Cisco Blogs

Cisco Blog > Inside Cisco IT

Cisco Security Intelligence Operations: Defense in Depth

The security threat landscape is evolving. . . . Are you prepared? To help understand the magnitude of today’s security threats, let’s peek into a day at Cisco through the eyes of our Information Security team. Read More »

Tags: , , , ,

Protecting the Crown Jewels

Why do so many organizations maintain essentially open, “flat” networks, leaving thousands of users and devices with network-layer reach to their “crown jewels”? Especially in light of what we know with data breaches, theft, and loss? One possibility may be that some organizations simply grew too quickly, and the tools in the tool chest to implement network segmentation were onerous. Other tools or point products were deployed, making it easy to say “we have Identity and Access Management Systems” for that.

But this argument falls flat in the face of a massively-increased attack surface. How did organizations become so vulnerable? Easy – the combination of enterprise mobility trends, the exponential proliferation of devices, and the dramatic increase in workloads made possible by virtualized data centers. Combine that with advanced threats – the notion that with just one social engineering attack, an adversary can quickly move across systems until he finds valuable information – and organizations quickly start to realize that network segmentation and restricting network reach are more than just “nice-to-have,” but rather, an imperative.

Limiting who and what have network-layer reach to sensitive resources to those that truly have a need to know makes a lot of sense. The trouble has been that traditional methods of implementing network segmentation and network access control are generally cumbersome and entirely dependent on how the network is architected. Need to change or maintain the policy? You may be in for major network changes and massive resource hours – whether to redesign VLANs and IP-based ACLs, or simply to rewrite thousands upon thousands of firewall rules (in many of locations). Ouch.

Fortunately, there’s a readily available technology to apply secure access policy independent of network topology. If you can (1) classify the users and devices that access resources, (2) classify the resources themselves, and (3) specify the access permissions between these classifications, then Cisco TrustSec can enforce that policy within the network – it’s that simple.


Take a look at the example above. Here, we show a simple policy that specifies how different classes of users can access various resources in the data center. Changing this policy by changing a permission or adding a new class of users or resources is really straightforward and easy-to-understand. There’s no need to redesign VLANs, carve up the IP address space and (re) subnet the network, and/or re-write IP-based ACLs or firewall rules.

To learn how TrustSec can help protect your organization’s crown jewels by limiting the reach of who and what has access to sensitive resources, check out

Follow @CiscoSecurity on Twitter for more security news and announcements, and, if you’re in Milan, Italy, during the last week of January, come visit us at Cisco Live! Milan! We’d love to see you!

Tags: ,

Cisco Annual Security Report Live Broadcast – Recap

Last week, following the release of the 2014 Cisco Annual Security Report, my colleague Levi Gundert and I took questions from you, our partners and customers, about the report and its most interesting findings.

This year’s report highlighted a number of new trends and found unprecedented growth of threat alerts, which reached the highest level we’ve seen in more than a decade of monitoring.

Although the report paints a grim picture of the current state of cybersecurity, we are optimistic that there is hope for restoring trust in people, institutions, and technologies. This must start with empowering defenders with real-world knowledge about expanding attack surfaces. To truly protect against all of these possible attacks, defenders must understand the attackers, their motivations and their methods – before, during, and after an attack.

Here is a link to view the recording of the broadcast. If you have any questions that didn’t get answered, please leave them in the comments, and Levi or I will get back to you.

Tags: , , , , , , , , ,

Summary: A Balanced Approach to Mobile Security

For the benefits of collaboration to be better realized, IT leaders must take a balanced and strategic approach to mobile security that focuses more on protecting the network and proprietary data and less on implementing overly broad restrictions.

Gartner recently made three interesting predictions about mobility in the workplace. And while each of these predictions are compelling – they only offer one-side of the story and the solution:

  1. Twenty percent of BYOD projects will fail by 2016 due to IT’s “heavy hand.”
  2. Strict mobility policies will drive employees to want to isolate personal data from business data.
  3. Mobile browsers will gain market share for app delivery for multiple platforms, and the role of HTML5 in solving issues that arise with the multiple platform problem.

Instead, IT leaders should encourage employees to use secure solutions on devices connected to the network. Managing belief and behaviors of users and deploying a flexible infrastructure that can support an open BYOD policy and mitigate advanced security threats, can have tremendous impact on creating an immersive collaborative environment.

Learn more about how Gartner’s mobility and security predictions can affect the future of collaboration by reading the full blog: A Balanced Approach to Mobile Security.

Tags: , , , , , , ,

Cisco Partner Weekly Rewind – January 24, 2014

Partner-Weekly-Rewind-v2Each week, we’ll highlight the most important Cisco partner news and stories, as well as point you to important, Cisco-related partner content you may have missed along the way. Here’s what you might have missed this week:

Well it’s cold. The Polar Vortex strikes the US again and as I sit here in North Carolina, it is 29 degrees outside! But it already feels like communications and events are heating up now that we are on a collision course with spring. As we all bide our time for warmer weather, let’s take a look back at this week.

Off the Top

We had the honor this week of working with Senior Director of Cisco Global Adoption and Seller Readiness Thomas Winter on posting a great blog that should be of interest to a lot of our partners. Thomas’ blog about our Cisco Commerce Workspace (CCW) transformation highlights how we took 21 disparate tools and pared them all down into one. The focus here is on ease of doing business with Cisco but there is also fantastic information on large-scale IT implementation and Thomas does a great job showing what worked for us.

Be sure to check out the blog from Thomas and join in the conversation. Let us know what you think of the new CCW. Read More »

Tags: , , , ,