Cisco Blogs


Cisco Blog > Security

Sensitive Data Exfiltration and the Insider

The Insider Lifecycle

Traditional security is designed to keep outsiders from getting in. What happens when the enemy is an insider? A new paradigm must be explored, where the focus needs to shift inward and how data is going outbound.

Identifying anomalies in data exfiltration is critical to how to spot the insider. The insider has a typical lifecycle:

1. Identify places where sensitive data is store
2. Retrieve the data from the location
3. Move the data within the organization to prepare for exfiltration
4. Transfer the data outside the organization

Arguably, the weak points of this chain of events occur in steps 1, 2, and 4, where the insider must go through funnel points—near the data and at a public outbound connection.

Things to Look For

In almost all cases of data theft, the insider had access to the data, but in many cases, the insider’s role would have been suspect when considering the data they were accessing. Consequently, role should be examined for the end user in the context of data they are accessing.

Read More »

Tags: , , , , , , , ,

Huawei and Cisco’s Source Code: Correcting the Record

Last week, I wrote about statements made by Charles Ding, Huawei’s Senior Vice President and Chief Representative in the U.S., Mr. Ding explained the 2003-2004 intellectual property litigation between Cisco and Huawei as follows: “Huawei provided our source code of our products to Cisco for review and the results were that there was not any infringement found and in the end Cisco withdrew the case . . . the source code of the issues was actually from a 3rd party partner that was already available and open on the internet.”

In my blog, I let Huawei and Mr. Ding know that Cisco would waive any confidentiality provisions from that litigation  so the world could learn what really happened and suggested they publish the expert’s report from the litigation.   Huawei and Mr. Ding have so far ignored my offer.  Under the agreement that resolved the litigation, we are entitled to act on our own, so we now do so.

Two things are clear about the Cisco – Huawei dispute:

  • The litigation was between two private companies, not between governments. It’s not about the US or China and we respect the efforts the Chinese government is making to increase intellectual property protection.  Rather, this dispute involved a very simple claim that one company used the other’s trade secrets and copyrighted materials without permission.
  • Unlike the smartphone patent battles, where parties try to protect and grow their market share by suing each other over broad patents where no direct copying is required, let alone even knowledge that a patent exists, this litigation involved allegations by Cisco of direct, verbatim copying of our source code, to say nothing of our command line interface, our help screens, our copyrighted manuals and other elements of our products.

The agreement that ended that lawsuit allows either party to make a reasonable response to improper or impermissible statements by the other.  Mr. Ding’s statements of two weeks ago indeed misstate the facts and therefore merit a direct, factually accurate and proportionate response. Rather than providing Cisco’s interpretation of the facts, we think it better simply to set forth the facts themselves.  To that end, the following are verbatim excerpts from the Neutral Expert’s Final Source Code Report, dated June 15, 2004:

Read More »

Tags: , , ,