Login
The past few months have been chockfull of conversations with security customers, partners, and industry leaders. After two years of virtual engagements, in-person events like our CISO Forum and Cisco Live as well as the industry’s RSA Conference underscore the power of face-to-face interactions. It’s a reminder of just how enriching conversations are and how incredibly interconnected the world is. And it’s only made closer by the security experiences that impact us all.
I had the pleasure of engaging with some of the industry’s best and brightest, sharing ideas, insights, and what keeps us up at night. The conversations offered more than an opportunity to reconnect and put faces with names. It was a chance to discuss some of the most critical cybersecurity issues and implications that are top of mind for organizations.
The collective sentiments are clear. The need for better security has never been so strong. Securing the future is good business. Disruptions are happening faster than ever before, making our interconnected world more unpredictable. Hybrid work is here to stay, hybrid and complex architectures will continue to be a reality for most organizations and that has dramatically expanded the threat surface. More and more businesses are operating as ecosystems—attacks have profound ripple effects across value chains. Attacks are becoming more bespoke, government-sponsored threat actors and ransomware as a service, continue to unravel challenging businesses to minimize the time from initial breach to complete compromise, in the event of a compromise.
Regardless of where organizations are on their digital transformations, they are progressively embarking upon journeys to unify networking and secure connectivity needs. Mobility, BYOD (bring your own device), cloud, increased collaboration, and the consumerization of IT have necessitated a new type of access control security–zero trust security. Supporting a modern enterprise across a distributed network and infrastructure involves the ability to validate user IDs, continuously verify authentication and device trust, and protect every application—
without compromising user experience. Zero trust offers organizations a simpler approach to securing access for everyone, from any device, anywhere—all the while, making it harder for attackers.
Simplicity continues to be a hot topic, and in the context of its functionality. In addition to a frictionless user experience, the real value to customers is improving operational challenges. Security practitioners want an easier way to secure the edge, access, and operations—including threat intelligence and response. Key to this simplified experience is connecting and managing business-critical control points and vulnerabilities, exchanging data, and contextualizing threat intelligence. And it requires a smarter ecosystem that brings together capabilities, unifying admin, policy, visibility, and control. Simplicity that works hard and smart—and enhances their security posture. The ultimate simplicity is improved efficacy for the organization.
Insider cyber-attacks are among the fastest growing threats in the modern security network, an increasingly common cause of data breaches. Using their authorized access, employees are intentionally or inadvertently causing harm by stealing, exposing, or destroying sensitive company data. Regardless, the consequences are the same—costing companies big bucks and massive disruption. It’s also one of the reasons why “identity as the new perimeter” is trending, as the primary objective of all advanced attacks is to gain privileged credentials. Insider attack attempts are not slowing down. However, advanced telemetry, threat detection and protection, and continuous trusted access all help decelerate the trend. Organizations are better able to expose suspicious or malicious activities caused by insider threats. Innovations are enabling business to analyze all network traffic and historical patterns of employee access and determine whether to let an employee continue uninterrupted or prompt to authenticate again.
Supply chain attacks have become one of the biggest security worries for businesses. Not only are disruptions debilitating, but no one knew the impacts or perceived outcomes. Attackers are highly aware that supply chains are comprised of larger entities often tightly connected to a broad array of smaller and less cyber-savvy organizations. Lured by lucrative payouts, attackers seek the weakest supply chain link for a successful breach. In fact, two of the four biggest cyber-attacks that the Cisco Talos team saw in the field last year were supply chain attacks that deployed ransomware on their targets’ networks: SolarWinds and REvil’s attack exploiting the Kaseya managed service provider. While there’s no perfect way to absolutely protect from ransomware, businesses are taking steps to bolster their defenses and protect against disaster.
Security incidents targeting personal information are on the rise. In fact, 86 percent of global consumers were victims of identity theft, credit/debit card fraud, or a data breach in 2020. In a recent engagement discovered by the Cisco Talos team, the API on a customer’s website could have been exploited by an attacker to steal sensitive personal information. The good news is governments and businesses alike are leaning into Data Privacy and Protection, adhering to global regulations that enforce high standards for collecting, using, disclosing, storing, securing, accessing, transferring, and processing personal data. Within the past year, the U.S. government implemented new rules to ensure companies and federal agencies follow required cybersecurity standards. As long as cyber criminals continue seeking to breach our privacy and data, these rules help hold us accountable.
