Login
We have come a long way from making our first sourdough starter batch to exploring new hobbies — or in my case exhausting the Netflix library! We have craved human connection and insightful conversations. It was just over two years ago that we were together at the RSA Conference in San Francisco promising the next leap in cybersecurity with Cisco’s introduction of SecureX.
And soon, the cybersecurity world finally comes together again at two mega-events this year: RSA Conference and Cisco Live 2022. As you start planning your RSAC and Cisco Live 2022 experiences, we invite you to explore the progress we have made in offering radically simple security with a platform approach that is transformative to the industry and for our customers. Since it became generally available in June 2020, we have continued to add both capabilities and out-of-box integrations that unlock the full potential of our security portfolio. At both events, you’ll find Cisco SecureX is front and center again with exciting innovations built on our initial promise of providing simplicity and automation without compromising visibility and security efficacy.
Join us on Monday, June 6, to hear Jeetu Patel, EVP, and GM of Cisco Security and Collaboration, and Shailaja Shankar, Senior Vice President, and General Manager of Cisco Security Business Group speak on the topic of “What Do We Owe One Another in the Cybersecurity Ecosystem?”
Key highlights to explore:
| Topic | Date | Time (20 mins) |
| Level up your SOC strategy with security automation | 6/6/22 | 5:30 PM |
| Operationalizing Network Behavior Analytics | 6/7/22 | 10:30 AM |
| Extended Detection with Cisco SecureX | 3:30 PM | |
| Prioritizing Risk to Maximize Security Resilience | 5:30 PM | |
| Level up your SOC strategy with security automation | 6/8/22 | 2:30 PM |
| Prioritizing Risk to Maximize Security Resilience | 3:00 PM | |
| Beyond XDR with Cisco SecureX | 6/9/22 | 11:30 AM |
Check out the ‘Cisco Week at a Glance’ to see what we have to offer throughout the week, onsite in Las Vegas. Here are some highlights you won’t want to miss:
Ben Greenbaum, Product manager of Cisco SecureX with over 20 years of experience in SecOps products talks about ‘SecureX All The Things (With Hosted and Remote Relays)-BRKSEC-1483’.
Distinguished Engineer Aaron Woland‘s session lets you in on his secret to saving time with extended visibility ‘Save Countless Hours with SecureX’s Latest Feature: Device Insights- BRKSEC-2754’.
Come geek out with Matt Vander Horst, our resident orchestration and automation expert at the DevNet zone or/and crash his in-depth 4-hour lab session titled ‘SecureX Orchestration hands-on Crash Course- TRSEC-2103’.
In addition, SecureX experts like Aditya Sankar talk about how to unlock value for Firewall customers in his session ‘SecureX and Secure Firewall Better Together-BRKSEC-2201’.
Matthew Robertson, Principal engineer for XDR products discusses cross-product uses cases with ‘Building Network Security Policy Through Data Intelligence- BRKSEC-2267’.
And much more:
| Breakout Sessions (45 Minutes) | Date | Time (EST) |
| BRKSEC-2834 – Cisco’s Unified Agent: Cisco Secure Client. Bringing AMP, AnyConnect, Orbital & Umbrella together | 6/15/22 | 2:30 PM |
| BRKSEC-2754 – Save Countless Hours with SecureX’s Latest Feature: Device Insights | 6/14/22 | 10:30 AM |
| BRKSEC-2201 – SecureX and Secure Firewall Better Together | 6/14/22 | 10:30 AM |
| BRKSEC-2101 – Malware Execution as A Service: a Deep Dive into CSMA Advanced File Analysis | 6/13/22 | 9:30 AM |
| BRKSEC-1483 – SecureX All the Things (With Hosted and Remote Relays) | 6/16/22 | 8:00 AM |
| BRKSEC-2267 – Building Network Security Policy Through Data Intelligence | 6/14/22 | 2:30 PM |
| BRKSEC-3019 – Visibility, Detection and Response with Cisco Secure Network Analytics | 6/15/22 | 4:00 PM |
| BRKMER-2003 – Meraki & Secure Network and Cloud Analytics: Threat Detection for the Rest of Us | 6/16/22 | 9:30 AM |
| Instructor Led Lab (4 Hours) | ||
| LTRSEC-2103 – SecureX Orchestration hands-on crash Course | 6/15/22 | 8:00 AM |
| DevNet | ||
| DEVLIT-1553 – Webhooks in SecureX orchestration (Lightning Talk – 15 Minutes) | 6/14/22 | 3:00 PM |
| DEVWKS-2190 – Getting started with SecureX orchestration workflows and atomics (Workshop – 45 Minutes) | 6/14/22 | 10:00 AM |
| DEVWKS-2190 – Getting started with SecureX orchestration workflows and atomics (Workshop – 45 Minutes) | 6/16/22 | 10:00 AM |
| DEVNET-1083 – Security Automation: Developing with SecureX (Theater – 45 Minutes) | 6/14/22 | 1:00 PM |
| SecureX – DevNet Takeover Booth | 6/14/22 | All day |
| Digital | ||
| HOLSEC-2001.a – Crash Course: Automating with SecureX Orchestration (4 Hours) | 6/23/22 | 8:00 AM |
| HOLSEC-2001.b – Crash Course: Automating with SecureX Orchestration (4 Hours) | 6/29/22 | 7:00 AM |
We’re so excited to be on this journey with our customers and partners. For a live demo and exploration of the latest SecureX features, visit us at our booth at RSA Conference 2022 and World of solutions at Cisco Live 2022. We look forward to seeing many of you in person.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Instagram
Facebook
Twitter
LinkedIn
Cisco Secure Access by Duo and Cisco Umbrella expands availability on AWS Marketplace
Cisco Secure powers security resilience enabling you to protect the integrity of your business amidst unpredictable threats and major change, such as migrating to the cloud. As a leader in cloud enablement, Cisco Secure is excited to announce the availability of our Security SaaS portfolio on AWS Marketplace. Now with the addition of Secure Access by Duo and Cisco Umbrella, you can take advantage of key marketplace differentiators, such as simple and integrated purchasing, the ability to use AWS cloud budget commitments for procurement (as part of the Enterprise Discount Program) and the flexibility of custom terms and pricing via private offers. This helps to ensure your organization is secure with the Cisco Secure portfolio.
The Duo and Umbrella solutions on AWS Marketplace protect remote and hybrid users who connect from various locations and devices and use cloud services to get work done. Both solutions deploy in minutes and integrate natively with Cisco SecureX to provide unified visibility and intuitive automation across your entire security portfolio in minutes. At the foundation of the solution is Cisco Talos threat intelligence, which is one of the largest commercial threat intelligence organizations in the world.
As the first line of defense against threats on the internet wherever users go, Umbrella delivers visibility into all cloud services in use across your environment and blocks all risky applications. Two Umbrella versions are available on the AWS Marketplace – Umbrella DNS Security Essentials and Umbrella DNS Security Advantage.
As the foundation for a zero-trust security model, Duo’s multi-factor authentication (MFA) allows you to verify the identity of all users and the health of their devices before connecting to the applications they need. Duo is easy to use, simple to administer, and provides complete endpoint visibility. All three Duo editions are available on the AWS Marketplace – Duo MFA, Duo Access and Duo Beyond – enabling customers to select the right solution for their needs.
Delivered from the cloud for fast deployment, Umbrella and Duo allows you to uncover shadow IT, secure the use of sanctioned cloud applications (such as those running on AWS), and offer powerful protection against phishing and other threats. Today, customers can enjoy integrated discovery and can easily purchase Duo and Cisco Umbrella to begin recognizing value immediately.
Are you ready to accelerate your journey to the cloud? Visit Duo and Umbrella on the AWS Marketplace today.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Hybrid work is here to stay. According to our survey, only 9 percent of the global workforce plans to return to the office full time. Employees have become accustomed to working from home and on-the-go, and modern organizations will need to keep up with this shift to retain much-needed talent.
While flexibility has become king, many people may also miss in-person collaboration, and will want to meet with others in the office on an ad hoc basis. Businesses will need to be ready for this future of work, and empower their employees to easily conduct their roles from the office, home, coffee shop, or anywhere in between.
While it may sound daunting, it doesn’t have to be. With the right strategies and technologies in place, hybrid work can afford an organization many opportunities. It can introduce enhanced levels of agility and resilience for better company performance. It can help businesses attract skilled professionals in a competitive market. And it can also lead to cost savings, greater operational efficiencies, and improved environmental sustainability.
Of course there will always be challenges. One such challenge is cybersecurity, and hence, security resilience. With more assets to keep track of in more places, hybrid work can lead to gaps in visibility and control, providing attackers with additional ways to get in. But while attackers work hard to get into your network, Cisco continues to innovate to keep them out, no matter where your devices or users may go.
Many of the core security architectures we have been building and offering for the past several years will help to ensure a smoother transition to hybrid work, as well as greater security resilience:
Just as the workplace has evolved, so has the threat landscape. To make things even easier, we have put together the Cisco Secure Hybrid Work solution to provide exactly what you need to keep your business safe in this new work environment. All of our security technologies are backed by the superior threat intelligence of Cisco Talos, so customers can quickly adapt to detect and combat the latest risks. Talos also offers robust incident response services to help companies prepare for, respond to, and rapidly recover from attacks.
Learn how Mediapro used Cisco technologies to transition to hybrid work.
We continue to innovate to make sure our customers are prepared for what’s next. Most recently, we launched the Cisco Secure Firewall 3100 Series, which is specifically designed for hybrid work. The new firewall supports more remote workers with up to six times faster VPN performance, and also delivers a strong video conferencing experience. Cisco Secure Firewall enhances visibility and threat detection even in encrypted traffic, and helps strengthen your zero trust security posture. It also integrates with Cisco SecureX for rapid incident response.
