Cisco Blogs


Cisco Blog > Security

A Circular Problem in Current Information Security Principles

Editor’s Note: In this second installment of the blog series on more responsive security, we take a closer look at the circular problems associated with four common security principles in managing “weak link” risks in Information Technology organizations.

Before discussing what constitutes this responsive approach to security, let us first look at a few of the fundamental principles of information security to understand the unique challenges organizations face today in managing security risks.

Read More »

Tags: , , , ,

Cisco Announces Intent to Acquire Neohapsis

Today, businesses are looking at security in a strategic, comprehensive way to protect mission critical processes and assets. There has never been a greater need to understand the impact that security threats can have on a company’s bottom line. For these reasons, experienced security advice is now among the table stakes required to assess and address the threat landscape that faces enterprises today. The skills and capabilities companies need to maintain a strong security posture, keep pace with rapidly evolving threats and take full advantage of new technologies that can protect their businesses are rare and difficult to retain.

The right advisory service can change all of that.

I am pleased to announce Cisco’s intent to acquire privately held Neohapsis, a Chicago-based security advisory company providing services to address customers’ evolving information security, risk management, and compliance challenges. Neohapsis provides risk management, compliance, cloud, application, mobile, and infrastructure security solutions to Fortune 500 customers.

Together, Cisco, Neohapsis and our partner ecosystem will deliver comprehensive services to help our customers build the security capabilities required to remain secure and competitive in today’s markets. This will help our customers overcome operational and technical security vulnerabilities, achieve a comprehensive view of their risks, take advantage of new business models, and define structured approaches for better protection.

The Neohapsis team will join the Cisco Security Services organization under the leadership of Senior Vice President and General Manager Bryan Palma. The acquisition is expected to close in the second quarter of fiscal year 2015. We look forward to Neohapsis’ outstanding team and technology joining Cisco!

Tags: , , , , , , , , ,

Cisco 2014 Midyear Security Report: Security Services and Risk Management

More organizations are starting to view cybersecurity as a strategic risk. They have to—it’s becoming unavoidable. Technology and the business are so intertwined. Regulators are issuing more compliance measures that include information security directives. And all the while, adversaries are relentless in their campaigns to compromise defenses to steal information, money, or otherwise create disruption.

Read More »

Tags: , , , ,

Business Agility in the Evolving Workforce

Eighty-Five percent of companies with global supply chains experienced at least one supply chain disruption in the previous 12 months.1 Risk is inherently unpredictable. Fortunately, the current workforce is undergoing its own transformation to be able to identify and manage risk on a global basis.

For more than 35 years I have worked with companies and manufacturers around the world on supply chain related business opportunities. One thing senior executives of those firms all had in common was a relentless, positive perspective and motivation for improvements in the global supply chain. Risk management has become the pervasive mantra throughout the supply chain world, but as technology evolves the need for increased business agility is at an all-time high. As manufacturers continue to adopt more technology and become more sophisticated and global, not only do they become more vulnerable to risk, they also have more opportunities to manage risk.

Read More »

Tags: , ,

Evolving Continuous Monitoring to a Dynamic Risk Management Strategy

Organizations implementing Continuous Monitoring strategies are remiss if they are not taking into account the value of network telemetry in their approach. NIST Special Publication 800-137, Information Security Continuous Monitoring for Federal Information Systems and Organizations provides guidance on the implementation of a Continuous Monitoring strategy, but fails to address the importance of network telemetry into that strategy. In fact the 38 page document only mentions the word “network” 36 times. The SP 800-137 instead focuses on two primary areas: configuration management and patch management.  Both are fundamental aspects of managing an organizations overall risk, but to rely on those two aspects alone for managing risk falls short of achieving an effective Continuous Monitoring strategy for the following reasons

First, the concepts around configuration and patch management are very component specific. Individual components of a system are configured and patched. While these are important the focus is on vulnerabilities of improper configuration or known weaknesses in software. Second, this approach presumes that with proper configuration control and timely patch management that the overall risk of exploitation to the organization’s information system is dramatically reduced.

While an environment that has proper configuration and patch management is less likely to be exposed to known threats, they are no more prepared to prevent or detect sophisticated threats based on unknown or day-zero exploits. Unfortunately, the customization and increase in sophistication of malware is only growing. A recent threat report indicated that nearly 2/3 of Verizon’s data breach caseload were due to customized malware. It is also important to keep in mind that there is some amount of time that passes between a configuration error is determined and fixed or the time it takes to patch vulnerable software. This amount of time can potentially afford an attacker a successful vector.  For these reasons organizations looking to implement a Continuous Monitoring strategy should depend on the network to provide a near real-time view of the transactions that are occurring. Understanding the behavior of the network is important to create a more dynamic risk management focused Continuous Monitoring strategy.

Network telemetry can consist of different types of information describing network transactions in various locations on the network. Two valuable telemetry sources are NetFlow and Network Secure Event Logging (NSEL). NetFlow is a mechanism that organizations can use to offer a more holistic view of the enterprise risk picture. NetFlow is available in the majority of network platforms and builds transaction records of machine-to-machine communications both within the enterprise boundary as well as connections leaving the enterprise boundary. These communication records provide invaluable information and identify both policy violations and configuration errors. Additionally, NetFlow also provides insight into malicious software communications and large quantities of information leaving an enterprise. Network Secure Event Logging uses the NetFlow protocol to transmit important information regarding activities occurring on enterprise firewalls. This is valuable data that can be aggregated with other NetFlow sources to bring additional context to the network behavior occurring.

Coupling the configuration and patch management guidance in SP 800-137 with an active NetFlow monitoring capability will provide organizations with a Continuous Monitoring strategy that is more system focused and more apt to fostering a dynamic risk management environment. Cisco will be discussing NetFlow, NSEL and other security topics at the March 21st,  Government Solutions Forum in Washington, D.C. If you’re interested in learning more, click on the following URL:

www.cisco.com/go/gsf

Tags: , , , , , , , , ,