Through all the insightful discussions with customers, partners, and industry leaders, a theme emerged. When it comes to cybersecurity, preparation is key and the cost of being wrong is extraordinary. By acknowledging there will continue to be disruptions, business can prepare for whatever comes next. And when it comes, they’ll not only weather the storm, but they will also come out of it stronger. And the good news is that Cisco Security Business Group is already on the journey actively addressing these headlines, and empowering our customers to reach their full potential, securely.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Extended Detection and Response, or XDR, the cybersecurity topic that dominated the RSA conference 2022 show floor with multiple vendors, has been getting a lot of attention lately, and for good reason. A connected, unified approach to detection and response promises to give security professionals all the tools and capabilities they need to address the ever-growing attack surface.
At Cisco, we wanted to get an independent view of what XDR means to a security operations audience, so we partnered with ESG on a survey conducted in April 2022 of 376 IT cybersecurity professionals in North America, which explored some key questions and trends for security operations centers as it relates to XDR. This new eBook, SOC Modernization and the Role of XDR, provides insights into the survey. Unsurprisingly, 52 percent of organizations surveyed believe that security operations are more challenging than just two years ago, and it’s clear cybersecurity professionals are looking for the next architecture to solve these challenges.
The distributed nature of the network is resulting in more data from multiple control points. The survey showed that while 80 percent of organizations are already using more than 10 data sources as a part of their security operations, they want even more as they realize the value of being able to aggregate, normalize, correlate, and contextualize data so they can take better actions faster. At the same time, 81 percent say that they have been impacted by the cybersecurity skills shortage, and more data without the capabilities and skills in place to act will only diminish the ability to address threats.
To help fill those skills gaps, improved threat detection playbooks and incident prioritization will be critical aspects of the security operations strategy. Another key tool widely recognized as important in building a foundation is the MITRE ATT&CK framework that can help your teams focus and understand adversary tactics and techniques based on real-world observations.
While a common industry definition remains elusive, one thing is clear: XDR will play a critical role in the modernization of the security operations center. Determining how it will help your security operations team, and which partners to work with as you build out your XDR approach, will determine your level of success.
You need XDR to transform your infrastructure from a series of disjointed solutions into a fully integrated ecosystem that gets you to your outcome more effectively and efficiently. Cisco has built XDR capabilities into the broad portfolio of our security products and easily integrates with existing solutions in your environment using open APIs. After you’ve read the ESG SOC Modernization and the Role of XDR eBook, we invite you to take a look at the Cisco XDR Buyer’s Guide, which outlines five key elements of XDR done right and provides some questions to ask as you consider which vendors you want to work with in building out your security strategy. Don’t wait to start planning how XDR will help your security operations team.
Source: ESG Research Study, SOC Modernization and the Role of XDR, June 2022
See XDR done right:
Cisco XDR Buyer’s Guide
What is it that customers truly want from their security? Is it simplicity? Robust protection? Agility and flexibility? Yes! In today’s uncertain world where new challenges are being thrown at IT teams each day, security must meet many diverse needs. At the end of the day, it’s about keeping the entire business resilient despite the chaos of the cyber world.
As hybrid work, the move to the cloud, and increasingly insidious threats all converge to create layers of complexity, security teams must be extra vigilant and ready for what’s next. They need a comprehensive, integrated security system whose various components share information and work together to pinpoint attacks and minimize organizational impact — without introducing undue friction.
With businesses, networks, clouds and devices becoming so interconnected, delivering next-level security to match the future of work is a formidable undertaking — one that few vendors are positioned to tackle. But thanks to our nearly 40-year heritage of providing and protecting a vast amount of the world’s networking infrastructure, Cisco is up for the challenge.
