tough nut that can’t be cracked by one alone—neither technology nor research, neither corporations nor start-ups, and neither products nor processes. None of these alone can crack the security nut. The most important part of the problem and solution is people! Nothing beats the efforts of few passionate people collaborating for a cause.

Never doubt that a small group of thoughtful, committed, citizens can change the world. Indeed, it is the only thing that ever has.”― Margaret Mead

Users groups began appearing in the mainframe days as a way to share hard earned knowledge and began to proliferate with the microcomputer revolution of the 1970’s and 1980’s. During this time, hobbyists sought to help each other with their homespun wisdom on programming-, configuration-, hardware- and software-related issues. Prior to the penetration of the Internet, these groups gladly provided free technical support and helped users discover the personal computer and aided in the adoption of the PC in a major way.

The emergence and participation of the general public in the use of the Internet and coincidental rise of operating systems like GNU/Linux as well as the open source movement was further intensified by user groups. Such groups found a new place online to discuss these tools via mailing lists, bulletin boards and more. Once run only by researchers and computer geeks, hardware and software was being made popular among the general public through user groups. Read More »

Tags: ,

Cisco Security Disclosure: Help Us Help You!

Wow! We just published our tenth bundle of Cisco IOS Software Security Advisories and what a ride it’s been!! Way back when in the fall of 2008 when we produced our first Cisco IOS Software Security Advisory bundle, we had no idea of the impact that this delivery format would have on us internally and, more importantly, on you – our customers!! The decision to deliver the biannual (on the fourth Wednesday of every March and September) Cisco IOS Software Security Advisory Bundled Publication brought with it many challenges, process changes, and—in the end—a format for Cisco Vulnerability Disclosure that we hope addresses at least some of your concerns. This format was modeled after the scheduled monthly release used by Microsoft for years, known affectionately as “Microsoft Tuesday” and based on requests we heard through discussions with many of our customers.

Read More »

Tags: , , , ,

Making Global Threat Intelligence Locally Actionable

When we talk about using the network to gather threat intelligence on a global basis, the question arises: how does someone apply that intelligence to protecting their local IT infrastructure? The key lies in maintaining a high degree of situational awareness. This begins with understanding what you are trying protect and what might interfere with it. From there, you can distinguish between relevant and irrelevant intelligence, and then act to protect the things that matter from the threats that could harm them. Read More »

Tags: , , ,

Vectoring to a New Mission

A couple of weeks ago, I announced a new name and a new mission for the group I lead at Cisco. I’ll do my best to minimize reader exposure to boring administrative details, but the long and the short of it is that the former Cisco Global Government Solutions Group (GGSG) has become the Cisco Threat Response, Intelligence, and Development (TRIAD) organization.

Any organizational name change is only a label placed on more fundamental transformations in missions, strategies, and desired outcomes. While the new organization will continue to serve government customers, the time has come to mobilize the expertise we have built up over the years to help critical infrastructure and enterprise customers strengthen their abilities to deliver IT-based services and value with minimal disturbance from unauthorized sources.

Vectoring the organization’s mission to threat is the key to understanding what TRIAD is all about. Through our work with Cisco customers, observation and analysis of phenomena visible in Cisco and customer networks, and application of innovative thinking about security practices and processes, we see enormous potential for developing and delivering threat-focused approaches to cyber security into products, services, and solutions. Read More »

Tags: , , , , , , ,

A Programmatic Approach to Using Cisco’s Security Intelligence Feed

If you’re an end-user or manager of software that has publicly known security vulnerabilities, wouldn’t you want to know about it? If you’re a software developer, wouldn’t you want to know if there are third-party software vulnerabilities that may impact your applications or products?  Do you have a patch management compliance requirement for managing software vulnerabilities? I presume the answer is a resounding “Yes” to each question that applies to you. Anything we, as cyber security professionals, can do to help automate the vulnerability management process, while integrating security intelligence into that process from both an end-user and developer perspective, is a good thing. In this post, I will discuss Cisco’s Application Programming Interface (API) that exposes security intelligence as a direct data feed into applications or portals. The API is known as the IntelliShield Security Information Service (ISIS) and has proven effective to answering these leading questions.

“Continuous improvement in vulnerability management practices is imperative to keeping pace with the changing security environment as a result of evolving threats as well as new products and technologies” Russell Smoak, Cisco Systems, Cisco 2013 Annual Security Report

The above quote underscores the importance of striving to raise the bar in protecting against vulnerabilities, which may be exploited in your environment, or in the case of a developer, the products you provide to your customers. Cisco uses ISIS several ways, both internally and externally. Internally, Cisco takes advantage of custom-built tooling that uses vulnerability data from Cisco IntelliShield to notify the product development teams when a security issue originating in third-party software may impact a Cisco product. This tool has greatly increased the ability to manage security issues that originate in non-Cisco code. Externally, ISIS is used to provide the content to several sections accessible through the Cisco SIO portal. A couple of examples include:

  1. IOS Software Checker: this tool is used to query Cisco IOS Software Releases against published Cisco Security Advisories.
  2. Security Alerts: this tool provides an “At-A-Glance” type of view of security events such as vulnerability exposures.

Technically, ISIS provides a set of services that support application-to-application interaction using SOAP over the HTTPS protocol, allowing clients to develop ISIS-dependent applications that are not dependent on the technologies used to implement ISIS. The only dependency is for the client to have the ability to produce a SOAP message, send it to ISIS over HTTPS, and ultimately decompose the SOAP response. These services also allow clients to filter the security intelligence based on various inputs, enabling clients to align IntelliShield security intelligence with the unique business needs of their environment. Read More »

Tags: , , , ,