Is the product safe to use? I have been asked this question on occasion in a non-technical sense and maybe you have too. In a technical context, I could frame the question as “Are the online services and underlying technologies supporting my services safe?” A continuous effort must go into substantiating the preferable answer (“Yes”) that we are looking for, both prior to and after releasing a product or service into the wild. Security Intelligence Operations (SIO) includes a team of network security experts that form the Security Technology Assessment Team (STAT). They provide security assessment expertise across Cisco’s product and services organizations. In this article, I elaborate on their role and how they complement product and services organizations at Cisco in helping to protect you, our customer.
In the not-so-distant past it used to be that the majority of notoriety around product security was focused more around physical aspects. For example, a manufacturer announces a product recall about a defect (i.e. vulnerability) that could cause potential physical harm or worse. Fast-forward to today where computing devices and associated Internet plumbing comprise an entirely distinct category of product security needed. Within that category, I would also suggest that services and the underlying supporting infrastructure would also fall into this category in the ongoing quest for achieving network security. I think that this quote from a U.S. government hearing underscores the value of that quest as well.
“When we bring in new technologies, we bring in new exposures and new vulnerabilities, things we really haven’t thought about. It takes a little while before we understand it, and after a while we begin to secure it. But our mindset needs to change. This is not the same as industrial technologies or new ways of doing aircraft or cars. These technologies are global and they expose us globally, literally within milliseconds.”
Business units and quality assurance groups at Cisco apply multi-level security processes throughout the development of products and services to ensure that security is embedded into everything that is ultimately delivered to customers. For example, Cisco’s secure development life cycle (SDL) provides a highly effective process in detecting and preventing security vulnerabilities and improving overall system quality. Cisco SDL has several elements that include, but not limited to, source code analysis and white box testing that feed into the security posture of a product or service. Cisco has a security advocates program, a virtual community of people who understand network security and secure product development (and testing) and who can share and evangelize that knowledge with their peers, their colleagues, and their management.
The National Retail Federation predicts that Holiday Shopping this year will grow to $586.1 billion, with a record percentage of those purchases occurring online and from mobile devices.
As more shoppers make purchases online and on their mobile devices, Cyber Monday is fast becoming Mobile Monday, opening up a variety of new threats and challenges for shoppers. And even after the shopping is done, consumers need to take care when they open their presents and turn on new devices for the first time, and know what to expect when they bring their purchases to work or school in early January.
Join us on Wednesday, Nov. 28 at 10:00 AM PT for a live discussion with John N. Stewart, SVP and Chief Security Officer of Global Government and Corporate Security at Cisco. John will address topics ranging from how to stay safe while shopping online, tips for securely setting up gifts you receive, and how to safely bring new devices into work and school in the new year.
Today more than ever, networks are transforming the way organizations operate and are touching more people through a wider range of devices than ever before. Achieving a secure infrastructure is increasingly complex with today’s mobility, collaboration and cloud services added to the mix. These new capabilities offer much operational efficiency and reduce costs, but they also introduce additional risk to the network. Read More »
One of the greatest threats to Internet service is Distributed Denial of Service (DDoS) attacks which can paralyze ISPs and disrupt traffic to and from targeted websites. For years now, DDoS attacks have dropped down the IT security priority list as topics such as IP theft took center stage.
Recently however, DDoS attacks targeting organizations of all types have sharply increased. Afflicted organizations had daily operations disrupted and servers compromised, with attacks increasing in sophistication and damage impact. The next waves of attacks will likely be even more complex and damaging.
The DDoS revival reminds us that as threats continue to evolve, organizations must strengthen their security infrastructure and management practices to improve the timeliness and effectiveness of incident response.