Additionally, we recently unveiled the Cisco SecureX device insights feature. Device insights allows organizations to collect and correlate data from multiple sources to determine which devices are in an environment, where they are located, who is accessing them, their security status, and more. With so many new machines connecting to corporate infrastructure, this level of information is crucial for safeguarding the future of work.
In addition to security, Cisco’s broad hybrid work portfolio spans collaboration, networking, and IoT. With a nearly 40-year history of providing secure connectivity around the globe, we are well-equipped to empower workers to perform their best from anywhere.
“Security has always been a high priority with our extensive and intricate network but was even more critical once the pandemic began,” said Lukene Berrosteguieta, head of security operations at energy company, Repsol. “[Cisco] Business Critical Services has supported our efforts every step of the way to enhance and maintain network security across our entire infrastructure to ensure the safety of our customers and workers.”
According to Dan Turner, CIO at Per Mar Security Services, “Once COVID-19 hit the United States…we leveraged our existing infrastructure to spin up virtual workspaces for all our employees within a week so that they could work from home…. Our Cisco systems and security frameworks allowed Per Mar to move quickly and safely to support our employees.”
The way we work has forever changed, and will continue to evolve. We must enable our teams to be productive and competitive no matter what comes next. Learn how you can boost your organization’s security resilience for the years ahead.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Instagram
Facebook
Twitter
LinkedIn
The last two years have created a lot of pressure on us all. The pandemic has forced us to adapt to new ways of working and has presented many technological challenges, one of which is multi-cloud transformation.
As we can see, these challenges are not going away soon and the need for agile adaptation is critical. Whilst most teams have adapted already, it has taken a toll on them. IT, Security, and Networking teams are finding it hard to fit everything in and they are becoming exhausted with the myriad of configuration requirements from each of the cloud and solution providers.
To help our customers and partners, we have centralized all our cloud & automation resources for Secure Firewall into a single page: https://developer.cisco.com/secure-firewall/cloud-resources/
Our new page is organized by cloud provider and specific use case to easily deploy Secure Firewall. It provides flexibility in choosing the most appropriate automation tools, such as Terraform, ARM Templates, Cloud formation, or Ansible. In addition to common use case scenarios, templates and scripts, you also have direct access to learning resources. This includes demo videos, webinars, and sessions where Cisco engineers demonstrate the implementation of the solution in a particular cloud environment.
We know these changes can be complex and demanding. Therefore, we would like to invite you to visit our upcoming live events and seminars covering: Automation & Infrastructure as a Cloud for Cisco Secure Firewall.
Learn how to secure your OpenStack using Cisco Secure Firewall – BRK-SEC-1775
This session will walk participants through the deployment model, its relation to the OpenStack resources, and arrive with a complete FTDv configuration that fully protects our workloads. It will include a demo that showcases the final state of the server along FMCv and FTDv. Attendees will have access to the publicly available GitHub repository for these tasks.
Deploying Cisco Firewalls in the Azure Public Cloud – LTRSEC-2735
In this lab, the student will deploy and configure a scalable security solution for the Azure public cloud using Cisco firewalls. The student will use ARM templates and the Azure CLI to automate deployment.
Cisco Secure Firewall Cloud Native on AWS – BRK-SEC-1775
Today, industry is focused on building a scalable infrastructure that can provide security at scale. This session covers building a scalable architecture for workload security using Cisco Secure Firewall Cloud Native.
And many more here: Session catalog
Training session: https://www.youtube.com/watch?v=fM21m3su2uk
YouTube channel: https://www.youtube.com/cisco-netsec
GitHub Repository: https://github.com/CiscoDevNet/secure-firewall
The Cisco Secure Firewall Essentials Hub: https://secure.cisco.com/secure-firewall
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Find out how you can stretch your organization’s security budget amidst inflation and its economic impacts.
No one could have predicted the lasting effects of the pandemic on our economy. A strain has been put on the overall supply chain, causing the value of the dollar, or any other local currency, to not go as far as it once did. Consumers are experiencing skyrocketing energy, gas, and food prices, and businesses are facing delays in deliveries of goods and services to their customers.
According to the Consumer Price Index (CPI), the U.S. economy has seen an uptick as high as 8.5% over the past twelve months, which is the largest spike since the early 1980s. Ideally, the economy should be in a balance of about 2% inflation.
When inflation rates go up, there is a steady rise in costs, putting a heavy burden on individuals and businesses.
Even with the rise in inflation, the need for products and services are still there to keep organizations operational. Cybersecurity attacks do not fall under the radar with inflation. If anything, cost increases mean you might get less protection for the same amount of spend, making cyber threats against your organization riskier. Businesses are forced to make budget adjustments, but cybersecurity spend is crucial to maintain the integrity of customer data and finances. Many businesses will be forced to have to raise prices for goods and services, passing the higher cost on to their customers. The solutions needed to maintain security should be simple and flexible to buy in a complex world. Cisco believes in price protection, not passing on the burdens of inflation to our customer.
Cisco can help you with instant savings, avoiding inflation hikes with our price protection guarantee when it comes to buying security solutions to meet the security needs of your organization. With the significant shift in the way we work – remote work, office only, or hybrid, there are more devices on and off the network, leading to an increase in cybersecurity risks. Threats are not slowing down any time soon. Security needs to work together in a simple way to help you stay ahead of these threats to protect users everywhere, working from anywhere. Cisco Secure takes an integrated platform approach to radically simplify your security, applying intelligence to anticipate the changing needs of your business and provide the robust protection you need.
Whatever your organizational security needs may be, buying through the Cisco Secure Choice Enterprise Agreement allows you the flexibility to access two or more security products. Choose from network security, user & endpoint protection, cloud edge, or app security line of products.
Secure Choice Enterprise Agreements lets budgets go further and offers predictable billing over time so you can move faster in responding to security needs. Get a built-in security platform, SecureX, at no extra cost!
Cisco Secure products have never been simpler to buy. Add products, based on your specific security business goals, and receive additional discounts, up to 20% savings off list price. Start saving now with a Cisco Secure Enterprise Agreement.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
At Cisco Duo, we continually strive to enhance our products to make it easy for security practitioners to apply access policies based on the principles of zero trust. This blog highlights how Duo is achieving that goal by simplifying user and administrator experience and supporting data sovereignty requirements for customers around the world. Read on to get an overview of what we have been delivering to our customers in those areas in the past few months.
Duo strives to make secure access frictionless for employees while reducing the administrative burden on IT (Information Technology) and helpdesk teams. This is made possible thanks to the strong relationship between our customers and our user research team. The insights we gained helped us implement some exciting enhancements to Duo Single Sign-On (SSO) and Device Trust capabilities.
Duo SSO unifies identities across systems and reduces the number of credentials a user must remember and enter to gain access to resources. Active Directory (AD) is the most popular authentication source connected to Duo SSO, accounting for almost 80% of all setups. To make Duo’s integration with AD even easier to implement, we have introduced Duo SSO support for multiple Active Directory forests for organizations that have users in multiple domains. Additionally, we added the Expired Password Resets feature in Duo SSO. It provides an easy experience for users to quickly reset their expired Active Directory password, log into their application, and carry on with their day. Continuing the theme of self service, we introduced a hosted device management portal – a highly requested feature from customers. Now administrators no longer need to host and manage the portal, and end users can login with Duo SSO to manage their authentication devices (e.g.: TouchID, security keys, mobile phone etc.) without needing to open IT helpdesk tickets.
We are also simplifying the administrator experience. We have made it easy for administrators to configure Duo SSO with Microsoft 365 using an out of the box integration. Duo SSO layers Duo’s strong authentication and flexible policy engine on top of Microsoft 365 logins. Further, we have heard from many customers that they want to deliver a seamless on-brand login experience for their workforce. To support this, we have made custom branding so simple that administrators can quickly customize their end-user authentication experience from the settings page in the Duo Admin Panel.
Device Trust is a critical capability required to enable secure access for the modern workforce from any location. We have made it easy for organizations to adopt device trust and distinguish between managed and unmanaged devices. Organizations can enforce a Trusted Endpoint policy to allow access only from managed devices for critical applications. We have eliminated the requirement to deploy and manage device certificates to enforce this policy. Device Health application now checks the managed status of a device. This lowers administrative overhead while enabling organizations to achieve a better balance between security and usability. We have also added out-of-box integrations with unified endpoint management solutions such as Active Directory domain-joined devices, Microsoft Intune, Jamf Pro and VMware Workspace ONE. For organizations that have deployed a solution that is not listed above, Duo provides a Device API that works with any enterprise device management system.
To support our growing customer base around the world, Duo expanded its data center presence to Australia, Singapore, and Japan in September last year. And now Duo is thrilled to announce the launch of the two new data centers in the UK and India. Both the new and existing data centers will allow customers to meet all local requirements, all while maintaining ISO27001 and SOC2 compliance and a 99.999% service availability goal.
The launch of the new data centers is the backbone of Duo’s international expansion strategy. In the last two years, Duo has met key international growth milestones and completed the C5 attestation (Germany), AgID certification (Italy) and IRAP assessment (Australia) – all of which demonstrate that Duo meets the mandatory baseline standards for use by the public sector in the countries listed above. Check out this Privacy Data Sheet to learn more about Cisco Duo’s commitment to our customer’s data privacy and data sovereignty.
That is a summary of what we have been up to here at Cisco Duo in the past few months. But we are not done yet! Stay tuned for more exciting announcements at RSA Conference 2022 next week. Visit us at our booth at RSAC 2022 and World of solutions at Cisco Live 2022.
