Cisco Blogs


Cisco Blog > Security

Transparency, Transparency, Transparency, and Trustworthy Systems

We’ve invested considerable time, effort, and money in the effort to make Cisco products robust enough for deployment as Trustworthy Systems, either in their own right or integrated into a complete solution. At its essence, attaining trustworthiness is a matter of discipline—a series of conscious actions to build products in the right way, certify their conformity to prevailing industry and customer-required standards, and keep a careful watch on the integrity of the product supply chain, from initial product concept through their integration and operation over a solution lifecycle. But the most important attribute of a trustworthy system is vendor transparency. I define this as a customer’s ability to ask a vendor any question and to receive a complete, honest answer in return.

I have more to say on this subject in a video blog. I also invite you to view the Trustworthy Systems page on Cisco.com and download the newly published Cisco Trustworthy Systems White Paper.

Tags: , ,

RSA Conference 2013: I Am Security

Here I sit… In Mel’s Drive-In Diner, San Francisco, CA. I just inhaled the “El Ranchero Americano”, which I am sure to regret later, and am enjoying tunes from yester-year complete with Doo-Wop and Presley. You may ask, “Why do I care…?”  Well, before this turns into an episode with Anthony Bourdain, I will let you know that I am in ‘The City’ attending RSA Conference 2013.

rsac_logo

RSA Conference 2013 Video

 

Allow me to give you a quick background.  RSA’s goal is to connect security professionals from around the world in order to continue the growth and importance of security as technology aggressively expands. RSA started these conferences in 1991 when internet security really became a topic of discussion.  Everyone who is anyone is here, from start-up companies to our own Cisco.

Again, you might ask “What’s the big deal?”  I listened to a keynote by Vint Cerf, widely known as ‘The Father of the Web’, he gave an ‘If you can imagine…” speech. In this talk, he said if we could imagine our refrigerator being able to ‘talk’ to us… explore the internet for recipes in which the ingredients are what we currently have in the fridge and have a list of those recipes ready for us on the door or emailed to us. Pictures on our refrigerator being streamed live from our loved ones as they are posted on various social media sites, keeping us in the loop with our families across the world… It’s not ‘If’, it’s most certainly ‘when’… We are currently living in the era of the ‘Internet of Everything’.

With this, though, comes the most important element:  Security. How? How do we secure all of our information as we move forward? How do we secure billions of people while maintaining a ‘free moving internet?’ That’s why we’re here. We are here to discuss current security initiatives, evolving ideas, discussing the gaps in our current security… We are here to protect you.

As we move forward, it is absolutely essential to protect our ‘freedom’ to use the internet anytime, anywhere, and on any device. There are professionals working tirelessly in order to maintain that connectivity, and conversely, there are just as many trying to take our freedom away by disrupting our service and ‘stealing’ our personal information for their personal gain.

In our progression to ‘work our way’ in every way, we must stay vigilant and always on guard. I don’t know about you, but I do enjoy my flexibility and I also know I can sleep well at night knowing that there are people invested in my cybersecurity safety.

Until next time.

Mark

Tags: , , , , , , ,

Addressing Security Challenges and Campus Safety

Schools are facing increasing security challenges, ranging from campus violence to thefts, from vandalism to natural disasters. Abductions, Shootings, Bullying, Thefts, Vandalism, Visitor Management, Bomb threats, Fire, Earthquakes, Local Community Emergencies.

According to the respondents to the Campus Safety Magazines 2013 yearbook & survey, here are some  top challenges for schools in 2013:

  • 43%  more than 2 in 5 campuses lack a visitor management system
  • 39% have a video system not integrated with other systems
  • 33% have radio systems that can’t interoperate with first responder from other jurisdictions
  • 25% or 1 in 4  campuses do not feel prepared to respond to active shooter incidents

Higher Education and school districts often have sufficient network infrastructures to support everything they need in terms of unified collaborative safety and security applications on the network including video surveillance, electronic access controls and incident management.

Read More »

Tags: , , , ,

Reflections from a road trip: The evolving risk of DDoS attacks

Recently, I spent time with some of our customers discussing recent security events and the threat landscape. As a leader for vulnerability handling, we often have to deliver news regarding our products that can cause significant disruption for patching and remediation. I always appreciate the time that customers take to provide feedback on our products and services.

The dominant topic during conversations with customers was the threat landscape, specifically the Distributed Denial of Service (DDoS) attacks that have and are currently taking place. While DDoS attacks are certainly not new territory for our industry, there were some interesting observations we discussed regarding the nature and impact of such activities. Read More »

Tags: , , ,

We Are Listening. Keep the Feedback Coming!

During the 2012 fall season, we launched a survey that seeks to understand how you use and value the security resources on the Cisco Security Intelligence Operations Portal at http://cisco.com/security. At the same time we also made available our enhanced feedback mechanism—shown below highlighted in red—to allow you to more easily share your thoughts and frustrations with our content.

portal-feedback1

The response has been fantastic; thank you.

Through the new survey and feedback systems, we are broadening our understanding of the content-types you find useful, those you don’t, as well as content you’re not familiar with. We have received very specific questions and feedback and done our best to respond directly when we could (did you include an email address?) and have responded publicly via @CiscoSecurity a few times when no contact information was shared. For example, when an anonymous feedback-submitter suggested we provide RSS feeds for Cisco Security Advisories, we responded via Twitter with:

@CiscoSecurity: A friendly reminder, RSS feeds for all Cisco SIO content types, including Security Advisories, are available at http://cs.co/9007VQr7

Read More »

Tags: , ,