Several of us recently had the pleasure of working with Ann Bednarz from Network World on her feature article, “Inside Cisco Security Intelligence Operations” (SIO). We were all very pleased with the resulting article and her ability to capture and convey the intricacies of Cisco SIO. Considering the size, complexity, diversity, and distribution of the teams and technologies that make up our security operations, we knew that capturing these details and understanding Cisco SIO could have its challenges.
One of the first challenges was where to physically meet to provide an overview of Cisco SIO, present the various teams and technologies involved, and answer Ann’s questions. Unlike many security organizations that are focused in large, ominous security operations centers, the majority of Cisco SIO’s teams and technologies are widely distributed across the globe in many small groups -- sometimes in “groups” of one -- that work collaboratively across multiple application systems, tools, labs and unified communications systems to produce our security intelligence. And this is the first subtle point I’d like to call out from the article: you don’t need to spend your few security dollars on an over-the-top security center to perform these functions. Cisco SIO is a highly secure, distributed, efficient, and productive organization without the pretenses.
Another challenge for us was to show Ann the real core of Cisco SIO, and so we were glad to see her subtitle, “Automated tools handle vast majority of security threats, but it’s the human element that makes the difference.” We all love the technology, we couldn’t do it without the technology. And while the People, Process and Technology framework is as true for security intelligence as any of its applications, it’s the people that make the difference. In our brief time with Ann she was only able to meet a few of the people who make up Cisco SIO, but it was enough for her to recognize that it is such individuals who are the real value. And that brings us to another subtle point in the article, that it’s not only the people who are within Cisco SIO itself, but the value extends to include thousands of others. Cisco SIO works with our customers and partners, and hundreds of other vendors, security and industry organizations, special interest groups, government agencies, and researchers, all of which contribute to Cisco SIO by sharing their data, information and expertise. It is often just one of those many people who notice some small, often seemingly insignificant bit of data, information, or technology output that just doesn’t seem “right,” and starts the intelligence process in motion. That’s how security teams get ahead and stay ahead of the threats. Our job at Cisco SIO is to take all that data and information, apply our expertise, and connect, correlate and convert that data and information into actionable security intelligence, which is then returned in timely technology updates, alerts and advisories. Or as Ann summarized: “Put it in context.” People do that, machines and technology don’t.
And a third, maybe less subtle point from the article: security investment. I can hear many of my security colleagues reading the article saying, “must be nice; hundreds of people, resources, investment, expertise…” And they’re right. Cisco has made security a top priority, and has the global presence, products, resources and expertise. The good news is that you can share in it and benefit from it. Cisco SIO posts much of its current and in-depth security intelligence on the public Cisco SIO portal, including RSS feeds, a Cisco SIO smartphone app, research and best practice papers, and security blog posts. And as always, we welcome feedback on Cisco SIO portal content.
I couldn’t have said it better: “The payoff is clear when the disparate technologies and resources from SIO come together.” Thanks, Ann.