Cisco Blogs

Intelligent Cybersecurity

February 18, 2015 - 0 Comments

I recently received notice from my bank that they were changing my bank card number — again — due to suspicious activity on my account. This is the third such notification received in the past twelve months! Although it is an annoyance and a bit inconvenient, I do appreciate the bank’s attempt to protect my financial data. Moreover, it represents a much larger problem than mine but a major concern for businesses the world over. It is just one example of the pervasive issue of data security and attests to the sad fact that we are living in a time with a very dynamic threat landscape.

It is estimated that the annual cost of cyber-crime to the global economy ranges from $375 billion to as much as $575 billion, according to a 2014 study by the Center for Strategic and International Studies. In addition, the study reports that as many as 350,000 jobs in the US and EMEAR are lost because of malicious online activity.

In PricewaterhouseCooper’s 17th Annual Global CEO Survey, half the top execs surveyed expressed concern about cyber threats to their organization. Their concern is certainly warranted, as Cisco’s 2014 Mid-Year Security Report disclosed that 100 percent of networks analyzed showed traffic going to sites hosting malware. This is a very expensive problem. According to the Ponemon Institute, the cost of an organizational data breach in the U.S. averages $5.85 million (up from $5.4 million in 2013). It not only affects a business financially but corrodes consumer confidence as well.

Organizations are struggling to defend their networks given the three main realities of today’s business landscape:

  • Changing Business Models –
    Organizations continue to use technology for competitive and operational advantage constantly evolving which spawn new attack vectors like mobile devices, web-enabled and mobile applications, hypervisors, social media, web browsers, home computers, and even vehicles. The Internet of Things will also accelerate the degree of change in years to come and make it even more difficult for organizations to defend themselves.
  • Dynamic Threats –
    Attackers are not resting and are continually honing their craft. As business and technologies change, so do the exploitative techniques of hackers and attacks
  • Complexity and Fragmentation –
    Most organizations have dozens of security technologies that are not inter-operative. This problem is further exacerbated by a significant lack of talent available in the market.

A Threat-Centric Security Strategy
Cisco advocates moving beyond the typically static security defenses that seek to prevent attacks. We have implemented an operational model and strategy that encompasses what needs to be done before, during, and after an attack. Conventional tools such as anti-virus, anti-malware, intrusion detection, and data leak prevention, still play a vital role — although Cisco suggests an integration of these defense mechanisms with an approach that takes the complete attack continuum into account. Prevention alone will not detect or defeat threats that have slipped though defenses and are actively exploiting your infrastructure. Cisco believes that pervasive protection across the full attack continuum is required — before, during, and after an attack.

Before, During, After Attack Continuum concept:

  • Beforediscover, enforce, and harden
    • You have to know what is on your network (devices, operating systems, services, applications, users) before you can provide any adequate defense.
    • Strict controls must be implemented and policies enforced in order to govern access to assets.
  • Duringdetect, block, and defend
    • When attacks are underway, you have to be able to detect them as soon as possible with the best detection tools available correlated across the extended network.
  • Afterscope, contain, and remediate
    • Invariably, some attacks will be successful and you will need to use retrospective security to assess the scope of the breach, contain the event, remediate, and bring operations back to normal.
    • This is also an opportunity for analysis, reassessment, and continuous improvement of tools and systems.

Security strategies must be visibility driven, threat focused, and platform based. You can’t protect what you can’t see. Visibility of all devices and processes for which an IT department is responsible is necessary to adequately monitor what’s going on. This line of sight needs to extend across the full threat continuum — before, during, and after.

Security must also be threat-focused — detecting, understanding and stopping threats.

Using the foundation of visibility we understand context and apply intelligence to detect a threat.  Once threat is detected, automated enforcement will stop it.  When new detections occurs, we must alert on malware and identify the scope of compromise – including patient zero, and how the malware spread to stop its spread and remediate.

Finally, effective defenses need to be platform based and not an ad hoc collection of products, solutions, or services targeting individual hazards without regard for other phenomena. The platform must include firewall functionality, application control, intrusion prevention capability, advanced breach detection, as well as remediation. This new solution simplifies an organization’s security architecture, while also reducing operating costs and complexity.

 Raja February 2015

Partner Opportunities

Cisco provides intelligent cybersecurity for the real world.  We don’t claim to have a silver bullet that will address all your security issues. We do, however, offer products and services that will help you defend your network from the industrialized hacker.

Product offerings:

Cisco’s Advanced Malware Protection (AMP) is the only solution available today that combines the power of big data analytics, point-in-time detection, and retrospective security tools powered by continuous analysis to protect organizations from advanced threats.  AMP is deployable across the extended network including endpoints, network appliances, mobile devices, virtual systems, web and email gateways.

  • Cisco Adaptive Security Appliance (ASA) with FirePOWER Services is an adaptive threat-focused, next-generation firewall that delivers superior, multi-layered protection that improves visibility and reduces security costs and complexity.

Service offerings:

  • Advisory Services –
    • Custom Threat Intelligence
    • Security Posture Assessment
    • Network Device Security Assessment
    • Security Design Assessment
    • Security Strategy for Program Development
  • Integration Services –
    • Migration services
    • Security Optimization Services
    • Security Plan and Build Services
    • Integrated Service Engine Services
    • Plan and build services for E-mail content security
  • Managed Services –
    • Managed Threat Defense provides sophisticated real-time, predictive analytics alongside a broad range of advanced security tools used by a global network of expertly staffed security operations centers. Cisco security experts apply the latest global threat intelligence to deliver a customized approach for incident analysis, confirmation, escalation, and response.
    • Remote Managed Services for Security is available for select Cisco security products. It is a co-management service providing continuous monitoring, management, and support of Cisco network and advanced technologies. Remotely managed services anticipate, identify, and resolve issues quickly and accurately, while retaining visibility and control across the network.

Call to Action 

Outwit attackers and make Cisco’s Security Business Group your #1 security partner. Then, when you hear news of yet another massive business data breach — or receive notice from your bank that they’re changing your account number one more time —  you can breathe a little easier knowing that your enterprise is part of the effort to stay ahead of the increasing sophistication of threats.

If you would like to learn more about Cisco’s Cybersecurity solutions, check out these sources:

Be sure to give me your feedback in the comments section. What do you think of Cisco’s approach to cybersecurity?

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.