“At a moment’s notice, we were able to transition 80 percent of our workforce to be remote — and our company was never remote before. Because of our Cisco solutions, we were able to deploy everything and have people work well remotely with very minimal issues.”
— Joseph Rodriguez, Assistant Director of IT, Allied Beverage Group
Delivering security that is simple, powerful and resilient is something we’ve been executing on for years, yet it’s never been more critical than it is at this very moment. The month of June has afforded us the perfect opportunity to showcase exactly how we plan to keep our customers cyber resilient both now and in the future.
Read about the five dimensions of security resilience.
During the RSA Conference and Cisco Live, we announced our strategic plan for the Cisco Security Cloud, a global, cloud-delivered, integrated platform that secures and connects organizations of any shape and size. As we continue to move towards the Cisco Security Cloud vision, we recently unveiled several advancements in our portfolio across SASE, XDR and zero trust.
You can read our news announcement to learn more about security resilience and how we’re delivering it. But more important than the ‘how’ is the ‘why.’ Why Cisco? What makes us uniquely positioned to secure your resilience?
As I mentioned, our customers have trusted us with their networks for nearly four decades. Currently, 80 percent of the world’s internet traffic travels through Cisco infrastructure — so we have a pretty good handle on what’s going on out there. From a security standpoint alone, we have over 300,000 customers around the globe, including 100% of the Fortune 100.
As a leader in both networking and security, the breadth and depth of our solutions is unmatched. While other vendors are just beginning to join networking with security, we’ve been doing it for years. And yet, we’re continually finding ways to simplify our robust solutions for a streamlined user experience — no matter the size of your organization, where your employees work, or whether your applications are on-premises, in the cloud, or both.
Learn more about security resilience for the hybrid work era.
In addition to unparalleled infrastructure and expertise, our open, cloud-native architecture allows you to integrate with a wide range of third-party security and technology solutions for more seamless threat defense. This includes the major cloud vendors, enabling you to secure a multi-cloud environment without getting locked in with just one public cloud provider.
Additionally, all of our solutions are backed by Cisco Talos, one of the largest commercial threat intelligence teams in the world. Combined with in-depth visibility from our Cisco Secure technologies, Talos’ extensive insight into the threat landscape leads to rapid, highly effective detection and response.
Even more crucial than what we have to say is what we have heard from our customers surrounding the “new normal” for security. “I think what the security industry could use right now is a real business outcome-oriented viewpoint,” said Tom Doughty, vice president and CISO at Prudential Financial. “Meaning, what are the strategic business outcomes you’re trying to enable? Cisco can help security teams be more aligned to our business and more resilient by allowing us to see at a granular level what’s happening in our environment, especially in an extended network.”
For the law firm of George Sink, P.A., the demands of supporting hybrid work accelerated the company’s move to the cloud. The firm is now using Cisco’s new, turnkey SASE solution to securely serve its clients under any circumstance — be it a pandemic or a hurricane. According to the firm’s CIO, Timothy Mullen, “The ability to…re-establish connectivity in another region almost immediately, with my small IT team, is unheard of and a game-changing experience.”
From financial to legal transactions, and much more, we can secure it all with our open, integrated protection platform and unwavering focus on resilience. We even had the honor of securing the Super Bowl earlier this year, helping to safeguard mission-critical gameday operations.
“The Super Bowl and events of that magnitude require a humongous orchestration of interconnectedness, not only from a technology perspective but also a people standpoint,” said NFL Chief Information Security Officer, Tomás Maldonado. “What we’re trying to do is slow down the bad actors and make it more difficult for them to attack us and impact what’s happening on the field. But at the same time, we also have to look beyond the field and think about all the various parts of our business that could be affected by an attack — recognizing that our risk factors are always changing.”
To learn more about how to keep your business strong in the face of adversity, visit our resilience web page and check out the blog from Cisco’s Jeetu Patel, “Security Resilience for a Hybrid, Multi-Cloud Future.”