In the meanwhile, check out this on-demand #CiscoChat panel discussion with real-world security practitioners on how they have implemented secure access best practices for hybrid work using Duo. And if you do not want to wait, sign-up for a 30 day trial and experience how Duo can simplify secure access for your workforce.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Cisco Secure Firewall stops threats faster, empowers collaboration between teams, and enables consistency across your on-premises, hybrid, and multi-cloud environments. With an included entitlement for Cisco SecureX, our XDR and orchestration platform, you’ll experience efficiency at scale and maximize your productivity. New streamlined Secure Firewall integrations make it easier to use SecureX capabilities to increase threat detection, save time and provide the rapid and deeper investigations you require. These new features and workflows provide the integration and automation to simplify your security.
The entire suite of Firewall Management Center APIs is now available in the cloud. This means that existing APIs can now be executed from the cloud. Cisco makes this even easier for you by delivering fully operational workflows as well as pre-built drag-n-drop code blocks that you can use to craft your own custom workflows. SecureX is able to proxy API calls from the cloud to the SSE connector embedded in the FMC codebase. This integration between Firewall 7.2 and SecureX provides your Firewall with modern cloud-based automation.
We’ve dramatically reduced the amount of time needed to fully integrate Firewall into Securex. Even existing Firewall customers who use on-premises Firewall Management Center will be able to upgrade to version 7.2 and start automating/orchestrating in under 15 minutes — a huge time savings! The 7.2 release makes the opportunities for automating your Firewall deployment limitless with our built-in low code orchestration engine.
Previously Firewall admins had to jump through hoops to link their smart licensing account with SecureX which resulted in a very complicated integration process. With the new one-click integration, simply click “Enable SecureX” in your Firewall Management Center and log into SecureX. That’s it! Your Firewalls will automatically be onboarded to SecureX.
Cisco Secure Firewall users now get immense value from SecureX with the orchestration capability built natively into the Firewall. Previously Firewall admins would have to deploy an on-premises virtual machine in vCenter to take advantage of Firewall APIs in the cloud which was a major hurdle to overcome. With the 7.2 release, orchestration is built right into your existing Firewall Management Center. There is no on-premises connector required; SecureX orchestration is able to communicate directly with Firewall APIs highlighting the power of Cisco-on-Cisco integrations.
The PSIRT impact monitoring workflows helps customers streamline their patch management process to ensure their network is always up to date and not vulnerable to CVE’s. This workflow will check for new PSIRTs, determine if device versions are impacted, and suggest a fixed version to upgrade to. By scheduling this workflow to run once a week customers can be notified via email if there is any potential impact from a PSIRT.
This workflow will run every 15 minutes to pull a health report from FMC and proactively notify customers via email if any devices are unhealthy. This means customers can rest assured that their fleet of devices is operating as expected or be notified of things like high CPU usage, low disk space, or interfaces going down.
This workflow highlights the power of automation and showcases what is possible by using the orchestration proxy to use FMC API’s. Managing policy is always an on-going effort but can be made easier by introducing automation. This workflow can be run once a week to search through Firewall policies and determine if any rules are going to expire soon. This makes managing policy much easier because customers will be notified before rules expire and can make changes accordingly.
This workflow is a one-click response action available from the threat response pivot menu. With the click of a button a URL is added to an object in a block rule of your access control policy. This action can be invoked during an investigation in SecureX or from any browser page using the SecureX browser extension. Reducing time to remediation is a critical aspect of keeping your business secure. This workflow turns a multi-step policy change into a single click by taking advantage of Secure Firewall’s integration with SecureX.
A recent Forrester Economic Impact Study of Secure Firewall show that deploying these types of workflows in SecureX with Secure Firewall increased operational efficiency.
In fact, SecureX in combination with Secure Firewall helped to dramatically reduce the risk of a material breach. It’s clear that the integration of the two meant a significant time savings for already overburdened teams.
We continue to innovate new features and workflows that prioritize the efficacy of your teams and help drive the security resilience of your organization.
Ready to add SecureX capabilities to your Firewall environment? Start here.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Instagram
Facebook
Twitter
LinkedIn
The SASE landscape is full of vendors. So full, in fact, that the entire SASE vendor market grew 37% in just a year between 2020 and 2021. It’s clear that SASE is on the top of everyone’s minds. Why? SASE is the evolution of networking and security – an architecture that converges them into a single, cloud delivered service. This streamlined approach is key to securing and connecting the always-on, work-from-anywhere modern work model.
Traditional, siloed security solutions aren’t equipped to handle all the challenges that come along with a multi-environment IT reality. The accelerated transition to hybrid work has increased complexity in managing security and connectivity. Businesses face increased cloud adoption, bring-your-own-device connectivity, increasingly complex cybersecurity threats, and the constant change. Businesses have struggled to keep up with the gaps in coverage, and tech vendors have hurried in to fill the space with cloud security and networking options. But not all SASE solutions are created equal.
In the rush to compete in the market for the future of networking and security, vendors positioned themselves as SASE without offering a truly integrated approach that’s critical to SASE success. Many vendors offer cloud security solutions with no native or integrated SD-WAN networking capability. Others aren’t backed with robust threat intelligence that enable them to effectively deliver on threat detection and prevention. Some don’t offer the flexibility and scalability that businesses need to adopt cloud-delivered security. Many don’t offer open, integrated management platforms. Plus, most organizations face monumental complexity – the exact opposite of what SASE should deliver – due to using several different vendors for different security functions.
Dell’Oro Group, the trusted source for market information in the telecommunications, enterprise networks, and data center IT infrastructure industries, recognized Cisco as the SASE Market Share Leader in 2021, with 19% of the total market share by revenue.
“Cisco was the SASE market share leader because of the combined strength of their networking (SD-WAN) and security capabilities (including secure web gateway, cloud access security broker, and zero trust network access),” said Mauricio Sanchez, Research Director, Network Security, and SASE & SD-WAN at Dell’Oro Group.
At Cisco, we began our journey by pioneering network connectivity and offering innovative tech solutions; today, we have the most SD-WAN market share and secure 100% of Fortune 100 companies. From that foundation, we’ve been able to build and deliver award-winning cloud security solutions that, when combined with our networking services, create a robust, complete SASE architecture.
Cisco’s SASE approach combines networking, client connectivity, security, and internet and cloud intelligence capabilities and helps organizations:
The benefits of a SASE model are unlocked by working with a single vendor who can bring together best-in-class networking, security, and internet and cloud intelligence—while offering the flexibility and investment protection to transition to the cloud at your pace.
While Cisco provides a comprehensive SASE framework, we know that everyone’s journey to the cloud is different. Organizations, especially now, are shifting and refining their strategies, particularly when it comes to cybersecurity and the increase of both the number and type of threats that businesses see every day. Cisco can help organizations make the most of their existing security and networking investments, while also offering increased and amplified functionality across their security infrastructure. Wherever you are on your journey to SASE, Cisco Secure has the unparalleled experience and reputation that can support you on your next steps.
Check out our SASE demo to find out how Cisco delivers a simple, secure, and scalable approach to SASE.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Eighty-one percent of organizations told Gartner they have a multi-cloud strategy. As more organizations subscribe to cloud offerings for everything from hosted data centers to enterprise applications, the topology of the typical IT environment grows increasingly complex.
Now add the proliferation of hybrid work environments, the rapid ascendance of Internet of Things (IoT) devices, and an increasingly sophisticated and malicious cyber threat landscape, and it becomes immediately clear that protecting the integrity of your IT ecosystem is now a next-level problem.
In an unpredictable world, organizations everywhere are investing in initiatives that will infuse resilience into every aspect of their business, from finance to supply chains. To protect those investments, we believe they also need to invest in security resilience — the ability to protect your business against threats and disruption, and to respond to changes confidently so you can emerge even stronger.
This requires a next-level solution.
That’s why we’re building the Cisco Security Cloud — a global, cloud-delivered, integrated platform that secures and connects organizations of any shape and size. This cloud-native service is aimed at helping you protect users, devices and applications across your entire ecosystem. It will be a comprehensive, integrated set of services designed to scale with your business.
The Cisco Security Cloud will directly address these challenges by bringing together the depth and breadth of the Cisco security portfolio, and is:
We have been on this journey for years. We at Cisco Secure have been delivering key components of this security cloud, and those solutions already protect 840,000 networks, 67 million mailboxes and 87 million endpoints for customers the world over.
And today at the RSA Conference, we’re taking the next step by announcing our latest innovations addressing four key areas:
Today we are announcing Cisco’s turnkey Secure Access Service Edge (SASE) offering, Cisco+ Secure Connect Now, to simplify how organizations connect and protect users, devices, data, and applications, anywhere. Built on the Meraki platform, and available as a subscription, it unifies security and networking operations, as well as client connectivity and visibility into a single cloud-native solution, that can be set up in minutes.
Cisco is continuing to build out continuous trusted access solutions that that constantly verify user and device identity, device posture, vulnerabilities, and indicators of compromise. To evaluate risk after authentication, location information is critical, but we think GPS data is too intrusive. So today we are introducing a new patent-pending Wi-Fi Fingerprint capability (available in Public Preview this summer) to understand user location without compromising location privacy. We are also announcing new Session Trust Analysis capabilities to evaluate risk after login by using open standards for shared signals and events. We will unveil the first integration of this technology with a demo of Duo MFA and Box this week.
As organizations become more interconnected as ecosystems, and attacks become more sophisticated and personalized, it is no longer adequate to evaluate risk and threats generically across the industry. Organizations need deeper levels of advice and expertise. We are excited to launch the new Talos Intelligence On-Demand service, available now, offering custom research on the threat landscape unique to each organization. Talos Intelligence on Demand can assist with custom research, and brief our customers on the unique risks, threats, and mitigation strategies for their organizations.
