Cisco Blogs


Cisco Blog > Digital and Social

#CiscoChat: The 2015 Cisco Midyear Security Report

The Cisco 2015 Midyear Security Report provides an overview of key threats observed in the first half of 2015, along with insights on current and future trends and advice for organizations that utilize security solutions and services. Coinciding with a theme, The Innovation Dogfight between Attackers and Security Vendors, this year’s report is a clear realization that just as quickly as network security personnel and CXOs innovate their security measures, adversaries and their malware seem to be several steps ahead.

Join our next #CiscoChat on Thursday, August 13, at 10:00 a.m. PST: @CiscoSecurity hosts Talos technical leader, Craig Williams, to discuss the report’s findings and implications for organizations and attack defenders.

TW_CiscoChat Security_MidYear Report Read More »

Tags: , , , , ,

Government, Trust, & Technology Services, Cisco SourceFire, and Contextual Network Awareness: A Proactive Approach to Security

One of the hardest things for a company to do is to embrace new technology and manage it in line with company policy. At most organizations, users are generally told not to access certain company data on certain devices, but they go around security controls because efficiency and convenience outweigh the risk. Rather than preventing new technology from emerging in the environment, embrace it and understand it, but do so prudently. Read More »

Tags: , , , , , ,

We Who Cut Mere Stones Must Always Be Envisioning Cathedrals

The well-known Quarry Worker’s Creed, called out in prefaces to books such as “The Pragmatic Programmer” and “Ship While you Sleep”, posits the notion of IT done right as more than simple engineering discipline – good software development, for example, should not “preclude individual craftsmanship”. Drawing parallels to the construction of large cathedrals built in Europe during the Middle Ages, the quarry worker’s creed points out that while generations of builders advanced the state of structural engineering from one decade to the next, the “…carpenters, stonecutters, carvers, and glass workers were all craftspeople, interpreting the engineering requirements to produce a whole that transcended the purely mechanical side of the construction”.  

We who cut mere stones must always be envisioning cathedrals, says the Quarry Worker’s Creed, and as companies, cities and countries lean on their IT teams to enable the transformation to digital business, the talented men and women that work in technology are not just builders: they are increasingly artisans and craftsmen – experts in the tools of the trade and also nuanced in navigating the vicissitudes that present themselves in the quest to build and secure the technology that powers the next wave of innovation and growth.

Cybersecurity teams in particular have their hands full today. On one hand there are all the new advances that we often can’t get fast enough: crowd-funded financial services, online education, virtual booking for work spaces, driverless cars – to name just a few. All of these need security be conceptualized and built-in from the beginning (or not, to our peril). On the other hand, their adversaries, the often-elusive hackers are increasingly sophisticated actors, who design malware, tweak code and inject vulnerabilities with the same flair and passion of a renaissance architect.  Read More »

Tags: , , , ,

Getting to Know Tom Powledge, Vice President of Cisco Managed Security Services

After several months leading the managed security services portfolio at Cisco, I sat down with the social media team to discuss my path to Cisco, the evolution of the security market, and the future of security. [Note: This is an abridged version of the full interview.]

Q: After nearly 20 years at Symantec, why did you decide to move to Cisco?

TP: Cisco has all of the pieces necessary to solve the biggest security problems facing businesses today and into the future. Cisco’s position in the network, its broad security product portfolio, its strong and continued investment in security, and its pivot toward driving business outcomes and solving customer problems place this company in a unique position to lead the charge toward the next generation of security. As a part of a company that builds the cloud, mobility, collaboration, and Internet of Everything technologies driving change in the security market, we have a unique opportunity to proactively build security services that enable the secure adoption of these innovations. Our ability to integrate with networking technologies and all types of connected devices allows us to feed huge amounts of data from across an entire customer network into our big data platform for detecting, investigating, and analyzing threats. I’m eager to take what I’ve learned throughout 19 years in security and put that knowledge and experience to work in building up Cisco’s resources into a next-level suite of solutions. Read More »

Tags: , , , , , ,

Changing the Way We Deliver Vulnerability and Threat Intelligence

We are making some changes to the way Cisco Security provides and shares vulnerability and threat intelligence to make it more consumable by our customers and the security community. The Cisco Security IntelliShield Service has been successfully delivering multi-vendor security intelligence to our customers for 15 years. During this time, the security intelligence market has continued to evolve to more integrated and automated solutions. Similarly, the Cisco Security strategy has evolved to add machine-readable security content.

We have seen an ever-increasing volume of multi-vendor reporting over the years. IntelliShield started publishing security intelligence alerts in May 2000 and we published 1337 alerts that first year. By 2005 that had increased to 1555 alerts and in 2010 to 5210 alerts. In 2014, IntelliShield published 7242 alerts and the volume continues to increase. As the volume of security activity has increased, security teams are faced with the challenge of efficiently handling that increased volume. The solution for this increased volume is to automate the reporting and sharing of vulnerability and threat intelligence through machine-to-machine standardized formats.  Read More »

Tags: ,