During the 2012 fall season, we launched a survey that seeks to understand how you use and value the security resources on the Cisco Security Intelligence Operations Portal at http://cisco.com/security. At the same time we also made available our enhanced feedback mechanism—shown below highlighted in red—to allow you to more easily share your thoughts and frustrations with our content.
The response has been fantastic; thank you.
Through the new survey and feedback systems, we are broadening our understanding of the content-types you find useful, those you don’t, as well as content you’re not familiar with. We have received very specific questions and feedback and done our best to respond directly when we could (did you include an email address?) and have responded publicly via @CiscoSecurity a few times when no contact information was shared. For example, when an anonymous feedback-submitter suggested we provide RSS feeds for Cisco Security Advisories, we responded via Twitter with:
@CiscoSecurity: A friendly reminder, RSS feeds for all Cisco SIO content types, including Security Advisories, are available at http://cs.co/9007VQr7
Read More »
Tags: customer feedback, security, survey
My colleague, Dario Ciccarone from the Cisco Product Security Incident Response Team (PSIRT) will be presenting “Security Vulnerability Handling at Cisco” at (ISC)2’s New York Metro Chapter meeting on February 13th, 2013. This will be an evening of information security presentations, networking reception and filled with Chapter activity discussions during this event. This event also qualifies for 2 CPEs for certified information security professionals (CISSP). Read More »
Tags: Cisco PSIRT, Cisco Vulnerability Policy, security, vulnerability
Secure access continues to be paramount for a connected world. People connect to the Internet for business and for personal use, from wired, wireless or mobile devices—locally and remotely. The Internet is a global system of interconnected networks. User devices, the Internet, and all computer networks are the target of a growing number of increasingly complex security threats. Let’s take a look at some recent trends from the Cisco Connected World Technology Report that speaks to the need for secure access:
- Three devices is the average per end user with the desire or mandate to work anywhere and anytime—how do we ensure control of all these devices?
- 71 percent of the next generation workforce will not obey the policies—how do we enforce policy?
- 60 percent will not be responsible for protecting corporate information and devices—how do we protect sensitive data?
- Mobile malware is growing; Android malware grew over 2000% from 2012 but is only 1% of the web malware encounter—how do we ensure secure connection from your mobile device and with web intensive users Read More »
Tags: cisco annual security report, Cisco Identity Service Engine (ISE), cisco live london 2013, Gartner Magic Quadrant, ISE, MDM, NAC, secure BYOD, security policy
Last week my colleagues and I were excited to deliver a 4-hour lab on IPv6 Security at Cisco Live London 2013. The training enabled students to correctly identify, classify, and deter or prevent the nefarious IPv6-specific behaviors. They did so by configuring network threat defense, countermeasures, and controls that were implemented and deployed on infrastructure devices as well as validate their effectiveness. Some of the nefarious behaviors included IPv6 spoofing, using IPv6 in IPv4 tunneling to bypass, and DDoS using IPv6 packets. This IPv6 security training was first delivered at Cisco Live USA 2012, where 19 students participated in the class. At Cisco Live London, we welcomed 21 Cisco Customers, giving them access to our lab-hosted equipment to practice and complete tasks covered during class. What follows are some key observations about our training in London as compared to our training in the U.S.: Read More »
Tags: Cisco Live London, IPv6, IPv6-security, security
A few months ago we published a technical white paper explaining how we measure the performance of Cisco IPS sensors. The idea was to give Cisco IPS customers insight into the work that goes into producing the performance numbers that are recorded in a data sheet, with the ultimate goal of helping customers deploy the correct IPS appliance for their environment. We have now followed up the performance work with a paper describing how we test the effectiveness of our IPS product line.
This new paper titled, “Testing the Efficacy of Cisco IPS”, explains how Cisco IPS fits into the Cisco Security portfolio and how the IPS product team measures efficacy. Read More »
Tags: global correlation, IPS, IPS efficacy, IPS performance, security