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
This article was coauthored by Dan Maunz and Ryan Morrow, both Security Program Managers in the Security & Trust Organization at Cisco
The purpose of this document is to provide the reader with a high-level overview of cloud delivery models, introduce the different deployment scenarios in which cloud services can be operated in, and highlight the risks to an organization when deploying and operating a cloud environment. The final section of this document contains references to publicly available material on general security guidance for cloud environments, links to vendor-specific security guidance, and Cisco resources that can be leveraged to secure cloud environments.
These new cloud-based business models offer many of the benefits noted above, but they also come with potential risks:
Below are some best practices to help manage and mitigate these risks:
This section contains general, vendor agnostic resources and guidance on the implementation of secure cloud computing environments and on maintaining a secure operating environment.
Cloud Security Alliance (CSA) Security Guidance for Critical Areas of Focus in Cloud Computing v4.0
https://cloudsecurityalliance.org/artifacts/security-guidance-v4/
Federal Trade Commission (FTC) Six steps toward more secure cloud computing
https://www.ftc.gov/business-guidance/blog/2020/06/six-steps-toward-more-secure-cloud-computing
NIST Cloud Computing Reference Architecture
https://www.nist.gov/publications/nist-cloud-computing-reference-architecture
Center for Internet Security (CIS) Shared Responsibility for Cloud Security: What You Need to Know
https://www.cisecurity.org/insights/blog/shared-responsibility-cloud-security-what-you-need-to-know
This section contains specific resources and guidance for configuring and maintaining a secure cloud environment for Amazon Web Services, Google Cloud Platform, and Microsoft Azure cloud platforms.
AWS Cloud Security: Shared Responsibility Model
https://aws.amazon.com/compliance/shared-responsibility-model/
Google Cloud Platform (GCP): Exploring container security: the shared responsibility model in GKE
Microsoft Azure Shared Responsibility for Cloud Computing
https://azure.microsoft.com/en-us/resources/shared-responsibility-for-cloud-computing/
This section contains specific Cisco products and resources that can be leveraged in cloud environments to enable enhanced management and monitoring of cloud environments.
How does Cisco secure the cloud?
https://www.cisco.com/c/en/us/products/security/cloud-security/index.html
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Cisco Talos has a long-standing relationship with Ukraine, so when Russia invaded the country earlier this year, things hit close to home. Cisco Talos leaders rallied together to provide cybersecurity threat hunting to vital infrastructure, humanitarian support and goods and services to employees and their families in the region.
Ashlee Benge, Amy Henderson and Sammi Seaman spearheaded initiatives to support and sustain Ukrainian employees and threat hunters working around-the-clock to prevent cyberattacks and remember the human element. Even in the midst of crisis, they’ve facilitated open communication, emphasized mental health and cultivated connection.
Given Ukraine’s unique position on the front lines of cyberwarfare, Cisco Talos has had a very close partnership with Ukraine. The threat intelligence team has worked with several partners in the country from a cyber threat perspective. That long standing connection is part of why Russia’s invasion of Ukraine has been felt so deeply. “Some Ukrainian team members evacuated before the invasion, others did not,” said Amy Henderson, head of strategic planning & communications. “Our teams of threat hunters have been around-the-clock hunting in the data since the invasion. They’re stopping attacks from happening.”
Cisco Talos set up Cisco Secure Endpoint on about thirty partners’ organizations and extended the offering to critical infrastructure organizations in Ukraine such as hospitals, directly monitoring Cisco Secure Endpoint, “because their people are busy doing other things right now. They can’t sit at a screen,” Henderson said.
Lead of Strategic Business Intelligence Ashlee Benge directs the Ukraine Threat Hunting Task Unit which requires empathy, compassion and an awareness of the needs of forty-five threat hunters. Veteran threat hunters with decades of experience have volunteered to contribute to the team while other members of Cisco Talos have also volunteered their skill sets to the work. Benge values the distinct contributions of her team members and describes them as, “quite brilliant and very good at their jobs. Talos does a really good job of hiring good people, and so the worst thing that I could do is get in their way.” Getting in their way looks different for different team members which is why Benge has established trainings and consistent ways to evaluate that the needs of her team are being met.
