Cisco Blogs


Cisco Blog > Security

Live from RSA: John N. Stewart

The RSA Conference is expected to be bigger and better than ever this year—more booths, more vendors, more technical sessions and keynotes.

But I have to ask the question: “Are we as IT practitioners better off now than we were 4 or 5 years ago?” There are a lot of people at the show who worry that the old approaches aren’t working and next generation solutions have not clearly come into focus. I do think, however, there are reasons to be cautiously optimistic.

Join me for a live broadcast from the RSA show floor on Wednesday, February 27 at 10:30 AM PT as I discuss what I’m seeing at the RSA conference and what it means for the IT Security industry. We’ll be taking your questions live via Twitter and Google Hangouts.  Read More »

Tags: , , , ,

Collecting IT Security Intelligence Globally, Using it Locally

“Think globally, act locally” is a phrase, now cliché, because it expresses an incontrovertible and immediately graspable truth. The global-local concept applies when it comes to mobilizing globally-collected cyber threat data, which in turn informs local IT operations against hackers and criminals. Of note, data collections spanning the globe don’t appear magically out of the blue, nor can they be engineered by just “anybody.” This crowd-sourced data must come from IT operations across the world to be collected, analyzed, and actioned. It’s a 24-hour cycle requiring the collective actions of organizations contributing to a mutually beneficial result. I have more to say about this in a video blog post on YouTube.

Tags: , , ,

RSA Conference: T-Minus 30 Days and Counting

A month from now, thousands of cyber security friends, colleagues, professionals, hackers, defenders, sellers, buyers, old timers, and newbies will descend on San Francisco for the 2013 RSA Conference. We will challenge one another about what has changed, create new topics and new words to describe the previously indefinable, scare the heck out of each another, and ask the same questions…often: “What’s changed in the last year? Is it better? Is it worse? Is it new?”

“Security in Knowledge” is an apt theme for this year’s RSA. It resonates with me, given my very strong opinions that no company can effectively manage cyber security alone, either people-wise or data- and information-wise. Can any organization analyze 13 billion web requests per day? 150 million endpoints? A daily deluge of 75  terabytes of incoming data? You can’t cope with that yourself. We need to move to crowd-sourcing security, creating security knowledge, and ultimately increasing effectiveness rather than watching the ship continue to take on water at intermittently slowed rates.  Read More »

Tags: , , , , ,

One Small Step…

More and more, we ask technology to play critical roles in our businesses, and our lives.  Pondering that for a moment, that dependance (versus use), requires careful thought on how much we trust that the technology is working as we want it, only as we want it, and nothing more.  For many businesses or governments, testing via FIPS or Common Criteria increases that confidence level, combined with detailed operational plans to ensure running the services after they are installed is going correctly. For many technology vendors, innovation and commitment, can help here.

Our commitment at Cisco, and our innovation, for trustworthiness have never been stronger than they are today.  Nearly 5 years ago, we started down a road which ultimately led to Cisco’s Secure Development Lifecycle (CSDL), and in our most recent FY12 SEC 10-K, acknowledged that work, our secure supply chain work, and our innovation efforts for Secure Boot and Anti-Tamper.  For reference, that 10K, or 2012 Annual Report, is posted here: http://investor.cisco.com/

We foresaw the need for trustworthiness by listening to our customers, and we started early.  Early results are in, and we’ve both reduced externally found security flaws, as well as increased the resiliency for multiple products anti-tamper.  Have we done it on every product? Not yet, although rest assured, that’s exactly where we are going. I’ll keep you posted.

Tags: , , , , , , ,

Does Virtualization Improve Security?

We all know that the virtualization and cloud megatrend is a game changer for data centers, leading to profound shifts in everything from IT services and business models to architectures. Business benefits include reduced capital investments, new revenue growth opportunities, and the greater efficiency, agility and scalability demanded by globalization.

Enterprises have held back from making the transition to virtual and cloud environments primarily because of the inherent security risks and concerns.

Targeted attacks and security breaches are getting more sophisticated. The Verizon Security Threat Report for 2011 showed that 3.8 million records were stolen in 2010, and 94% of this data came from servers (an increase of 18%).

As security concerns are the primary barrier to making this transition from virtualized data center to cloud, we must rethink how security fits in to these new architectures and develop new security tools to ensure the secure transfer of information.

For enterprises to confidently seize the business benefits offered by data center virtualization and the cloud, security must be seen as the art of the possible, not as a hindrance.

Watch below as I explore the challenges and leading practices for securing virtualized environments today, and into the future.

Please join me also for  a special webcast  “Defending the Data Center “ today at 10:00 am PDT /1:00 pm EDT /17:00 GMT -- To watch register here 

 

Tags: , , , , , , ,