Simplification is critical to driving better security efficacy. To that end, we are excited to announce the new Cisco Secure Client (available this summer), combining AnyConnect, Secure Endpoint, and Umbrella, to simplify how administrators and users manage endpoints. This follows the launch of the new cloud-delivered Secure Firewall Management Center, which unifies management for both cloud and on-premise firewalls.
There is more work to be done, of course, and today’s announcements at the RSA Conference are the latest advances in support of this vision. We will continue working on all aspects of the Security Cloud to improve our customers’ security resilience in the face of unprecedented change and increasing threats. Because next-level problems deserve next-level solutions.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
It’s a busy month for cybersecurity, with the return of in-person RSAC in San Francisco, followed by Cisco Live in very lively Las Vegas! With so much happening, and so many announcements from every security vendor out there, it can be hard to keep track of everything going on. Let us help give you the highlights from a Cisco SecureX perspective!
We have been busy this past year, with our acquisition of Kenna Security and our recent innovations around device insights – all helping to expand and strengthen SecureX and our extended detection and response (XDR) capabilities.
Let’s start with device insights. We know that correlation of incidents and alerts is a vital capability for every good XDR offering, but what about correlating and aggregating information about the devices themselves? With the growing number of devices in many customer environments there is also a growing number of products with information about those devices. This can cause duplicate records and multiple alerts from the same device – which means more potentially false positive incidents to investigate, and more headaches trying to manually correlate and connect device information. With device insights organizations can discover, normalize, and consolidate information about all the devices in your environment – so you can avoid duplicate alerts, and discover devices that may be sneaking through gaps in your security. Device insights gives you a comprehensive view into each device’s security posture and management status.
Now, a more insightful view of all the devices across your infrastructure is a must-have, but so is the ability to view and manage vulnerabilities across these endpoints. With Cisco’s acquisition of Kenna Security last year, and our on-going integration of Kenna offerings into the Cisco Secure portfolio, we’re continuing to fortify SecureX and our XDR capabilities with industry leading risk-based vulnerability management. Kenna vulnerability management has already started integrations with Cisco Secure Endpoint, providing vulnerability scores on the OS version, as well as any available fixes. On the SecureX side, Kenna integrations are being leveraged to automatically enrich threat detections with vulnerability information, and automatically create ticketing workflows for Kenna.VM customers using ServiceNow.
With these integrations, and more innovations planned for the near future, risk-based vulnerability management will become a cornerstone for all endpoint and XDR deployments.
Check out our recent blog posts for more information about device insights and Kenna and SecureX orchestration!
Visit us at RSAC at booth 6045 for Cisco Secure, and booth 6362 for Kenna, and at Cisco Live in the World of Solutions to learn more.
This article is part of a series in which we will explore several features, principles, and the building blocks of a security detection engine within an extended detection and response (XDR) solution.
In this second installment, we will look at ways of structuring the presentation of machine-generated alerts, so that each alert offers a cohesive and compelling narrative, as if written by a human analyst, at scale and in realtime.
In cyber security, we are used to two types of stories.
The first story is common for reports written by humans. It contains sections such as “impact,” “reproduction,” and “remediation” to help us understand what is at stake and what we need to fix. For example:
IMPACT: An SSH server which supports password authentication is susceptible to brute-forcing attacks.
REPRODUCTION: Use the `ssh` command in verbose mode (`ssh -v`) to determine supported authentication methods. Look for “keyboard-interactive” and “password” methods.
REMEDIATION: Disable unneeded authentication methods.
The second story comes from machine detections. It is much terser in content and sometimes leaves us scratching our heads. “Malware,” the machine says with little explanation, followed by a horde of gibberish-looking data of network flows, executable traces, and so on.
The challenge is now to get the best of both worlds: to enhance machine-generated alerts with the richness of human-written reports. The following sections explain how this can be approached.
In our example of a report written by a human, the “reproduction” section would help us understand, from a factual perspective, how exactly the conclusions were derived.
On the other hand, the machine-generated horde of data provides evidence in a very nondescript way. We would need to be smart enough to spot or reverse-engineer what algorithm the machine was following on said data. Most security analysts do not wish to do this. Instead, they attempt to seek the first story type. “Surely, someone must have written a blog or something more descriptive about this already,” they would say. Then, they would copy-paste anything that looks like a searchable term – an IP address, domain, SHA checksum – and start searching it, either on a threat intelligence search site or even a general-purpose search engine.
Having such cryptic machine-generated alerts is leading us to our first two issues: first, when the story is incomplete or misunderstood, it may lead the analyst astray. For example, the security event might involve requests to communicate with an IP address, and the analyst would say, “This IP address belongs to my DNS server, so the traffic is legitimate.” However, the detection engine was really saying, “I suspect there is DNS tunnelling activity happening through your DNS server—just look at the volume.”
Second, when an analyst seeks explanations from elsewhere, the main function of an advanced detection engine — finding novel, localized, and targeted attacks — cannot work. Information on attacks is generally available only after they have been discovered and analyzed, not when they happen initially.
A common approach to remedy this situation is to include a short description of the algorithm. “This detector works by maintaining a baseline of when during the day a user is active and then reports any deviations,” a help dialog would say. “Okay, that’s clever,” an analyst would reply. But this is not enough. “Wait, what is the baseline, and how was it violated in this particular security event?” To find the answer, we need to go back to the horde of data.
To mimic the “reproduction” section of the human-written report, our security events are enriched with an annotation—a short summary of the behavior described by the event. Here are a few examples of such annotated events:
In the first and second cases, the story is relatively straightforward: in the horde of data, successful communication with said hostnames was observed. An inference through threat intelligence associates these hostnames to the Sality malware.
The third line informs us that, on a factual basis, only a communication with an IP address was observed. Further chain of inferences is that this IP address was associated by a passive DNS mechanism to a hostname which is in turn associated to the Sality malware.
In the fourth event, we have an observation of full HTTP URL requests, and inference through a pattern matcher associates this URL to the Sality malware. In this case, neither the hostname nor the IP address is important to the detector.
In all these annotated events, an analyst can easily grasp the factual circumstances and what the detection engine infers and thinks about the observations. Note that whether these events describe benign, malicious, relevant, or irrelevant behavior, or whether they lead to true or false positives, is not necessarily the concern. The concern is to be specific about the circumstances of the observed behavior and to be transparent about the inferences.
When we eventually succeed in explaining the security events, we might not be finished with the storytelling yet. The analyst would face another dilemma. They would ask: “What relevance does this event have in my environment? Is it part of an attack, an attack technique perhaps? What should I look for next?”
In the human-written report, the “impact” section provides a translation between the fact-based technical language of “how” and the business language of “what.” In this business language, we talk about threats, risks, attacker objectives, their progress, and so on.
This translation is an important part of the story. In our previous example about DNS tunnelling, we might want to express that “an anomaly in DNS traffic is a sign of an attacker communicating with their command-and-control infrastructure,” or that “it is a sign of exfiltration,” or perhaps both. The connotation is that both techniques are post-infection, and that there is probably already a foothold that the attacker has established. Perhaps other security events point to this, or perhaps it needs to be sought after by the analyst.
When it is not explicit, the analyst needs to mentally perform the translation. Again, an analyst might look up some intelligence in external sources and incorrectly interpret the detection engine’s message. Instead, they might conclude that “an anomaly in DNS traffic is a policy violation, user error, or reconnaissance activity,” leading them astray from pivoting and searching for the endpoint foothold that performs the command-and-control activity.
We take special attention not to mix these two different dictionaries. Rather, we express separately the factual observations versus the conclusions in the form of threats and risks. Inbetween, there are the various chains of inferences. Based on the complexity, the depth of the story varies, but the beginning and the end will always be there: facts versus conclusions.
This is very similar to how an analyst would set up their investigation board to organize what they know about the case. Here is an elaborate example:
In this case, from top to bottom:
In all points, the “what” and “how” languages are distinguished from each other. Finally, the whole story is stitched together into one alert by using the alert fusion algorithm described in the Intelligent alert management blog post.
Have we bridged the storytelling gap between machine-generated and human-generated reports?
Threat detections need to be narrated in sufficient detail, so that our users can understand them. Previously, we relied on the human aspect—we would need to document, provide support, and even reverse-engineer what the detection algorithms said.
The two solutions, distinguishing the “what/how” languages and the annotated events, provide the bandwidth to transmit the details and the expert knowledge directly from the detection algorithms. Our stories are now rich with detail and are built automatically in real time.
The result allows for quick orientation in complex detections and lowers the time to triage. It also helps to correctly convey the message, from our team, through the detection engine, and towards the analyst, lowering the possibility of misinterpretation.
This capability is part of Cisco Global Threat Alerts, currently available within Cisco Secure Network Analytics and Cisco Secure Endpoint, and has been continually improved based on customer feedback. In the future, it will also be available in Cisco SecureX XDR.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Security resilience isn’t something that happens overnight. It’s something that grows with every challenge, pivot and plot change. While organizations can invest in solid technology and efficient processes, one thing is critical in making sure it translates into effective security: people.
What impact do people have on security resilience? Does the number of security employees in an organization affect its ability to foster resilience? Can a lower headcount be supplemented by automation?
In a world where uncertainty is certain, we recently explored how people can contribute to five dimensions of security resilience, helping businesses weather the storm.
Through the lens of our latest Security Outcomes Study – a double-blind survey of over 5,100 IT and security professionals – we looked at how people in SecOps teams can influence organizational resilience.
SecOps programs built on strong people, processes and technology see a 3.5X performance boost over those with weaker resources, according to our study. We know that good people are important to any organization, and they are fundamental to developing capable incident response and threat detection programs.
Why are detection and response capabilities important to look at? Because they are key drivers of security resilience. In the study, we calculated a ratio of SecOps staff to overall employees for all organizations. Then, we compared that ratio to the reported strength of detection and response capabilities.
