Cisco Blogs


Cisco Blog > Security

The Security Imperative As Mobility Evolves

April 1, 2014 at 6:00 am PST

Editor’s Note: This post is a response to EN Mobility Workspace. Please see that post for full context.

A colleague of mine here at Cisco, Jonathan, recently spoke well to the Evolution of Cisco Mobility Workspace Journey. Like all technologies, there is an adoption and engagement cycle based on maturity and risk level. We begin at the device-focused phase with a simple “get me on the network.” Following is the application-focused phase, “now that I am on what can I do with my ability to move around without a wire and work anytime and anywhere.” And the final is the overall experience, which is tailored to the user based on who they are, where they are, what they need or can do. And one can argue the next mobility phase for organizations is IoT (Internet of Things) as more single purpose devices (not necessarily with a user behind it) move to the wireless network.

What is critical to point out is the consistent requirement (not a nice to have) for security as the mobile user experience expands. Why is this so important? According to IDC over 47 percent of organizations see security enhancements required with their mobility initiative. The questions to consider are:

  • What are the secure mobility issues today and potentially tomorrow?
  • What are the implications?
  • What is likelihood of these threats?

The top secure mobility concerns noted by numerous surveys indicate the following:

  1. Data protection
  2. Application access
  3. Lost and stolen device
  4. Rogue devices

Read More »

Tags: , , , , , , , , , ,

In Search of The First Transaction

At the height of an eventful week – Cloud and IoT developments, Open Source Think Tank,  Linux Foundation Summit – I learned about the fate of my fellow alumnus, an upperclassman as it were, the brilliant open source developer and crypto genius known for the first transaction on Bitcoin.

Hal Finney is a Caltech graduate who went on to become one of the most dedicated, altruistic and strong contributors to open source cryptography. We are a small school in size, so one would think it’s easy to keep in touch; we try but do poorly, mostly a very friendly and open bunch, but easy to loose ourselves into the deep work at hand and sometimes miss what’s hiding in plain sight.

He was among the first to work with Phil Zimmermann on PGP, created the first reusable proof-of-work (POW) system years before Bitcoin, had just the right amount of disdain for noobs in my opinion, and years later, one of the first open source developers with Satoshi Nakamoto on Bitcoin, in fact the first transaction ever. There is a great story about Hal in Forbes this week, “My hunt for Bitcoin’s creator led to a paralyzed crypto genius, thank you, Hal Finney for going through with it, and Andy Greenberg for writing it. Sometimes it is very painful, shocking to see how things turn out, I think this is one of those moments when we realize how much this is going to mean to all of us, the brilliant minds of programmers like Hal Finney, who never sought the limelight, but did so much for us without asking for anything in return, who leave behind a long lasting contributions to privacy and security in our society, he is in fact a co-creator of the Bitcoin project. Do you realize that every bitminer successfully providing the required POW, should in fact reach the very same conclusion at the end of every new transaction… forever? You’d better accurately represent who was the very first. What a legacy to remember!

I often go to Santa Barbara to see a very, very close and dear person there, my daughter. But now, there is another reason to stop by and pay tribute to one of the finest there. We will all be in search of the first transaction, eventually.

Tags: , , , , , , , , , , , , , , , , ,

Security Metrics Starting Point: Where to Begin?

Editor’s Note: This is the second part of a four-part series featuring an in-depth overview of Infosec’s (Information Security) Unified Security Metrics Program. In this second installment, we discuss where to begin measuring.

H. James Harrington, noted author of Business Process Improvement, once said “Measurement is the first step that leads to control and eventually to improvement. If you can’t measure something, you can’t understand it. If you can’t understand it, you can’t control it. If you can’t control it, you can’t improve it.” Good piece of wisdom, but where do you start? How do you mine data through the use of metrics in order to provide greater insight into your organization’s security posture, while simultaneously using it as a vehicle to protect your most critical assets?

For Infosec’s Unified Security Metrics (USM) team, there’s plenty of statistical data sources available to mine information from, particularly from IT system logs and dashboards. In fact, early research conducted by the team identified 30 different types of meaningful data to track. Comprehensive, yes, but not realistically feasible, nor sustainable to implement long-term across Cisco. The USM team’s solution centered on the primary outcomes they were trying to achieve, namely, driving security process improvement behaviors and actions within IT. Subsequently, the list was narrowed down to five key measurements:

  • Stack compliance: measures vulnerabilities found on the TCP/IP stack (i.e. network devices, operating systems, application servers, middleware, etc.)
  • Anti-malware compliance: quantifies whether malware protection software has been properly installed and is up-to-date
  • Baseline application vulnerability assessment: computes whether automatic vulnerability system scans have been performed in accordance with Cisco policy and, if post-scan, any open security weaknesses remain
  • Deep application vulnerability assessment: computes whether penetration testing has been performed on our most business-critical applications in accordance with Cisco policy and, if post-testing, any open security weaknesses remain
  • Design exceptions: measures the total number of open security exceptions, based on deviations from established security standards and best practices

Read More »

Tags: , ,

A Bundle is Born

Today, we released the first Cisco IOS Software Security Advisory Bundled Publication of 2014. Six years ago, Cisco committed to disclosing IOS vulnerabilities on a predictable schedule (on the fourth Wednesday of March and September each calendar year) in direct response to your feedback. We know this timeline allows your organization to plan ahead and ensure resources are available to analyze, test, and remediate vulnerabilities in your environments.

Today’s edition of the Cisco IOS Software Security Advisory Bundled Publication includes six advisories that affect the following technologies:

  • Session Initiation Protocol
  • Network Address Translation
  • Internet Key Exchange Version 2
  • IPv6
  • SSL VPN
  • Cisco 7600 RSP720 with 10GE Uplinks

Read More »

Tags: , , , ,

Open innovation: Harnessing the ideas, talent and passion of the startup eco-system

What does an already innovative company like Cisco do more to innovate?  What do we need to do differently to influence or shape the next breakthrough that will fundamentally change our industry and Cisco?  As we embark on a journey to transform Cisco into a #1 IT solution provider, we know we must innovate more and faster – and spot the next industry-shaping change before it catches our industry off-guard.

We believe one of the key strategies for reinventing innovation at Cisco is to embrace openness.  Open innovation is a concept developed and evangelized by leading organizational experts, including Dr. Henry Chesbrough, the Executive Director of the Program in Open Innovation at UC Berkeley.  It focuses on how organizations can and should use external ideas as well as internal ideas – and internal and external paths to market1.  Open innovation enables us to stay abreast of and shape the next big change that is going to impact Cisco and our industry.

Read More »

Tags: , , , , , , , , , , , , ,