Cisco Blogs

Cisco Blog > Security

T-7: The Bundle Countdown Begins…

It’s that time of year again—the Cisco IOS Software Security Advisory Bundled Publication will go live in seven days. As a reminder, the Cisco Product Security Incident Response Team (PSIRT) releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of March and September each calendar year. As is the case with the vast majority of our advisories, vulnerabilities scheduled for disclosure in these upcoming Security Advisories will normally have a Common Vulnerability Scoring System (CVSS) Base Score from 7.0 to 10.0.

To ensure you’re prepared for the upcoming publication, consider:

  • Creating a text file of all the Cisco IOS Software releases in your network
  • Assembling a simple list of Cisco IOS Software technologies and features you use
  • Noting your username and password
  • Locating the username and password for your Cisco IOS routers and switches
  • Ensuring network operation partners are prepared for the security advisory release
  • Reviewing the benefits of OVAL and CVRF content

Read More »

Tags: , , , ,

Summary: Navigating Security Threats in a Mobile World

Security plays an important role in the success of mobility implementations worldwide. We assume security threats are always present, however it’s not always apparent where threats may arise from. Being aware of these potential risk areas is crucial.

Business decision-makers must gain insight into where these breaches are occurring. They should also understand why it is important for them to care, and how they can be aided by technical decision-makers to solve these issues moving forward.

Here’s a brief look into the where, the why and the how of embracing a secure approach to enterprise mobility and what it means for business leaders.


Where are security threats? Today’s organizations are facing a greater attack surface as advanced mobile devices and public cloud services foster new attack models and increasing complexity within networks. To cover the entire attack continuum, organizations need to address a broad range of attack vectors with solutions that operate everywhere the threat can manifest itself: on the network, on traditional endpoints, on mobile devices, and in virtual environments.

How can threats be thwarted? The best approach is a proactive one, rather than a reactive one, especially when many organizations may not know when they are under attack. Business leaders must work with IT teams to institute a formal program for managing mobile devices and to ensure that any device is secure before it can access the network.

Why does a balanced approach to mobile security matter? In a recent blog post, I discussed the need for organizations to deploy a balanced approach to mobile security. This approach should focus more on protecting the network and proprietary data and less on implementing overly broad restrictions. IT needs to approach security with a user experience mentality. After all, if you overly manage devices, your adoption will be low and so will your return on investment (ROI). This approach can lead to greater opportunities to align threat intelligence and security best practices.

To learn more about this balanced approach to mobile security, read the full blog: Navigating Security Threats in a Mobile World.

Tags: , , , , , , , , , , , , ,

Building Bridges for the Future of Technology

Technology in the public sector has revolutionized the way government agencies deliver services, conduct operations and secure sensitive information. Last week, I had the pleasure of learning from several prominent government leaders about how smart, visionary leaders have harnessed the power of new technology to transform the way they fulfill their respective missions.

We started by visiting the National Cybersecurity Center of Excellence (NCCoE) in Rockville, Maryland, which is part of the National Institute of Standards and Technology (NIST). When complete later in summer 2015 the NCCoE facility will be the epicenter of cybersecurity education, strategy and technology for government, academia and private industry and corporations such as Cisco. Now more than ever, such public-private partnerships are imperative in recognizing and thwarting common enemies who can wreak havoc by compromising sensitive information. This center will allow the top thinkers, practitioners, IT professionals and educators to collaborate and develop strategies to keep our sensitive information protected. Donna Dodson, director of the Center, hopes it will evolve into a hub for cyber solutions derived from government and private-sector tools. Read More »

Tags: , , , , , ,

Summary: Beyond Security Concerns: IoT Also Provides Security Benefits!

Security concerns surrounding the Internet of Things (IoT) is a topic that’s beginning to gain quite a head of steam lately, and for good reason. But it’s also important to note that IoT can dramatically improve the overall security posture of your organization.

Read the full Beyond Security Concerns: IoT Also Provides Security Benefits! blog post to learn more.

Tags: , ,

Beyond Security Concerns: IoT Also Provides Security Benefits!

The Internet of Things (IoT) is a topic that’s beginning to gain quite a head of steam lately, particularly when it comes to security concerns that accompany it. Billions of new devices, most of which are in insecure locations. You don’t own them; oftentimes can’t see them; and you don’t control them in any way, shape, or form. Yet they’re sending petabytes of data through your network. It’s enough to make a security professional lose sleep for weeks at a time.

But while many security professionals are focusing on these challenges, there’s also a huge security benefit that will come in the form of IoT enabled security! Remember, IoT isn’t about the devices themselves, it’s about the network of devices – the benefits from having all of those devices work together to produce actionable intelligence. In a similar vein, securing IoT networks can’t be about the individual security devices, but rather the network of security devices, so that they can work together to produce comprehensive, actionable security intelligence in near real-time – increasing the organization’s overall security posture with little or no human intervention required.

Read More »

Tags: , , , , , , ,