What we can clearly see is that organizations with the highest security staffing ratios are over 20% more likely to report better threat detection and incident response than those with the lowest. However, the overall average highlights that organizations not on the extreme ends of the spectrum are more likely to report roughly equal levels of success with SecOps — indicating that headcount alone isn’t a sure indicator of an effective program or resilient organization. It can be inferred that experience and skills also play a pivotal role.
But what about when an organization is faced with a “people gap,” either in terms of headcount or skills? Does automating certain things help build security resilience? According to our study, automation more than doubles the performance of less experienced people.
In the graph above, the lines compare two different types of SecOp programs: One without strong people resources, and one with strong staff. In both scenarios, moving to the right shows the positive impact that increasing automation has on threat detection and incident response.
Out of the survey respondents, only about a third of organizations that lack strong security staff, and don’t automate processes, report sound detection and response.
When one of three security process areas (threat monitoring, event analysis, or incident response) is automated, we see a significant jump in capability among organizations that say their tech staff isn’t up to par. Automating two or three of these processes continues to increase strength in detection and response.
Why does this matter? Because over 78% of organizations that say they don’t have adequate SecOps staffing resources still report that they are able to achieve robust capabilities through high levels of automation.
When it comes to security resilience, however, we have to look at the whole picture. While automation seems to increase detection and response performance, we can’t count people out. After all, over 95% of organizations that have a strong team AND advanced automation report SecOps success. Organizations need to have the right blend of people and automation to lay the foundation for organization-wide security resilience.
As your business continues to look towards building a successful and resilient SecOps program, figuring out how to utilize your strongest staff, and where to best employ automation, will be a step in the right direction. Learn about other ways to build your organization’s security resilience to meet future challenges.
For more key findings, download the full
Security Outcomes Study
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
As an early adopter of Cisco Secure Endpoint, Per Mar Security Services has seen the product evolve alongside the threat landscape. According to Dan Turner, CIO at Per Mar, the evolution of the Cisco security portfolio has helped the company remain cyber resilient during the pandemic and beyond.
We recently spoke with Turner to discuss how Per Mar uses Cisco technology to rapidly detect and mitigate threats, while still enabling employees to work from wherever they need to — whether it’s a conference, job site, or home office.
Per Mar Security provides physical security services to both homes and businesses, protecting roughly 75,000 customers across 16 U.S. states. The company began using Cisco Secure Endpoint almost a decade ago to defend against attacks on its various devices. Today, it’s the main point of defense in making sure the company’s endpoints are safe. Cisco Secure Endpoint integrates with the other security products in Per Mar’s environment via Cisco SecureX.
SecureX brings together disparate security technologies from both Cisco and third parties to provide unified visibility and control. “This allows us peace of mind to know that we have the whole Cisco Secure solution being an extra set of eyes for us and making sure our customers and end users all stay safe and secure,” says Turner.
Per Mar has roughly 3,000 employees using a variety of devices on the company’s network — from Windows machines to iOS and Android devices. “We have become very mobile over the years, so working off tablets and mobile devices is how we get business done,” Turner explains. “Finding a tool like Cisco Secure Endpoint that can work across all those platforms and give my team one pane of glass to manage everything has been hugely important for us.”
This capability has enabled Per Mar to continue to operate smoothly in the midst of the pandemic. The company leveraged its existing infrastructure to spin up virtual workspaces for all of its employees within a week so they could work securely from home.
“Our Cisco systems and security frameworks allowed Per Mar to move
quickly and safely to support our employees when the pandemic hit.”— Dan Turner, CIO, Per Mar Security Services
Even before the pandemic, Cisco Secure Endpoint was able to swiftly remediate malware that found its way onto Per Mar’s network when employees worked remotely to attend conferences, for example, or to tend to other off-site obligations.
Per Mar Security provides critical protection from hazards such as burglary and fires for homes, manufacturing facilities, hospitals, college campuses, and more. It also secures special events such as high-profile football games and political conventions. Reliable IT and security systems are imperative for this work. “Without the infrastructure we have, we simply can’t provide services for our customers,” says Turner.
In addition to quickly detecting and blocking threats, the Cisco Secure portfolio integrated through SecureX has also dramatically improved Per Mar’s threat hunting and investigation capabilities. Being able to rapidly analyze data from multiple Cisco tools together in one place has enabled the company’s security team to efficiently identify the origin of a compromise down to the exact device and behavior that caused it. This ensures that the root cause can be addressed in a timely manner — often within a single day or even just a few hours.
“All those analytics allow my team to stay nimble, adapt as threats evolve, and capture any zero-day exploits that are sitting out there,” says Turner. “With Cisco Secure Endpoint, our mean time to detection is measured in hours, if not minutes, versus months or years. Because of how it ties back to the rest of the security stack that we use from Cisco, my team is able to go back through and pinpoint compromised systems in record speed.”
As the threat landscape and work environments continue to shift with the emergence of hybrid work, Per Mar remains secure. Its multi-layered defense provides robust protection against the full range of threat vectors. “Our Cisco technologies are just as critical today as they were when the world stopped spinning,” says Turner.
We are honored to play such a significant role in Per Mar’s continued success. Find out how your organization can maintain security resilience in the face of constant change.
Watch video: Per Mar Security gains threat visibility with Cisco Secure Endpoint
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Cisco Talos has a long-standing relationship with Ukraine, so when Russia invaded the country earlier this year, things hit close to home. Cisco Talos leaders rallied together to provide cybersecurity threat hunting to vital infrastructure, humanitarian support and goods and services to employees and their families in the region.
Ashlee Benge, Amy Henderson and Sammi Seaman spearheaded initiatives to support and sustain Ukrainian employees and threat hunters working around-the-clock to prevent cyberattacks and remember the human element. Even in the midst of crisis, they’ve facilitated open communication, emphasized mental health and cultivated connection.
Given Ukraine’s unique position on the front lines of cyberwarfare, Cisco Talos has had a very close partnership with Ukraine. The threat intelligence team has worked with several partners in the country from a cyber threat perspective. That long standing connection is part of why Russia’s invasion of Ukraine has been felt so deeply. “Some Ukrainian team members evacuated before the invasion, others did not,” said Amy Henderson, head of strategic planning & communications. “Our teams of threat hunters have been around-the-clock hunting in the data since the invasion. They’re stopping attacks from happening.”
Cisco Talos set up Cisco Secure Endpoint on about thirty partners’ organizations and extended the offering to critical infrastructure organizations in Ukraine such as hospitals, directly monitoring Cisco Secure Endpoint, “because their people are busy doing other things right now. They can’t sit at a screen,” Henderson said.
Lead of Strategic Business Intelligence Ashlee Benge directs the Ukraine Threat Hunting Task Unit which requires empathy, compassion and an awareness of the needs of forty-five threat hunters. Veteran threat hunters with decades of experience have volunteered to contribute to the team while other members of Cisco Talos have also volunteered their skill sets to the work. Benge values the distinct contributions of her team members and describes them as, “quite brilliant and very good at their jobs. Talos does a really good job of hiring good people, and so the worst thing that I could do is get in their way.” Getting in their way looks different for different team members which is why Benge has established trainings and consistent ways to evaluate that the needs of her team are being met.
The nature of such a demanding, on-going situation coupled with the team’s dedication can lead employees to work themselves into the ground. To combat this, leaders maintain weekly check-ins that include asking employees how they’re taking care of themselves and checking for signs of burnout. “When you have rest you’re at peak performance and can problem solve. But when you start burning out and get to be irritable and snappy, you’re not able to problem solve. Just step back. You’ll be in a much better head space,” Henderson advises.
Stepping back has meant rotating projects to level out activity levels and urgency. Leaders have also stepped in to ensure employees take time off and that when they’re away, they’re fully away. “When you’re in such a high intensity environment it takes two to three days just to come off of that. If you’re only taking a day here or day there, you’re not even scratching the surface of coming down. So I’ll suggest maybe you need to take a week and completely recharge,” Henderson says.
Team Lead of Employee Experience Sammi Seaman was heartened by Cisco’s support of Ukrainian employees including helping employees and their families out of cities and into new housing. The humanitarian focus led Seaman to ask “How else can we help? Our colleagues have had to leave their homes and they’re still trying to do work. How do I get them necessities like medicine and shampoo?”
Seaman’s empathy and collaboration within her team and with Cisco Talos leadership led to determining the highest needs including more stable internet and navigating the transport of goods directly to employees and their families through freight mail. Seaman worked with her team to ensure necessary items like medical kits could get directly to people who needed them as quickly as possible. There are also pages available coordinating housing, transportation and other forms of support.
“It’s been interesting to think about people needing medicine for various reasons and that I’m also buying Legos and castles so that the children who have been displaced have toys and things that bring them joy and allow them to be kids in this situation,” Seaman said.
As Seaman prepared more boxes to ship, an employee shared a photograph of his daughter with some of the things Seaman had sent. “I just started crying. It was such a relief.” A relief she wanted to share, leaving the boxes for a moment to connect with other team members around the positive impact of their hard work.
“Despite all of these things that are happening around us that are horrific and awful and things that shouldn’t be happening, there are still things that we can celebrate. We’re still humans who have feelings, relationships, milestones and holidays.” – Sammi Seaman
Remembering children also became important during spring holidays. Through asking employees if they celebrated Easter and if they’d like Easter baskets, she learned that many employees celebrated traditional Orthodox Ukrainian Easter and would appreciate the baskets.
Seaman’s colleague researched what people in Ukraine typically put in their Easter baskets and together they made the baskets, boxed them up and shipped them. “The baskets weren’t a necessity but were nice to remind people that despite all of these things that are happening around us that are horrific and awful and things that shouldn’t be happening, there are still things that we can celebrate. We’re still humans who have feelings, relationships, milestones and holidays.”