The nature of such a demanding, on-going situation coupled with the team’s dedication can lead employees to work themselves into the ground. To combat this, leaders maintain weekly check-ins that include asking employees how they’re taking care of themselves and checking for signs of burnout. “When you have rest you’re at peak performance and can problem solve. But when you start burning out and get to be irritable and snappy, you’re not able to problem solve. Just step back. You’ll be in a much better head space,” Henderson advises.
Stepping back has meant rotating projects to level out activity levels and urgency. Leaders have also stepped in to ensure employees take time off and that when they’re away, they’re fully away. “When you’re in such a high intensity environment it takes two to three days just to come off of that. If you’re only taking a day here or day there, you’re not even scratching the surface of coming down. So I’ll suggest maybe you need to take a week and completely recharge,” Henderson says.
Team Lead of Employee Experience Sammi Seaman was heartened by Cisco’s support of Ukrainian employees including helping employees and their families out of cities and into new housing. The humanitarian focus led Seaman to ask “How else can we help? Our colleagues have had to leave their homes and they’re still trying to do work. How do I get them necessities like medicine and shampoo?”
Seaman’s empathy and collaboration within her team and with Cisco Talos leadership led to determining the highest needs including more stable internet and navigating the transport of goods directly to employees and their families through freight mail. Seaman worked with her team to ensure necessary items like medical kits could get directly to people who needed them as quickly as possible. There are also pages available coordinating housing, transportation and other forms of support.
“It’s been interesting to think about people needing medicine for various reasons and that I’m also buying Legos and castles so that the children who have been displaced have toys and things that bring them joy and allow them to be kids in this situation,” Seaman said.
As Seaman prepared more boxes to ship, an employee shared a photograph of his daughter with some of the things Seaman had sent. “I just started crying. It was such a relief.” A relief she wanted to share, leaving the boxes for a moment to connect with other team members around the positive impact of their hard work.
“Despite all of these things that are happening around us that are horrific and awful and things that shouldn’t be happening, there are still things that we can celebrate. We’re still humans who have feelings, relationships, milestones and holidays.” – Sammi Seaman
Remembering children also became important during spring holidays. Through asking employees if they celebrated Easter and if they’d like Easter baskets, she learned that many employees celebrated traditional Orthodox Ukrainian Easter and would appreciate the baskets.
Seaman’s colleague researched what people in Ukraine typically put in their Easter baskets and together they made the baskets, boxed them up and shipped them. “The baskets weren’t a necessity but were nice to remind people that despite all of these things that are happening around us that are horrific and awful and things that shouldn’t be happening, there are still things that we can celebrate. We’re still humans who have feelings, relationships, milestones and holidays.”
Outside of work, Benge competes as an Olympic weightlifter. After months of training, her first national level meet was scheduled to happen early into the war in Ukraine. She considered withdrawing given the 24/7 nature of Cisco Talos’ response. However, “only because of the support of those around me,” Benge decided to compete—while working from her phone in the warm up room between lifts. The physical movement allows Benge to manage her mental health and stress while modeling self-care for the team: “If I can’t be my own best self, then the people around me can hardly be expected to do the same.”
Self-care and mental health are so important to the team that Henderson and Benge recently joined their colleagues, Matt Olney, the director of threat intelligence and interdiction, and Strategic Communications Leader Mitch Neff on a Cisco Secure podcast about mental health. The conversation illuminated the importance of reaching out for help, utilizing support systems such as those provided by Cisco and talking to someone including a therapist.
“Using those types of resources is a valuable thing, particularly when managing very high levels of stress and anxiety that come with cybersecurity. No matter what kind of support it is that we need, it’s important to take that time and recognize that it’s valuable to invest in your own mental health,” Benge stated.
Seaman shared that because it can be hard to ask for help or delegate, when she does, she gives herself a pat on the back. She advises that especially in crisis situations it’s important to remember that while things need to get done, it’s not entirely on you to get those things done. “The leadership at Cisco Talos has really emphasized that you’re not alone. The employee assistance program has been a great resource and I’ve got a therapist that I talk to about these things and make sure that I’m taking care of myself so that I can continue to take care of others.”
