Cisco Blogs


Cisco Blog > Security

A Programmatic Approach to Using Cisco’s Security Intelligence Feed

If you’re an end-user or manager of software that has publicly known security vulnerabilities, wouldn’t you want to know about it? If you’re a software developer, wouldn’t you want to know if there are third-party software vulnerabilities that may impact your applications or products?  Do you have a patch management compliance requirement for managing software vulnerabilities? I presume the answer is a resounding “Yes” to each question that applies to you. Anything we, as cyber security professionals, can do to help automate the vulnerability management process, while integrating security intelligence into that process from both an end-user and developer perspective, is a good thing. In this post, I will discuss Cisco’s Application Programming Interface (API) that exposes security intelligence as a direct data feed into applications or portals. The API is known as the IntelliShield Security Information Service (ISIS) and has proven effective to answering these leading questions.

“Continuous improvement in vulnerability management practices is imperative to keeping pace with the changing security environment as a result of evolving threats as well as new products and technologies” Russell Smoak, Cisco Systems, Cisco 2013 Annual Security Report

The above quote underscores the importance of striving to raise the bar in protecting against vulnerabilities, which may be exploited in your environment, or in the case of a developer, the products you provide to your customers. Cisco uses ISIS several ways, both internally and externally. Internally, Cisco takes advantage of custom-built tooling that uses vulnerability data from Cisco IntelliShield to notify the product development teams when a security issue originating in third-party software may impact a Cisco product. This tool has greatly increased the ability to manage security issues that originate in non-Cisco code. Externally, ISIS is used to provide the content to several sections accessible through the Cisco SIO portal. A couple of examples include:

  1. IOS Software Checker: this tool is used to query Cisco IOS Software Releases against published Cisco Security Advisories.
  2. Security Alerts: this tool provides an “At-A-Glance” type of view of security events such as vulnerability exposures.

Technically, ISIS provides a set of services that support application-to-application interaction using SOAP over the HTTPS protocol, allowing clients to develop ISIS-dependent applications that are not dependent on the technologies used to implement ISIS. The only dependency is for the client to have the ability to produce a SOAP message, send it to ISIS over HTTPS, and ultimately decompose the SOAP response. These services also allow clients to filter the security intelligence based on various inputs, enabling clients to align IntelliShield security intelligence with the unique business needs of their environment. Read More »

Tags: , , , ,