Outside of work, Benge competes as an Olympic weightlifter. After months of training, her first national level meet was scheduled to happen early into the war in Ukraine. She considered withdrawing given the 24/7 nature of Cisco Talos’ response. However, “only because of the support of those around me,” Benge decided to compete—while working from her phone in the warm up room between lifts. The physical movement allows Benge to manage her mental health and stress while modeling self-care for the team: “If I can’t be my own best self, then the people around me can hardly be expected to do the same.”
Self-care and mental health are so important to the team that Henderson and Benge recently joined their colleagues, Matt Olney, the director of threat intelligence and interdiction, and Strategic Communications Leader Mitch Neff on a Cisco Secure podcast about mental health. The conversation illuminated the importance of reaching out for help, utilizing support systems such as those provided by Cisco and talking to someone including a therapist.
“Using those types of resources is a valuable thing, particularly when managing very high levels of stress and anxiety that come with cybersecurity. No matter what kind of support it is that we need, it’s important to take that time and recognize that it’s valuable to invest in your own mental health,” Benge stated.
Seaman shared that because it can be hard to ask for help or delegate, when she does, she gives herself a pat on the back. She advises that especially in crisis situations it’s important to remember that while things need to get done, it’s not entirely on you to get those things done. “The leadership at Cisco Talos has really emphasized that you’re not alone. The employee assistance program has been a great resource and I’ve got a therapist that I talk to about these things and make sure that I’m taking care of myself so that I can continue to take care of others.”
The team’s bond and purpose run deep. “We care deeply about everyone that we work with. It’s okay to not be on at all times. It’s okay to feel sad and it’s okay to feel anxious. One of the things that I’ve loved about working with Cisco Talos, especially during these more difficult things, is that everybody’s got your back and they make it a safe space to share those feelings. I truly feel like the people I work with are like my family. We’re curated an environment where we can all talk about what we’re going through.”
To learn more about Cisco Talos, Cisco Secure and Duo Security and how you can apply your empathy, skills and passion to make a difference in cybersecurity, check out open roles.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
What is it that customers truly want from their security? Is it simplicity? Robust protection? Agility and flexibility? Yes! In today’s uncertain world where new challenges are being thrown at IT teams each day, security must meet many diverse needs. At the end of the day, it’s about keeping the entire business resilient despite the chaos of the cyber world.
As hybrid work, the move to the cloud, and increasingly insidious threats all converge to create layers of complexity, security teams must be extra vigilant and ready for what’s next. They need a comprehensive, integrated security system whose various components share information and work together to pinpoint attacks and minimize organizational impact — without introducing undue friction.
With businesses, networks, clouds and devices becoming so interconnected, delivering next-level security to match the future of work is a formidable undertaking — one that few vendors are positioned to tackle. But thanks to our nearly 40-year heritage of providing and protecting a vast amount of the world’s networking infrastructure, Cisco is up for the challenge.
“At a moment’s notice, we were able to transition 80 percent of our workforce to be remote — and our company was never remote before. Because of our Cisco solutions, we were able to deploy everything and have people work well remotely with very minimal issues.”
— Joseph Rodriguez, Assistant Director of IT, Allied Beverage Group
Delivering security that is simple, powerful and resilient is something we’ve been executing on for years, yet it’s never been more critical than it is at this very moment. The month of June has afforded us the perfect opportunity to showcase exactly how we plan to keep our customers cyber resilient both now and in the future.
Read about the five dimensions of security resilience.
During the RSA Conference and Cisco Live, we announced our strategic plan for the Cisco Security Cloud, a global, cloud-delivered, integrated platform that secures and connects organizations of any shape and size. As we continue to move towards the Cisco Security Cloud vision, we recently unveiled several advancements in our portfolio across SASE, XDR and zero trust.
You can read our news announcement to learn more about security resilience and how we’re delivering it. But more important than the ‘how’ is the ‘why.’ Why Cisco? What makes us uniquely positioned to secure your resilience?
As I mentioned, our customers have trusted us with their networks for nearly four decades. Currently, 80 percent of the world’s internet traffic travels through Cisco infrastructure — so we have a pretty good handle on what’s going on out there. From a security standpoint alone, we have over 300,000 customers around the globe, including 100% of the Fortune 100.
As a leader in both networking and security, the breadth and depth of our solutions is unmatched. While other vendors are just beginning to join networking with security, we’ve been doing it for years. And yet, we’re continually finding ways to simplify our robust solutions for a streamlined user experience — no matter the size of your organization, where your employees work, or whether your applications are on-premises, in the cloud, or both.
Learn more about security resilience for the hybrid work era.
In addition to unparalleled infrastructure and expertise, our open, cloud-native architecture allows you to integrate with a wide range of third-party security and technology solutions for more seamless threat defense. This includes the major cloud vendors, enabling you to secure a multi-cloud environment without getting locked in with just one public cloud provider.
Additionally, all of our solutions are backed by Cisco Talos, one of the largest commercial threat intelligence teams in the world. Combined with in-depth visibility from our Cisco Secure technologies, Talos’ extensive insight into the threat landscape leads to rapid, highly effective detection and response.
Even more crucial than what we have to say is what we have heard from our customers surrounding the “new normal” for security. “I think what the security industry could use right now is a real business outcome-oriented viewpoint,” said Tom Doughty, vice president and CISO at Prudential Financial. “Meaning, what are the strategic business outcomes you’re trying to enable? Cisco can help security teams be more aligned to our business and more resilient by allowing us to see at a granular level what’s happening in our environment, especially in an extended network.”
For the law firm of George Sink, P.A., the demands of supporting hybrid work accelerated the company’s move to the cloud. The firm is now using Cisco’s new, turnkey SASE solution to securely serve its clients under any circumstance — be it a pandemic or a hurricane. According to the firm’s CIO, Timothy Mullen, “The ability to…re-establish connectivity in another region almost immediately, with my small IT team, is unheard of and a game-changing experience.”
From financial to legal transactions, and much more, we can secure it all with our open, integrated protection platform and unwavering focus on resilience. We even had the honor of securing the Super Bowl earlier this year, helping to safeguard mission-critical gameday operations.
“The Super Bowl and events of that magnitude require a humongous orchestration of interconnectedness, not only from a technology perspective but also a people standpoint,” said NFL Chief Information Security Officer, Tomás Maldonado. “What we’re trying to do is slow down the bad actors and make it more difficult for them to attack us and impact what’s happening on the field. But at the same time, we also have to look beyond the field and think about all the various parts of our business that could be affected by an attack — recognizing that our risk factors are always changing.”
To learn more about how to keep your business strong in the face of adversity, visit our resilience web page and check out the blog from Cisco’s Jeetu Patel, “Security Resilience for a Hybrid, Multi-Cloud Future.”
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Extended Detection and Response, or XDR, the cybersecurity topic that dominated the RSA conference 2022 show floor with multiple vendors, has been getting a lot of attention lately, and for good reason. A connected, unified approach to detection and response promises to give security professionals all the tools and capabilities they need to address the ever-growing attack surface.
At Cisco, we wanted to get an independent view of what XDR means to a security operations audience, so we partnered with ESG on a survey conducted in April 2022 of 376 IT cybersecurity professionals in North America, which explored some key questions and trends for security operations centers as it relates to XDR. This new eBook, SOC Modernization and the Role of XDR, provides insights into the survey. Unsurprisingly, 52 percent of organizations surveyed believe that security operations are more challenging than just two years ago, and it’s clear cybersecurity professionals are looking for the next architecture to solve these challenges.
The distributed nature of the network is resulting in more data from multiple control points. The survey showed that while 80 percent of organizations are already using more than 10 data sources as a part of their security operations, they want even more as they realize the value of being able to aggregate, normalize, correlate, and contextualize data so they can take better actions faster. At the same time, 81 percent say that they have been impacted by the cybersecurity skills shortage, and more data without the capabilities and skills in place to act will only diminish the ability to address threats.
To help fill those skills gaps, improved threat detection playbooks and incident prioritization will be critical aspects of the security operations strategy. Another key tool widely recognized as important in building a foundation is the MITRE ATT&CK framework that can help your teams focus and understand adversary tactics and techniques based on real-world observations.
While a common industry definition remains elusive, one thing is clear: XDR will play a critical role in the modernization of the security operations center. Determining how it will help your security operations team, and which partners to work with as you build out your XDR approach, will determine your level of success.
You need XDR to transform your infrastructure from a series of disjointed solutions into a fully integrated ecosystem that gets you to your outcome more effectively and efficiently. Cisco has built XDR capabilities into the broad portfolio of our security products and easily integrates with existing solutions in your environment using open APIs. After you’ve read the ESG SOC Modernization and the Role of XDR eBook, we invite you to take a look at the Cisco XDR Buyer’s Guide, which outlines five key elements of XDR done right and provides some questions to ask as you consider which vendors you want to work with in building out your security strategy. Don’t wait to start planning how XDR will help your security operations team.
Source: ESG Research Study, SOC Modernization and the Role of XDR, June 2022
See XDR done right:
Cisco XDR Buyer’s Guide
The past few months have been chockfull of conversations with security customers, partners, and industry leaders. After two years of virtual engagements, in-person events like our CISO Forum and Cisco Live as well as the industry’s RSA Conference underscore the power of face-to-face interactions. It’s a reminder of just how enriching conversations are and how incredibly interconnected the world is. And it’s only made closer by the security experiences that impact us all.
I had the pleasure of engaging with some of the industry’s best and brightest, sharing ideas, insights, and what keeps us up at night. The conversations offered more than an opportunity to reconnect and put faces with names. It was a chance to discuss some of the most critical cybersecurity issues and implications that are top of mind for organizations.
