Cisco Blogs

Cisco Blog > Government

Evolving Continuous Monitoring to a Dynamic Risk Management Strategy

Organizations implementing Continuous Monitoring strategies are remiss if they are not taking into account the value of network telemetry in their approach. NIST Special Publication 800-137, Information Security Continuous Monitoring for Federal Information Systems and Organizations provides guidance on the implementation of a Continuous Monitoring strategy, but fails to address the importance of network telemetry into that strategy. In fact the 38 page document only mentions the word “network” 36 times. The SP 800-137 instead focuses on two primary areas: configuration management and patch management.  Both are fundamental aspects of managing an organizations overall risk, but to rely on those two aspects alone for managing risk falls short of achieving an effective Continuous Monitoring strategy for the following reasons

First, the concepts around configuration and patch management are very component specific. Individual components of a system are configured and patched. While these are important the focus is on vulnerabilities of improper configuration or known weaknesses in software. Second, this approach presumes that with proper configuration control and timely patch management that the overall risk of exploitation to the organization’s information system is dramatically reduced.

While an environment that has proper configuration and patch management is less likely to be exposed to known threats, they are no more prepared to prevent or detect sophisticated threats based on unknown or day-zero exploits. Unfortunately, the customization and increase in sophistication of malware is only growing. A recent threat report indicated that nearly 2/3 of Verizon’s data breach caseload were due to customized malware. It is also important to keep in mind that there is some amount of time that passes between a configuration error is determined and fixed or the time it takes to patch vulnerable software. This amount of time can potentially afford an attacker a successful vector.  For these reasons organizations looking to implement a Continuous Monitoring strategy should depend on the network to provide a near real-time view of the transactions that are occurring. Understanding the behavior of the network is important to create a more dynamic risk management focused Continuous Monitoring strategy.

Network telemetry can consist of different types of information describing network transactions in various locations on the network. Two valuable telemetry sources are NetFlow and Network Secure Event Logging (NSEL). NetFlow is a mechanism that organizations can use to offer a more holistic view of the enterprise risk picture. NetFlow is available in the majority of network platforms and builds transaction records of machine-to-machine communications both within the enterprise boundary as well as connections leaving the enterprise boundary. These communication records provide invaluable information and identify both policy violations and configuration errors. Additionally, NetFlow also provides insight into malicious software communications and large quantities of information leaving an enterprise. Network Secure Event Logging uses the NetFlow protocol to transmit important information regarding activities occurring on enterprise firewalls. This is valuable data that can be aggregated with other NetFlow sources to bring additional context to the network behavior occurring.

Coupling the configuration and patch management guidance in SP 800-137 with an active NetFlow monitoring capability will provide organizations with a Continuous Monitoring strategy that is more system focused and more apt to fostering a dynamic risk management environment. Cisco will be discussing NetFlow, NSEL and other security topics at the March 21st,  Government Solutions Forum in Washington, D.C. If you’re interested in learning more, click on the following URL:

Tags: , , , , , , , , ,

Network Security Surfaces as Mainstream Media issue

The New York Times’ Nicole Perlroth filed an alarming account of government and corporate network vulnerabilities that comes across like a briefing dossier read by James Bond aboard a Heathrow-Beijing flight. But it does the good work of putting a critical technology issue before a broad audience.

Traveling Light in a Time of Digital Thievery” (NYT, Feb. 10) details extraordinary counter-espionage precautions taken in China by prudent travelers and their organizations. Many now leave their usual notebooks, smartphones and tablets safe at home. Some say a device taken into China is never again permitted to touch their corporate network.

Read More »

Tags: , , , , , ,

Cisco Releases the 2011 Annual Security Report

Organizations are faced with providing security for employees that are rapidly adopting new technology in their personal and professional lives and expect their work environments and employers to do the same. As the data from the new Cisco 2011 Annual Security Report and the Cisco Connected World Technology Report Chapter 3 show, organizations that do not or cannot provide that type of environment are at risk of losing the ability to compete for those employees and business opportunities. If employers attempt to block, deny, or forbid mobile devices, social networks, instant communications, and new technologies in the work place employees will likely ignore the policies or, even worse, find ways around them that open your environment to unrealized risks.

Read More »

Tags: , , , , , , , , ,

SCORE Helps Small Business Owners Identify Cyber Security Issues and Protect Themselves from Attack

Guest post from our friends at SCORE

W. Kenneth Yancey, Jr., CEO
Ken Yancey is responsible for developing SCORE’s business plan and vision as well as coordinating national program efforts and all the association’s management operations. He also directs the efforts of the headquarters staff to serve and support the 370 chapters across the country.  Prior to joining SCORE in 1993, Ken was Executive Director at the National Business Association. A graduate of Texas A&M University (BBA/Finance), Ken is a recipient of the USA Freedom Corp Award of Excellence, the ASAE Summit Award, and the BSA Goose Creek District Award of Merit.

These days, with technology playing a larger role in small business success, it is important for small business owners to identify cyber security issues and protect themselves from attack.  And that’s exactly what SCORE can do through its free mentoring and resources from in the world of cyber security.

Read More »

Tags: , , ,

Baking Security into the Culture at Cisco – A Tip of the Hat to the Security Knowledge Empowerment Team

“Security must be built into every aspect of our systems architecture and be seamlessly compatible with our business architecture.”

– Rebecca Jacoby, Cisco Chief Information Officer

When Cisco’s CIO Rebecca Jacoby and I agreed that security would be built into every aspect of our IT systems architecture, we knew this was no small task. To some degree, security requirements were bolted on, not baked in, and what “security” meant was different from person to person in our organizations. We knew that we had to raise awareness and knowledge about security—not just among the security practitioners in our IT organization, but also with the IT generalists and those architecting applications and systems. That way, systems would be designed and embedded with security from day one. Read More »

Tags: , , ,