The team’s bond and purpose run deep. “We care deeply about everyone that we work with. It’s okay to not be on at all times. It’s okay to feel sad and it’s okay to feel anxious. One of the things that I’ve loved about working with Cisco Talos, especially during these more difficult things, is that everybody’s got your back and they make it a safe space to share those feelings. I truly feel like the people I work with are like my family. We’re curated an environment where we can all talk about what we’re going through.”
To learn more about Cisco Talos, Cisco Secure and Duo Security and how you can apply your empathy, skills and passion to make a difference in cybersecurity, check out open roles.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
As an early adopter of Cisco Secure Endpoint, Per Mar Security Services has seen the product evolve alongside the threat landscape. According to Dan Turner, CIO at Per Mar, the evolution of the Cisco security portfolio has helped the company remain cyber resilient during the pandemic and beyond.
We recently spoke with Turner to discuss how Per Mar uses Cisco technology to rapidly detect and mitigate threats, while still enabling employees to work from wherever they need to — whether it’s a conference, job site, or home office.
Per Mar Security provides physical security services to both homes and businesses, protecting roughly 75,000 customers across 16 U.S. states. The company began using Cisco Secure Endpoint almost a decade ago to defend against attacks on its various devices. Today, it’s the main point of defense in making sure the company’s endpoints are safe. Cisco Secure Endpoint integrates with the other security products in Per Mar’s environment via Cisco SecureX.
SecureX brings together disparate security technologies from both Cisco and third parties to provide unified visibility and control. “This allows us peace of mind to know that we have the whole Cisco Secure solution being an extra set of eyes for us and making sure our customers and end users all stay safe and secure,” says Turner.
Per Mar has roughly 3,000 employees using a variety of devices on the company’s network — from Windows machines to iOS and Android devices. “We have become very mobile over the years, so working off tablets and mobile devices is how we get business done,” Turner explains. “Finding a tool like Cisco Secure Endpoint that can work across all those platforms and give my team one pane of glass to manage everything has been hugely important for us.”
This capability has enabled Per Mar to continue to operate smoothly in the midst of the pandemic. The company leveraged its existing infrastructure to spin up virtual workspaces for all of its employees within a week so they could work securely from home.
“Our Cisco systems and security frameworks allowed Per Mar to move
quickly and safely to support our employees when the pandemic hit.”— Dan Turner, CIO, Per Mar Security Services
Even before the pandemic, Cisco Secure Endpoint was able to swiftly remediate malware that found its way onto Per Mar’s network when employees worked remotely to attend conferences, for example, or to tend to other off-site obligations.
Per Mar Security provides critical protection from hazards such as burglary and fires for homes, manufacturing facilities, hospitals, college campuses, and more. It also secures special events such as high-profile football games and political conventions. Reliable IT and security systems are imperative for this work. “Without the infrastructure we have, we simply can’t provide services for our customers,” says Turner.
In addition to quickly detecting and blocking threats, the Cisco Secure portfolio integrated through SecureX has also dramatically improved Per Mar’s threat hunting and investigation capabilities. Being able to rapidly analyze data from multiple Cisco tools together in one place has enabled the company’s security team to efficiently identify the origin of a compromise down to the exact device and behavior that caused it. This ensures that the root cause can be addressed in a timely manner — often within a single day or even just a few hours.
“All those analytics allow my team to stay nimble, adapt as threats evolve, and capture any zero-day exploits that are sitting out there,” says Turner. “With Cisco Secure Endpoint, our mean time to detection is measured in hours, if not minutes, versus months or years. Because of how it ties back to the rest of the security stack that we use from Cisco, my team is able to go back through and pinpoint compromised systems in record speed.”
As the threat landscape and work environments continue to shift with the emergence of hybrid work, Per Mar remains secure. Its multi-layered defense provides robust protection against the full range of threat vectors. “Our Cisco technologies are just as critical today as they were when the world stopped spinning,” says Turner.
We are honored to play such a significant role in Per Mar’s continued success. Find out how your organization can maintain security resilience in the face of constant change.
Watch video: Per Mar Security gains threat visibility with Cisco Secure Endpoint
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
FreshRSS 