The collective sentiments are clear. The need for better security has never been so strong. Securing the future is good business. Disruptions are happening faster than ever before, making our interconnected world more unpredictable. Hybrid work is here to stay, hybrid and complex architectures will continue to be a reality for most organizations and that has dramatically expanded the threat surface. More and more businesses are operating as ecosystems—attacks have profound ripple effects across value chains. Attacks are becoming more bespoke, government-sponsored threat actors and ransomware as a service, continue to unravel challenging businesses to minimize the time from initial breach to complete compromise, in the event of a compromise.
Regardless of where organizations are on their digital transformations, they are progressively embarking upon journeys to unify networking and secure connectivity needs. Mobility, BYOD (bring your own device), cloud, increased collaboration, and the consumerization of IT have necessitated a new type of access control security–zero trust security. Supporting a modern enterprise across a distributed network and infrastructure involves the ability to validate user IDs, continuously verify authentication and device trust, and protect every application—
without compromising user experience. Zero trust offers organizations a simpler approach to securing access for everyone, from any device, anywhere—all the while, making it harder for attackers.
Simplicity continues to be a hot topic, and in the context of its functionality. In addition to a frictionless user experience, the real value to customers is improving operational challenges. Security practitioners want an easier way to secure the edge, access, and operations—including threat intelligence and response. Key to this simplified experience is connecting and managing business-critical control points and vulnerabilities, exchanging data, and contextualizing threat intelligence. And it requires a smarter ecosystem that brings together capabilities, unifying admin, policy, visibility, and control. Simplicity that works hard and smart—and enhances their security posture. The ultimate simplicity is improved efficacy for the organization.
Insider cyber-attacks are among the fastest growing threats in the modern security network, an increasingly common cause of data breaches. Using their authorized access, employees are intentionally or inadvertently causing harm by stealing, exposing, or destroying sensitive company data. Regardless, the consequences are the same—costing companies big bucks and massive disruption. It’s also one of the reasons why “identity as the new perimeter” is trending, as the primary objective of all advanced attacks is to gain privileged credentials. Insider attack attempts are not slowing down. However, advanced telemetry, threat detection and protection, and continuous trusted access all help decelerate the trend. Organizations are better able to expose suspicious or malicious activities caused by insider threats. Innovations are enabling business to analyze all network traffic and historical patterns of employee access and determine whether to let an employee continue uninterrupted or prompt to authenticate again.
Supply chain attacks have become one of the biggest security worries for businesses. Not only are disruptions debilitating, but no one knew the impacts or perceived outcomes. Attackers are highly aware that supply chains are comprised of larger entities often tightly connected to a broad array of smaller and less cyber-savvy organizations. Lured by lucrative payouts, attackers seek the weakest supply chain link for a successful breach. In fact, two of the four biggest cyber-attacks that the Cisco Talos team saw in the field last year were supply chain attacks that deployed ransomware on their targets’ networks: SolarWinds and REvil’s attack exploiting the Kaseya managed service provider. While there’s no perfect way to absolutely protect from ransomware, businesses are taking steps to bolster their defenses and protect against disaster.
Security incidents targeting personal information are on the rise. In fact, 86 percent of global consumers were victims of identity theft, credit/debit card fraud, or a data breach in 2020. In a recent engagement discovered by the Cisco Talos team, the API on a customer’s website could have been exploited by an attacker to steal sensitive personal information. The good news is governments and businesses alike are leaning into Data Privacy and Protection, adhering to global regulations that enforce high standards for collecting, using, disclosing, storing, securing, accessing, transferring, and processing personal data. Within the past year, the U.S. government implemented new rules to ensure companies and federal agencies follow required cybersecurity standards. As long as cyber criminals continue seeking to breach our privacy and data, these rules help hold us accountable.
Through all the insightful discussions with customers, partners, and industry leaders, a theme emerged. When it comes to cybersecurity, preparation is key and the cost of being wrong is extraordinary. By acknowledging there will continue to be disruptions, business can prepare for whatever comes next. And when it comes, they’ll not only weather the storm, but they will also come out of it stronger. And the good news is that Cisco Security Business Group is already on the journey actively addressing these headlines, and empowering our customers to reach their full potential, securely.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
The past couple of years have brought security resilience to the forefront. How can organizations around the world build resilience when uncertainty is the new normal? How can we be better prepared for whatever is next on the threat horizon? When threats are unpredictable, resilient security strategies are crucial to endure change when we least expect it.
In a previous blog post, we assessed security resilience in Europe, Middle East, and Africa (EMEA). Now, we take a look at organizations in the Americas to find out how they fare across four security outcomes that are critical for building resilience, based on findings from Cisco’s latest Security Outcomes Study. These outcomes include:
Based on the following chart, clear differences emerge when we examine these outcomes at the country level. The chart shows the proportion of organizations in each country that are reportedly “excelling” in the four outcomes contributing to security resilience.
What we see is that 52.7% of organizations in Colombia, for example, say their security programs are excelling at keeping up with the business, while only 35.3% report that they are excelling at avoiding major incidents. You can follow each country’s path through the four outcomes to see how they view their respective performance in certain areas.
What’s really at the crux of these differences in security resilience among countries? Is Colombia that much more resilient than Mexico? Do organizations in different countries have varying definitions of what resilience is, and how they perceive their success? Reasons behind these country-level differences can be attributed to a variety of things, including security maturity, cultural factors and other organizational parameters.
Find out how our customers in the Americas
are staying cyber resilient with Cisco
Knowing what we know about how organizations across the Americas view their resilience, how can they improve it? The Security Outcomes Study, Volume 2, sheds some light here. In the study, we uncovered five practices proven to boost overall success in security programs, dubbed as the Fab Five:
So, how did countries in the Americas rank their implementation of these Fab Five practices? If we look at Colombia, for example, 64% of organizations say their capabilities for accurate threat detection are strong, while only 48.1% of Canadian organizations say the same. There is a lot of movement around the top three countries: Colombia, Mexico and Brazil. The U.S. ranks fourth consistently across the board.
You may be wondering if implementing these five security practices improved resilience across organizations in the Americas. Our study found that organizations in the Americas that do not implement any of these five practices rank in the bottom 25% for resilience, whereas those that reported strength in all five practices rose to the top 25%.
Resilience is a cornerstone of cybersecurity. The ability to quickly pivot while maintaining business continuity and robust defenses is increasingly important in today’s world. If you would like more insight on how to build a cyber resilient organization, please check out our resilience web page and the full Security Outcomes Study.
Watch video: What is security resilience?
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Managed services are an essential and fast-growing part of the security market, growing 14% annually. This opportunity presents new challenges MSPs must juggle day to day, including onboarding vendors and driving customer acquisition, all while making sure to provide robust IT solutions for your diverse set of clients. Clients are demanding more security and capabilities for a hybrid workforce, which provides a great opportunity for MSPs like you to grow your business.
We love our MSP community and want to help you deliver great security solutions to your clients. After speaking with many of you to understand how Cisco can help unlock growth for your businesses today, we developed a simplified buying model that delivers faster time to value. Cisco Secure MSP was born.
Secure MSP center was launched in the US market in November 2021 and MSPs across America have been rapidly transacting their business on MSP Center. We are excited to announce we are expanding this direct buying experience to Canadian MSPs in local Canadian Dollars for faster time to value and better ROI for your business.
It is a lightning fast and direct buying experience of SaaS security- No invoicing. Straightforward market pricing. And easy click-to-accept agreements. Cisco Umbrella’s market-leading DNS security is currently available with more SaaS security products coming soon.
It’s a simple three-step process that takes just minutes, from signup to deployment.
Step 1 – You can sign up here and login with your Cisco ID (or create one)
Step 2 – Provide billing and credit card information and sign a click-to-accept agreement
Step 3 – Get access to our world class Cisco Umbrella DNS security offer
From here, you can onboard your clients and start providing the first line of defense through Umbrella DNS Security product instantly. Sign up to deployment takes minutes – not hours or days.
From here, you can onboard your clients and start providing the first line of defense through Umbrella DNS Security product instantly. Sign up to deployment takes minutes – not hours or days.
There are no minimums or upfront fees. Your credit card will be charged on the first of the month and you’ll receive a detailed invoice. This is a simple, no hassle, and post-paid consumption-based model.
Other perks include a dedicated partner account manager alongside our sales engineer, who will help you not only with product deployments but also work with you to grow your business. We also have an MSP specialist team to answer your questions.
Partners currently using Secure MSP Center have had great things to say –
“Wow, this was a much easier process than I thought it would be”
“I’m glad Cisco created a program and process that was this simple”
“I thought this would be more complicated”
“That’s all there is to it?”
So, what are you waiting for? Come and take the first step in simplifying security offers for your clients. Sign up here: cisco.com/go/securemsp.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
No, ransomware attacks are not random. From extortion to data breaches, ransomware is always evolving, and is becoming very lucrative with ransomware-as-a-service kit making it easier to target organizations. The days of just a single bad actor searching for vulnerabilities in your security stack are over. Security Operations Centers (SOCs) and the security analyst community are dealing with a sophisticated global network of adversaries who can do irreversible damage. The conversation must shift from how we can prevent a breach to how do we prepare for the inevitable breach.
Recently I found out that the small private college I attended right out of high school closed their doors permanently, falling victim to a targeted ransomware attack. This institution not only provided an education but also contributed to the local economy in this rural town for over 150 years.
The cyberattack occurred during the pandemic when most educational institutions had suddenly shifted to remote learning. Adversaries knew that the shift to remote learning would expose the college’s lack of acceptable tools for monitoring and managing applications, frequently from unsecure locations.
Unfortunately, the hackers were able to halt all admission activities, locked the administrators out from accessing critical data pertaining to the upcoming school year and ultimately, forced the school to close their doors – even after they paid the hackers the ransom.
