Putting a Damper on ‘Lateral Movement’ due to Cyber-Intrusion
Analysis of high-profile cyber breaches often reveals how intruders gain their initial footprint in the targeted organizations and bypass perimeter defenses to establish a backdoor for persistent activities. Such stealthy activities may continue until intruders complete their ultimate mission—claiming the “crown jewels” of the victim organization. “Lateral movement” is a term increasingly used to describe […]
Batman, TrustSec, and PCI
One of my passions is around PCI compliance. I know that sounds oxymoronic. How can someone actually be passionate about something as dry as compliance? Well, for the sake of argument, I prefer delusional rationalization. I think of myself as Batman! I don’t have his intelligence, money, car, or cape (well, I do have the […]
Secure Access for the Real World, Really?
Yes, really. I just got back from Cisco Live! Milan where Chris Young, Senior VP at Cisco, spoke to the Cisco security story, Intelligent Cybersecurity for the Real World. The Cisco security strategy addresses many security challenges across a range of attack vectors (network, endpoint, mobile devices, cloud, or virtual). It covers the entire attack […]
Taking Complexity Out of Network Security – Simplifying Firewall Rules with TrustSec
Bruce Schneier, the security technologist and author famously said, “Complexity is the worst enemy of security.” We have been working with some customers who agree strongly with this sentiment because they have been struggling with increasing complexity in their access control lists and firewall rules. Typical indicators of operational complexity have been: The time that […]
Protecting the Crown Jewels
Why do so many organizations maintain essentially open, “flat” networks, leaving thousands of users and devices with network-layer reach to their “crown jewels”? Especially in light of what we know with data breaches, theft, and loss? One possibility may be that some organizations simply grew too quickly, and the tools in the tool chest to […]
Just Announced at Cisco Live! Milan – Cisco is Opening TrustSec Capabilities to Other Vendors
With encouragement from customers, Cisco has submitted the TrustSec protocol that we use to exchange role and context information between network devices to the IETF. Chris Young, Senior Vice President of Cisco Security, shared the news during his keynote address at Cisco Live! Milan. The Source-group tag eXchange Protocol (SXP) has been submitted to the […]
Security: Front and Center at Cisco Live Cancun 2013
This year I was honored to be able to present and participate at Cisco Live Cancun, which took place last week. Many attendees from North, Central and South America and...
[Summary] How Secure Is Your Mobile Worker?
Let’s start with how well do you know your mobile worker? Understanding the mobile worker’s perceptions and behaviors will offer a better view on the potential security implications your organization must manage. Cisco just released new global research (white paper) , Cisco Connected World International Mobile Security study, that explores the mobile worker’s view points […]
How Secure is Your Mobile Worker?
How well do you know your mobile worker? Understanding the mobile worker’s perceptions and behaviors will offer a better view on the potential security implications your organization must manage. Cisco recently released a new global infographic and white paper, the Cisco Connected World International Mobile Security study. They explore the mobile worker’s view points concerning […]