My colleague, Joe Karpenko, and I will be presenting the Network Threat Defense, Countermeasures, and Controls Security Masters Dojo training course at the CanSecWest 2013 Applied Security Conference.
Attendees will perform two roles. First, as a Security Practitioner who will secure and harden devices within an organization’s network infrastructure, and second, as a Security Incident Response Investigator who must correctly detect, classify, and prevent threats targeting a network by configuring and deploying advanced network threat defenses and countermeasures. Read More »
Tags: CanSecWest 2013, Cisco Security, cisco sio, Network Threat Defense
A month from now, thousands of cyber security friends, colleagues, professionals, hackers, defenders, sellers, buyers, old timers, and newbies will descend on San Francisco for the 2013 RSA Conference. We will challenge one another about what has changed, create new topics and new words to describe the previously indefinable, scare the heck out of each another, and ask the same questions…often: “What’s changed in the last year? Is it better? Is it worse? Is it new?”
“Security in Knowledge” is an apt theme for this year’s RSA. It resonates with me, given my very strong opinions that no company can effectively manage cyber security alone, either people-wise or data- and information-wise. Can any organization analyze 13 billion web requests per day? 150 million endpoints? A daily deluge of 75 terabytes of incoming data? You can’t cope with that yourself. We need to move to crowd-sourcing security, creating security knowledge, and ultimately increasing effectiveness rather than watching the ship continue to take on water at intermittently slowed rates. Read More »
Tags: Cisco Security, CSO, CSPO, cyber security, John N. Stewart, RSA 2013
At Cisco Live London, one of my data center theater presentations will focus on the benefits of a context-aware and adaptive security strategy. This approach helps accelerate the adoption of virtualization and cloud, which traditional static security models often inhibit. Context-based approaches factor in identity, application, location, device, and time along additional security intelligence such as real-time global threat feeds for more accurate security access decisions.
Neil MacDonald, vice president, distinguished analyst, and Gartner Fellow in Gartner Research has been advocating the benefits of a context-based approach now for some years as outlined in his Gartner blog. Not only does he say that by 2015, 90 percent of enterprise security solutions will be context-aware but in cloud computing environments where IT increasingly doesn’t own key IT stack elements, having additional context at the point of security decision leads to better decisions with risk prioritization and business factors accounted for. Neil MacDonald also co-authored a report, “Emerging Technology Analysis: Cloud-based Reputation Services,” which highlights the value of cloud-based threat intelligence in enabling secure cloud adoption.
Read More »
Tags: cisco live london 2013, Cisco Security, context-aware and adaptive security, data center security, network security, Secure-X, SecureX, security, security intelligence
A phrase I’ve recently been hearing repeated is that “product features will come and go, but risk mitigation is continuous.” With that in mind, our Product Security Incident Response Team (PSIRT) is doing its part by seeking ways to improve how we transparently communicate information about Cisco product vulnerabilities to our Customers and Partners. Starting in January of 2013 we will be launching a new deliverable called the Cisco Security Notice.
The purpose of the Cisco Security Notice is to make it easier for Customers and Partners to access information about low to medium severity vulnerabilities in Cisco products. A Cisco Security Notice will be the primary disclosure document for all security defects that PSIRT scores with a Common Vulnerability Scoring System (CVSS) base score from 4.0 to 6.9 and will be posted to the PSIRT publication listing page. Each vulnerability disclosed through a Cisco Security Notice will be assigned a Common Vulnerability and Exposures (CVE) Identifier to aid in identification. Check out the sites for CVE, CVSS, and this CVSS scoring calculator if these terms are relatively new to you or you simply need a refresher. Read More »
Tags: Cisco PSIRT, Cisco Security, Cisco Security Notice, cisco sio, Cisco Vulnerability Policy, CVSS scoring
Is the product safe to use? I have been asked this question on occasion in a non-technical sense and maybe you have too. In a technical context, I could frame the question as “Are the online services and underlying technologies supporting my services safe?” A continuous effort must go into substantiating the preferable answer (“Yes”) that we are looking for, both prior to and after releasing a product or service into the wild. Security Intelligence Operations (SIO) includes a team of network security experts that form the Security Technology Assessment Team (STAT). They provide security assessment expertise across Cisco’s product and services organizations. In this article, I elaborate on their role and how they complement product and services organizations at Cisco in helping to protect you, our customer.
In the not-so-distant past it used to be that the majority of notoriety around product security was focused more around physical aspects. For example, a manufacturer announces a product recall about a defect (i.e. vulnerability) that could cause potential physical harm or worse. Fast-forward to today where computing devices and associated Internet plumbing comprise an entirely distinct category of product security needed. Within that category, I would also suggest that services and the underlying supporting infrastructure would also fall into this category in the ongoing quest for achieving network security. I think that this quote from a U.S. government hearing underscores the value of that quest as well.
“When we bring in new technologies, we bring in new exposures and new vulnerabilities, things we really haven’t thought about. It takes a little while before we understand it, and after a while we begin to secure it. But our mindset needs to change. This is not the same as industrial technologies or new ways of doing aircraft or cars. These technologies are global and they expose us globally, literally within milliseconds.”
House of Representatives Hearing on Cybersecurity: Emerging Threats, vulnerabilities, and challenges in securing federal information systems
Business units and quality assurance groups at Cisco apply multi-level security processes throughout the development of products and services to ensure that security is embedded into everything that is ultimately delivered to customers. For example, Cisco’s secure development life cycle (SDL) provides a highly effective process in detecting and preventing security vulnerabilities and improving overall system quality. Cisco SDL has several elements that include, but not limited to, source code analysis and white box testing that feed into the security posture of a product or service. Cisco has a security advocates program, a virtual community of people who understand network security and secure product development (and testing) and who can share and evangelize that knowledge with their peers, their colleagues, and their management.
Read More »
Tags: Cisco Security, Cisco Security Intelligence Operations, cisco sio, cybersecurity, secure software, security to of mind, vulnerability