Last October , Cisco confirmed that Sourcefire was now part of our family of security products and solutions .
“With this acquisition, we take a significant and exciting step in our journey to define the future of security. As one company, we offer an unbeatable combination that will greatly accelerate our mission of delivering a new, threat-centric security model. Through the addition of Sourcefire’s competitive talent and technologies, I see vast opportunities to expand Cisco’s global security footprint in both new and emerging markets, broaden our solution sets and deepen our customer relationships “
“Beyond the technology, one of the things that is important to me is that Cisco and Sourcefire both share key values that transcend our company names, HQ locations and number of employees. Much like Sourcefire’s Firemen Principles, you can be confident that these values will continue as one team at Cisco.”
Martin Roesch, Sourcefire founder and CTO and now VP and Chief Architect of Cisco Security Group
in his blog ONE Team
These days , John Stewart , Senior Vice President, Cisco Chief Security Officer , announced that we completed the deployment of Sourcefire at Cisco . John Stewart oversees at Cisco the Threat Response, Intelligence and Development ( TRIAD ) organization .
The implementation is already giving us insights into our data center that we never had before
The Cisco security architecture helps data center networking teams take advantage of security capabilities built into the underlying data center fabric, to accelerate safe data center innovation. There are three important security measures that every IT organization should follow to securely support data center innovation. To learn more, download the Cisco white paper “Three Must-Have Security Measures that Accelerate Data Center Innovation.”
Tell us what do you think of the acquisition of Sourcefire by Cisco .
RSA 2013 ends and I both miss it and breathe a sigh of relief that it’s over. Let me explain. As a security guy, it’s nice to be around other security like-minded people. We all speak the language. You needn’t really justify why you are worried about things most people have never heard of. It’s exciting to see so many people try so many different things, be it startups, big companies, or inspired individuals. It’s great to see government employees, corporate executives, and pony-tailed security geeks all talking to one another. In a slightly strange way, it’s therapeutic.
That said, RSA is an incredibly intense week, and this year’s conference was no exception. In four-and-a-half full days (and this is just my schedule), I had:
Eight customer meetings
Eight dinners (working out to 1.78 dinners per day.)
Four press interviews: two on-record, one background, 1 live videocast via Google+
Four bizdev/company review meetings
Two analyst interviews
Two partner meetings
One customer breakfast talk along with with Chris Young
And this doesn’t include the countless run-ins with friends, a quick word here or there, and emails that all have to be managed along the way. In some respects, you don’t get enough time with really good friends (if there really is such a thing as enough time for such people in our lives), and in the end, it’s a huge blur from meeting to meeting.
I posed a question in my blog earlier this year: Are we making progress in cyber security? I say yes, yet not nearly enough, and now I am thinking hard about how to change it before RSA 2014.
We’ve invested considerable time, effort, and money in the effort to make Cisco products robust enough for deployment as Trustworthy Systems, either in their own right or integrated into a complete solution. At its essence, attaining trustworthiness is a matter of discipline—a series of conscious actions to build products in the right way, certify their conformity to prevailing industry and customer-required standards, and keep a careful watch on the integrity of the product supply chain, from initial product concept through their integration and operation over a solution lifecycle. But the most important attribute of a trustworthy system is vendor transparency. I define this as a customer’s ability to ask a vendor any question and to receive a complete, honest answer in return.
I have more to say on this subject in a video blog. I also invite you to view the Trustworthy Systems page on Cisco.com and download the newly published Cisco Trustworthy Systems White Paper.
“Think globally, act locally” is a phrase, now cliché, because it expresses an incontrovertible and immediately graspable truth. The global-local concept applies when it comes to mobilizing globally-collected cyber threat data, which in turn informs local IT operations against hackers and criminals. Of note, data collections spanning the globe don’t appear magically out of the blue, nor can they be engineered by just “anybody.” This crowd-sourced data must come from IT operations across the world to be collected, analyzed, and actioned. It’s a 24-hour cycle requiring the collective actions of organizations contributing to a mutually beneficial result. I have more to say about this in a video blog post on YouTube.
More and more, we ask technology to play critical roles in our businesses, and our lives. Pondering that for a moment, that dependance (versus use), requires careful thought on how much we trust that the technology is working as we want it, only as we want it, and nothing more. For many businesses or governments, testing via FIPS or Common Criteria increases that confidence level, combined with detailed operational plans to ensure running the services after they are installed is going correctly. For many technology vendors, innovation and commitment, can help here.
Our commitment at Cisco, and our innovation, for trustworthiness have never been stronger than they are today. Nearly 5 years ago, we started down a road which ultimately led to Cisco’s Secure Development Lifecycle (CSDL), and in our most recent FY12 SEC 10-K, acknowledged that work, our secure supply chain work, and our innovation efforts for Secure Boot and Anti-Tamper. For reference, that 10K, or 2012 Annual Report, is posted here: http://investor.cisco.com/
We foresaw the need for trustworthiness by listening to our customers, and we started early. Early results are in, and we’ve both reduced externally found security flaws, as well as increased the resiliency for multiple products anti-tamper. Have we done it on every product? Not yet, although rest assured, that’s exactly where we are going. I’ll keep you posted.