Security professionals are planners by nature. Our industry expects planning, legal and standards compliance requires it, and we drive ourselves toward it. However, the best plans fall out of date quickly. And as the adage commonly paraphrased as “no plan survives contact with the enemy” states, even properly maintained, up-to-date, and well-thought-out plans may fall apart during an incident.
What’s the remedy? We certainly shouldn’t throw out our plans. Instead, we should test and adjust our plans so that when the real enemy shows up, we might have a plan that survives, at least from a broad perspective. In short: security professional, hack thyself!
Read More »
Tags: penetration testing, security
Security events, such as vulnerabilities and threats, that are detected globally continue to grow and evolve in scale, impact, diversity, and complexity. Compounded with this is the other side of the coin, the unreported or undetected events waiting in the wings, hovering below the radar in a stealthy state. With all of the security technologies at our disposal, are they sufficient enough to provide effective protection? Well, it is certainly a good start when applied correctly. At a summary level, Cisco’s Security Intelligence Operations (SIO) approach to this challenge was covered in the Network World feature article, “Inside Cisco Security Intelligence Operations.” However, one of the core human elements, which I will introduce, that deserves closer attention is the role of security analyst. In addition, this article provides those of you with career interests some additional insight into working in the IT security field.
Read More »
Tags: advisories, Cisco, cyber security, cybersecurity, exploits, intellishield, secure software, security, security management, vulnerability
Today, industrial networks are being impacted by a number of trends – convergence of industrial and enterprise networks, growing inter-connectivity across industrial equipment, and heightened security concerns. Come visit Cisco in Hall 8, Stand 26 at Hannover Messe to see what we have to offer for manufacturing, mining, transportation, and oil, gas and energy companies. Read More »
Tags: Converged Plantwide Ethernet, Factory, Hannover Messe, Hanover, industrial ethernet, industrrial Automation, Manufacturing, Rockwell, security, wireless
As anyone who attended Cisco’s recent “BYOD without Compromise” Webinar noticed, the BYOD phenomenon is changing company priorities, and is bringing up a lot of questions about the solutions available to scale, secure and operate a successful network. Replay the Webinar
Join us for our upcoming #ciscowifi TweetChat during which you’ll be able to engage in a real time BYOD discussion on Twitter with Cisco Technical Experts. What is a TweetChat?
April 17, 10-11am PST: TweetChat Topic: BYOD and Cisco ISE – use #ciscowifi.
First, I’ve put together just a few details based on the most popular questions posed during the recent webinar about Cisco’s approach to BYOD. And at the end of this post, I’ve also listed upcoming events for even more in depth technical discussions on a variety of BYOD topics.
Enhanced Identity Services Engine (ISE):
Cisco ISE is a context-aware, identity-based platform that gathers real-time information from the network, users, and devices. This enables IT to offer mobile business freedom with policy for when, where and how users may access the network..
ISE integrates with Prime Network Control System and supports BYOD with any 11n Wireless Access Point (even if you’re running your network in FlexConnect -- aka HREAP- mode)
In addition to managing on-boarding, Cisco ISE has full guest lifecycle management. It also allows IT to deny access to devices for a variety of reasons; such as who you are, what device it is, if you are running the latest OS or anti-malware or how you are accessing the network..
Posture -- Posture is the component of ISE platform responsible for enforcement of corporate security policies governing access to its enterprise network. For example, for non-corp owned devices, you can decide what is the minimal requirements based on the device type/OS etc. Setting this up ahead of time will avoid security issues with non-supported devices
ISE also provides real-time endpoint scans based on policy to gain more relevant insight. These automated features result in a better user experience and more secure devices. Cisco ISE uniquely leverages the network. It is essentially the brains for secure access and provides the policy to the network infrastructure (it is woven into the switches, routers, etc.)
New Prime Infrastructure:
Prime is a single package that provides complete infrastructure – wired and wireless, and mobility lifecycle management– configuration, monitoring, troubleshooting, remediation, and reporting. This solution includes: Prime Network Control System (NCS) for converged wired/wireless monitoring and troubleshooting, plus wireless lifecycle management, with new branch network management functionality; and Prime LAN Management Solution, for wired lifecycle management and Borderless Network services management.
Mobile Device Management (MDM):
To protect data on mobile devices and ensure compliance, Cisco is integrating with multiple Mobile Device Management vendors. This gives IT greater visibility into the endpoint as well control over endpoint access based on the compliance of these devices to company policy (such as requiring pin lock or disallowing jailbroken devices), and the ability to do remote data wipes on lost or stolen mobile devices. If you don’t have a supported vendor, we will not be able to get as rich detail about the status of that device, however, you still get the full wired/wireless policy.
Current MDM third party vendors: Zenprise, Good, Airwatch, MobileIron
Device Operating Systems:
Wondering about which OS is preferred on your mobile device?
Cisco offers broad mobile device OS support in Cisco AnyConnect VPN software, including IOS, Android, and Windows Mobile.
When it comes to virtualization, Cisco has created the Cisco Virtualization Experience Infrastructure (VXI), an end-to-end systems approach that delivers the next generation virtual workspace by unifying virtual desktops, voice, and video. Check out the link for more information on VXI, VXI with Citrix, VXI with VMware, Virtualization Services and validated Design Guides http://www.cisco.com/web/solutions/trends/virtualization/index.html
This is just a drop in the bucket. To get even more information on taking your organization beyond BYOD, don’t miss our upcoming technical deep dive webinars and in person events that speak directly to managing your growing network while you’re doing your best with limited resources. You can also check out Cisco’s BYOD solution, Prime and ISE:
Tags: byod, cisco prime, ISE, mobility, policy, security, wifi
Last weekend was a typical one, nothing out of the ordinary: errands, science fairs, softball practice with the kids. However, I found myself hesitating a number of times, thinking twice, before I handed my credit card to the cashier at the mall for to purchase a pair of shoes and again as I typed in my credit card number and security code online to purchase some items for a school fund raiser. In the past, I hadn’t given this much thought, but with yet another data breach in the news, it seems that the breaches are continuing to occur – and as consumers, we will continue getting those ‘Dear John’ letters informing us we were one of the unlucky ones…
With news of another data breach of up to 1.5 million credit and debit cards compromised last month as well as high-profile data attacks against the International Monetary Fund, National Public Radio, Google and Sony’s PlayStation Network, data security should be top of mind to all of us. So, how are these breaches continuing despite all of the efforts to secure customer data? In a series of blog entries to follow, we’ll outline the anatomy of a data breach, steps you can take to reduce your risk, and how Cisco can help keep your organization from being the topic of the next breach headline.
Anatomy of a Data Breach:
It used to be that hackers were in the business of hacking for fame or infamy… mostly individuals or groups of friends were doing small-time breaches, leaving digital graffiti on well-known websites. Although these breaches demonstrated security gaps among those affected, there was little financial impact compared to today. It should come as no surprise in a world of big data, that it is harder than ever for organizations to protect their confidential information. Complex, heterogeneous IT environments make data protection and threat response very difficult.
Read More »
Tags: compliance, credit card, data breach, data loss, malware, pci, security