Cisco Blogs


Cisco Blog > Security

Unified Security Metrics Program—Live at RSA Singapore

Noted business management author Peter Drucker famously said, “What’s measured is improved.” When applied to the world of security, meaningful security metrics can literally transform an organization and solve real business problems. At Cisco, Unified Security Metrics (USM) combines multiple sources of data to create higher-value actionable business metrics and decision-making capabilities to protect the company’s data, business processes, operational integrity, and brand from security threats.

Hessel Heerebout, Program Manager for Cisco’s award-winning USM program, will give an overview entitled “Cisco Unified Security Metrics: Measuring Your Organization’s Security Health” (Session ID #SEC-W05) at RSA Singapore on July 23. Read More »

Tags: , , , ,

Securing Employee Device Freedom

As a business or technical leader, you know you need to protect your company in a rapidly evolving mobile ecosystem.

However, threats are not always obvious. As malware and attacks become more sophisticated over time, business decision makers must work with technical decision makers to navigate security threats in a mobile world.

I’m excited to introduce a new blog series, authored by Kathy Trahan, which will explore the topic of enterprise mobility security from a situational level and provide insight into what leaders can do now to mitigate risk.

This first post will discuss the security concerns presented by the rapid-fire growth of BYOD (Bring Your Own Device) and how implementing specific policies can help organizations reap the benefits of true mobility now and in the future.

Kathy Trahan Senior Security Solutions Marketing Manager Global Marketing Corporate Communications

Kathy Trahan
Senior Security Solutions Marketing Manager

With the increasing amount of tablets, wearables, and other connected “things” in the workplace, it’s no wonder that the BYOD trend is causing a dynamic shift in security policies and protocol.

This heightened focus on security only increases when the security threat evolution shows that attackers seem to stay one step ahead of the security measures in place to stop them. And while the BYOD movement does present special challenges to ensuring data security, it also affords BDMs and TDMs an opportunity to collaborate and come up with security solutions that balance the need to secure company assets while still allowing employees to conduct business on devices that are familiar and comfortable to them.

As enterprises look for ways to improve productivity, efficiency, and flexibility for their workforces, mobility has become a key factor. A Gartner survey predicts that by 2017, half of employers will require their employees to provide their own devices for work purposes. And as use of and reliance on mobility increase, so does the need for security policies that allow employees to function in a work world that extends beyond their cubicle and office walls.

Read More »

Tags: , , , , , ,

Cisco IT’s Identity Services Engine Deployment: Project Planning, Personnel, and Progress

Several customers have asked me how Cisco IT does project planning for a large enterprise deployment such as the Identity Services Engine, or ISE. What’s our approach? How do we manage operational costs? How do we measure performance? What personnel are involved throughout the process?  Read More »

Tags: , , , , ,

A New Model to Protect the Endpoint, Part 3: Automated Advanced Analytics

In my final post in this series, I wanted to focus on another powerful innovation made possible by combining a big data architecture and a continuous approach for more effective protection: automated, advanced analytics.

Today’s advanced malware compromises environments from an array of attack vectors, takes endless form factors, launches attacks over time, and can obfuscate the exfiltration of data. To detect advanced attacks as they move laterally through the network and across endpoints, defenders need technologies that automatically look for Indicators of Compromise (IoCs) left behind by malware and exploits, as well as more advanced behaviors of compromise that happen over time. Read More »

Tags: , , ,

Threat Spotlight: “A String of Paerls”, Part 2, Deep Dive

July 8, 2014 at 7:28 am PST

This post has been coauthored by Joel EslerCraig WilliamsRichard HarmanJaeson Schultz, and Douglas Goddard 

In part one of our two part blog series on the “String of Paerls” threat, we showed an attack involving a spearphish message containing an attached malicious Word doc. We also described our methodology in grouping similar samples based on Indicators of Compromise: static and dynamic analysis indicators. In this second part of the blog series we will cover the malicious documents and malicious executables. For the technical deep dive see the write up on the VRT blog here.

 

Tags: , , , , ,