Cisco Blogs
Share

Trustworthy Systems: Securing our network infrastructure

- June 6, 2017 - 11 Comments

Digitization has opened up a myriad of new applications, efficiencies and innovations. Along with all this progress, however, comes a continued and urgent need for more advanced and effective security at the very foundational level–the network node and network systems.

From phishing and malware attacks to advanced persistent threats to SQL injections and everything in between, malicious security threats to the network are all around us. Attackers could significantly amplify the impact of an attack by targeting a specific network node that provides connectivity to multiple users, rather than targeting each user independently. Imagine a scenario where an adversary successfully runs modified software on the network node. A hacker could potentially tweak the software to get copies of every packet that transits the network node, or plant malicious software in all the end-points that are connected to the network. The increased complexity of a universally-connected network by definition allows for more threat vectors that must be protected from both simple and sophisticated attacks. In effect, the network as a whole is vulnerable, but fundamentally more so at the level of the network infrastructure.

A great example of the risks that are associated with the ubiquitously-connected network of the future was a bug for the website heartbleed.com. Heartbleed.com’s security vulnerability, one of the worst in the last decade, was due to an improper input validation in an OpenSSL crypto library that resulted in information assets being hijacked widely across numerous openings. Likewise, another security incident called “Dirty COW” emphasized the real threat and how important it is to take preventive and proactive action.

Cisco is embedding security across its networking portfolio through an integrated architectural approach towards creating a secure, resilient network foundation for digitization. With security embedded across multiple Cisco platforms, Trustworthy Systems is built for today’s threats. The holistic approach provides comprehensive verification of hardware and software integrity by securing the device, securing network communications and securing applications. Securing the device translates to protecting production, delivery, boot and runtime of devices which ensures that no one can tamper with the software that will be hosted on the device during the entire lifecycle of the product. Securing protocols and defaults ensure secure communication across the network thereby protecting the device from being attacked by an individual with malicious intent. Lastly, ensuring the security of our open containers, VMs and sandboxes aids in securing applications. This helps reduce vulnerabilities and risk, increases visibility into platform integrity and allows for faster identification and remediation of threats.

Embedded security translates into process-based security and security technologies that Cisco has created. The former includes all aspects across the secure development lifecycle including product security requirements, third-party security, secure design, secure coding, secure analysis, and vulnerability testing. Trust anchor technologies like signed images, secure runtime defenses and trust anchors enable the building of secure product lines.

This mesh of security allows us to guard against a whole spectrum of attacks including reconnaissance attacks, counterfeit avoidance, DoS attacks, advanced persistent threats, repudiation attacks, brute force attacks, side channel attacks and more.

Fostering excellent security and staying one step ahead of attacks is a challenging, high-stakes game. However, managing our innovation trajectory without compromising on security is what keeps us going. Our march towards the new era of networking is only complete when we ensure that it is easy to use, seamless, automated and fully secure.

As always, would love to continue the conversation @aoswal1234.

Tags:

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

11 Comments

    Hi Anand, Very informative blog. TWS is a timely innovative answer to the internet vulnerable to attacks by hackers. It would definitely provide Cisco a competitive edge.

    This is what we need the infrastructure!!

  1. Excellent blog - best summarized how Cisco enterprise trustworthy solution can benefit customers in enforcing and enhancing their cybersecurity framework to protect their customers, their business, and their IT and Operational infrastructure from increasing security risks and threats in digital age.

  2. Very nice article. Such a comprehensive approach would indeed be needed anytime when interfacing with external sources of data.

    We like this infrastructure

    "Trustworthy", that's the key word...Efficiency and innovation will follow along the security process.

  3. For folks coming to Cisco Live Las Vegas 2017, they can learn more by attending Breakout Session "BRKARC-1010 Protecting the Device: Cisco Trustworthy Systems & Embedded Security"

  4. Great article, very insightful....all the new innovations need to have TWS/security baked into it.

  5. Very insightful article Anand. As we digitize more, understanding the risk of attacks, need for security and recovery strategy will be more important. TWS is one such innovation in that direction. Thanks for the details with great examples. A nice read.

  6. Well written. TWS and security is integral part of Cisco and this is one of the important things we are investing our time.

  7. Hi Anand, You touched on the most vital part of the infrastructure - Security, for IoT, HealthCare and also with the Digitization it is important to have single sign-on and provide end to end security, there is no other company than cisco which can facilitate this level of integration of infrastructure.

Share