Trustworthy Systems: Securing our network infrastructure
Digitization has opened up a myriad of new applications, efficiencies and innovations. Along with all this progress, however, comes a continued and urgent need for more advanced and effective security at the very foundational level–the network node and network systems.
From phishing and malware attacks to advanced persistent threats to SQL injections and everything in between, malicious security threats to the network are all around us. Attackers could significantly amplify the impact of an attack by targeting a specific network node that provides connectivity to multiple users, rather than targeting each user independently. Imagine a scenario where an adversary successfully runs modified software on the network node. A hacker could potentially tweak the software to get copies of every packet that transits the network node, or plant malicious software in all the end-points that are connected to the network. The increased complexity of a universally-connected network by definition allows for more threat vectors that must be protected from both simple and sophisticated attacks. In effect, the network as a whole is vulnerable, but fundamentally more so at the level of the network infrastructure.
A great example of the risks that are associated with the ubiquitously-connected network of the future was a bug for the website heartbleed.com. Heartbleed.com’s security vulnerability, one of the worst in the last decade, was due to an improper input validation in an OpenSSL crypto library that resulted in information assets being hijacked widely across numerous openings. Likewise, another security incident called “Dirty COW” emphasized the real threat and how important it is to take preventive and proactive action.
Cisco is embedding security across its networking portfolio through an integrated architectural approach towards creating a secure, resilient network foundation for digitization. With security embedded across multiple Cisco platforms, Trustworthy Systems is built for today’s threats. The holistic approach provides comprehensive verification of hardware and software integrity by securing the device, securing network communications and securing applications. Securing the device translates to protecting production, delivery, boot and runtime of devices which ensures that no one can tamper with the software that will be hosted on the device during the entire lifecycle of the product. Securing protocols and defaults ensure secure communication across the network thereby protecting the device from being attacked by an individual with malicious intent. Lastly, ensuring the security of our open containers, VMs and sandboxes aids in securing applications. This helps reduce vulnerabilities and risk, increases visibility into platform integrity and allows for faster identification and remediation of threats.
Embedded security translates into process-based security and security technologies that Cisco has created. The former includes all aspects across the secure development lifecycle including product security requirements, third-party security, secure design, secure coding, secure analysis, and vulnerability testing. Trust anchor technologies like signed images, secure runtime defenses and trust anchors enable the building of secure product lines.
This mesh of security allows us to guard against a whole spectrum of attacks including reconnaissance attacks, counterfeit avoidance, DoS attacks, advanced persistent threats, repudiation attacks, brute force attacks, side channel attacks and more.
Fostering excellent security and staying one step ahead of attacks is a challenging, high-stakes game. However, managing our innovation trajectory without compromising on security is what keeps us going. Our march towards the new era of networking is only complete when we ensure that it is easy to use, seamless, automated and fully secure.
As always, would love to continue the conversation @aoswal1234.