Cisco Blogs


Cisco Blog > Security

Who are these Cisco Security Intelligence Engineers?

Protecting data, resources, and assets, including audio-video (A/V) content and communications no matter where it resides or travels on Cisco-powered networks can be a daunting undertaking to say the least. People ultimately are responsible for making this happen. With this thought in mind, here are a few questions that frequently challenge someone with this type of responsibility:

  • How can one ensure that the confidentiality, integrity, and availability of the core network keeps pace with the introduction of new technologies, while managing the continuous stream of disclosures on existing product vulnerabilities and emerging threats?
  • What preemptive or corrective actions can one take to mitigate or remediate known or potential weaknesses in your network operations?
  • What trusted informational resources are available that we can apply in the design, operation and optimization of a secure network, and where can this information be found?

This article provides personal insight into a specialized role residing within Cisco’s Applied Intelligence team, a team which was highlighted in the Network World feature article (page 3), “Inside Cisco Security Intelligence Operations.” The role is that of the Security Intelligence Engineer (SIE), a role which focuses on researching and producing actionable intelligence, vulnerability analysis, and threat validation that typically leads to providing answers and solutions to the challenges posed by these questions.

Read More »

Tags: , , , ,

CSIRT Monitoring for Cisco House at the London 2012 Olympic Games

As part of CSIRT’s mobile monitoring offering for special events, we undertook monitoring of the corporate and customer traffic of the Cisco House at the London 2012 Olympics. This engagement presents us with an excellent opportunity to showcase Cisco technology, while keeping a close watch on potential network security threats. CSIRT monitoring for this event will be active for the entire life-span of the Cisco House, from two months before the Olympics, until two months after.

For the London 2012 engagement, we shipped our gear in a 14RU military-grade rack that is containerized: made for shipping. Inside the mobile monitoring rack we have an assortment of Cisco kit and third-party kit that mirrors the monitoring we do internally:

  • Catalyst 3750 to fan out traffic to all the other devices
  • FireEye for advanced malware detection
  • Two Cisco IronPort WSA devices for web traffic filtering based on reputation
  • Cisco UCS box where we run multiple VMs
  • Lancope StealthWatch collector for NetFlow data
  • and a Cisco 4255 IDS for intrusion detection

We mirror the signatures that we have deployed internally at Cisco out to these remote locations. Depending on the environment where the mobile monitoring rack is deployed, we may also do some custom tuning. The kit in the mobile monitoring rack can do intrusion detection, advanced malware detection, and collect and parse NetFlow and log data for investigation purposes. The Cisco UCS rack server also helps us have several VMs,  allowing us to run multiple tools that complement the other devices in the rack. For example, we run a Splunk instance on a VM to collect the logs generated by all the services. The data from the gear in the mobile monitoring rack is analyzed by our team of analysts and investigators, to eliminate false positives, conduct mitigation and remediation, and finally produce an incident report if required.

Read More »

Tags: , , , , , , , , , ,

Have You Hacked Yourself Lately?

Security professionals are planners by nature. Our industry expects planning, legal and standards compliance requires it, and we drive ourselves toward it. However, the best plans fall out of date quickly. And as the adage commonly paraphrased as “no plan survives contact with the enemy” states, even properly maintained, up-to-date, and well-thought-out plans may fall apart during an incident.

What’s the remedy? We certainly shouldn’t throw out our plans. Instead, we should test and adjust our plans so that when the real enemy shows up, we might have a plan that survives, at least from a broad perspective. In short: security professional, hack thyself!
Read More »

Tags: ,

Anatomy of a Data Breach: Part II

Don’t be the Next Victim

Even as the latest breach headline fades away, we all know there is another waiting in the wings (read Part I of my blog). How can organizations protect themselves? There is no panacea for securing a payment environment, and implementing advanced technology alone will not make an organization compliant with the Payment Card Industry (PCI) Data Security Standard (DSS). The PCI DSS provides a solid foundation for a security strategy that covers payment and other types of data, but overall security does not begin and end with PCI compliance. Therefore, an organization’s security strategy should employ best practices and an architecture that will not only facilitate PCI compliance, but also help secure the cardholder environment, prevent identity theft, reliably protect brand image and assets, mitigate financial risk, and provide a secure foundation for new business services.

Read More »

Tags: , , , , , , ,

What is it Like to be a Cisco Security Analyst?

Security events, such as vulnerabilities and threats, that are detected globally continue to grow and evolve in scale, impact, diversity, and complexity. Compounded with this is the other side of the coin, the unreported or undetected events waiting in the wings, hovering below the radar in a stealthy state. With all of the security technologies at our disposal, are they sufficient enough to provide effective protection? Well, it is certainly a good start when applied correctly. At a summary level, Cisco’s Security Intelligence Operations (SIO) approach to this challenge was covered in the Network World feature article, “Inside Cisco Security Intelligence Operations.” However, one of the core human elements, which I will introduce, that deserves closer attention is the role of security analyst. In addition, this article provides those of you with career interests some additional insight into working in the IT security field.

Read More »

Tags: , , , , , , , , ,