And this is not an isolated case – Comparitech published a story ‘Ransomware attacks on US schools and colleges cost $3.56bn in 2021’ and outlined how threat actors have evolved with their ransomware attacks on schools and colleges. This is particularly concerning as many of these institutions do not have the skillsets or resources to protect their students or organization from these attacks. Below you can review their findings from a study done between 2018 – 2022:
In 2021:
Just having a firewall alone will not stop all of the attacks, it’s just a matter of time before you experience a breach. Once the breach happens, you need a security system that will quickly detect and remediate the threat .
Resiliency must be a critical outcome for any security solution and Cisco Secure Endpoint is built to stop hackers at the point of entry. Our cloud native solution allows your security operations team to quickly detect and respond to threats minutes after a breach occurs.
Small to medium size businesses, hospitals, and educational institutions internal network will rely on cyber insurance in-lieu of a fully staffed, skilled cyber-security team. In today’s climate of ever-increasing sophisticated cyber threats this won’t cut it. You will need an agent that quickly detects, responds, and has visibility across your different security solutions.
With Cisco Secure Endpoint Pro we are equipped to assist with the responsibility of monitoring your endpoints for cyberattacks. With 24/7/365 monitoring capabilities, our SOC will quickly detect and remediate any threats that targets your organization. Secure endpoint pro provides flexibility and the option of letting our SOC team do the heavy lifting while you focus on your core business.
Tangible outcomes provided by Secure Endpoint and Secure Endpoint Pro:
An effective managed endpoint detection and response solution frees up time for your SOC team along with accelerating detection and response time. Cisco Secure Endpoint can reduce incident response time by as much as 97%, which limits the damage threat actors can cause after you have been breached.
Cisco Security has launched a solution geared towards protecting your school’s network by blocking malicious threats before they enter the endpoint and compromising your data. The secure endpoint agent is deployed, sits on the school endpoint freeing up time from a stretched thin IT department.
Don’t know where to get started? Check out how our EDR solution got you covered below and how to contact us to learn more.
Interested? Reach out to grantsquestions@cisco.com to learn about public funding options available in your state.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
As the world continues to face formidable challenges, one of the many things impacted is cybersecurity. While recent challenges have been varied, they have all contributed to great uncertainty. How can organizations stay strong and protect their environments amidst so much volatility?
Lately we’ve been talking a lot about security resilience, and how companies can embrace it to stay the course no matter what happens. By building a resilient security strategy, organizations can more effectively address unexpected disruptions and emerge stronger.
Through our Security Outcomes Study, Volume 2, we were able to benchmark how companies around the world are doing when it comes to cyber resilience. Recent blog posts have taken a look at security resilience in the EMEA and Americas regions, and this post assesses resilience in Asia Pacific, Japan and China (APJC).
While the Security Outcomes Study focuses on a dozen outcomes that contribute to overall security program success, for this analysis, we focused on four specific outcomes that are most critical for security resilience. These include: keeping up with the demands of the business, avoiding major cyber incidents, maintaining business continuity, and retaining talented personnel.
The following chart shows the proportion of organizations in each market within APJC that reported “excelling” in these four outcomes:
There is a lot of movement in this chart, but if you take a closer look, you will see that many of the percentage differences between markets are quite small. For example, 44.9% of organizations in the Philippines reported that they are proficient at keeping up with the business, with Mainland China closely following at 44.4%.
The biggest difference we see between the top spot and the bottom spot is around retaining security talent—42.4% of organizations in Australia reported that they were successful in that area, while only 18.3% of organizations in Hong Kong reported the same.
Next, we looked at the mean resilience score for each market in the region:
When we look at this, we can see the differences between the top six and bottom seven markets a bit more clearly. However, as the previous chart also showed, the differences are very slight. (When we take into account the gray error bars, they become even more slight.)
There are many factors that could contribute to these small differences when it comes to security resilience. But the most important thing to be gleaned from this data is how each market can improve its respective resilience level.
The Security Outcomes Study revealed the top five practices—what we refer to as “The Fab Five”—that make the most impact when it comes to enhancing security. The following chart outlines the Fab Five, and demonstrates how each market in the APJC region ranked its own strength across these practices.
If we look at Thailand, for example, 69.1% of organizations say they are adept at accurate threat detection, while only 28% of organizations in Taiwan say the same. Like in the previous charts, there is a lot of movement between how various markets reported their performance against these practices. However, it’s interesting to note that Taiwan remained consistent.
So does implementing the Fab Five improve resilience across organizations in APJC? Looking at the chart below, it’s safe to say that, yes, implementing the Fab Five does improve resilience. Organizations in APJC that did not implement any of the Fab Five practices ranked in the bottom 30% for resilience, whereas those that reported strength in all five rose to the top 30%.
While building resilience can sometimes seem like an elusive concept, we hope this data provides some concrete benchmarks to strive for in today’s security programs.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Instagram
Facebook
Twitter
LinkedIn
Few security career paths are linear. For Stephanie Frankel the journey to Cisco Secure was circuitous. The Ann Arbor, Michigan native studied journalism at the University of Michigan before managing communications for the Washington Capitals and NBC Sports. But after several stints at communications agencies, she charted a new path for herself in cybersecurity. Not only has her diverse background served as a strength in her current role as senior manager for strategy and operations, but it’s also informed her management philosophy.
After doing project management and account direction at consulting agencies, Frankel was interested in honing her skills and expertise on the client side. She had heard amazing things about Duo and wanted to stay in Ann Arbor and work for a company with local roots. After interviewing, Frankel realized that “working at Duo was a cool, exciting opportunity with a really awesome group of people.”
Frankel was on the ground running working as a technical project manager in research and development overseeing the Multi-Factor Authentication, applications and mobile engineering teams despite not having worked in information security before.
Duo’s security education allowed Frankel to understand the industry and is something she values for getting more people into the cybersecurity field. At Duo and Cisco Secure, employees come from a variety of backgrounds and some don’t have much (or any) experience with cybersecurity.
Robust educational programs build knowledge about security and specific products which empower new team members to grow and learn. Every team also has a learning and development budget for employees to quench their curiosity and enhance their knowledge through courses, books or other programs Manager of Global Employee Programs Anndrea Boris shared.
“People are open to having conversations and open to ideas and ways to solve those ideas. If you have an idea of how to solve a problem, no matter whether it’s your job or not, people are open and willing to listen to you.” – Stephanie Frankel
Something Frankel also appreciates most is that ideas are valued at Duo and Cisco Secure: “Even in my first job, I would have ideas and go to my boss or our head of engineering and say, ‘Hey, I think this could be a really cool opportunity, and I think it needs this.’ People are open to having conversations and open to ideas and ways to solve those ideas. If you have an idea of how to solve a problem, no matter whether it’s your job or not, people are willing to listen to you.”
After a year, Frankel moved from engineering to marketing to run operations for Duo’s in-house brand team, leading the team through a rebrand. “The team really rallied behind this new brand and it was amazing to see their pride and hard work when sharing it,” she said. With Frankel’s leadership, the team showcased not only the new look and feel of the brand but also the customer research that went into understanding the need for the change.
“Our amazing team knew that for it to catch on internally we needed to help people understand the why. The team put together an amazing training and went around the company to help people understand the security buyer, the industry overall and our differentiators and how we could do all of this within the umbrella of Cisco,” she said.
Recognizing that she most enjoys and feels best suited for a strategic operations role, she had open conversations with her manager. “I told my boss, ‘It’s just not a great fit.’” Her manager was very supportive, and they worked through potential options. “You’ll find a lot of that at Cisco,” she said.
Now as senior manager in the Strategy and Operations Group within Cisco’s Security and Collaboration division, Frankel runs key initiatives for business operations that drive business growth. She is empowered to creatively solve problems and collaborate “with all the stakeholders within each group to move these programs forward, to understand the problems we’re looking to solve, create objectives, a program plan, and continue to track metrics and progress towards those ultimate goals,” she said.
A self-described “over communicator,” Frankel believes that as a leader, “the more you communicate and the more transparent you are, the better.” Frankel loves leading people who are experts in their fields and letting them do what they do best.
On the brand team, for example, she trusted her team’s expertise in producing stories, videos and animations to demystify Cisco’s security products.
“All I needed to do was give them the objective and the goals and they were able to come up with the solutions,” Frankel said.
She fondly remembers the boss at one of her first jobs out of college. In that job Frankel wrote press releases and wanted her boss to fully approve the final versions before sending them to the media. Once her boss told her, “Stephanie, if you keep giving it back to me, I will keep finding things to change. I trust you to know when it is ready to go.” That confidence in her so early in her career “gave me so much confidence in myself,” she said.
Frankel emulates his approach to management by recognizing that each employee has different needs in their lives, in their careers, and in how they like to receive feedback. From that boss Frankel first learned that for every piece of negative feedback, you must give four pieces of positive feedback for “someone to actually hear it because that’s how you balance things out in your mind.”
Frankel believes feedback is crucial for growth. “I don’t see how you can improve or grow without it, no matter what level of your career you’re at. Feedback shouldn’t be taken as negative, as much as it is a way for you to improve,” she said.
One of the most helpful things Frankel learned in a Cisco class for managers was the importance of asking a person if they are in a good place to receive critical feedback. “You might not be in the mindset to accept the feedback and to do something constructive with it,” she said. ”If you’re having a bad day or struggling, you could say, ‘You know what, I’m not going to be able to take it today, but let’s talk tomorrow and I’ll be in a better place to receive it.’’’
Frankel has spent the last year thriving in a role she never anticipated in an industry her college training in journalism didn’t fully prepare her for. The secret, she says, is keeping an open mind to new possibilities and a willingness to take on new challenges, even if you don’t feel 100% ready.
“A lot of it is getting real world experience and learning your way through it and knowing that there’s a lot of opportunities and a lot of people that are willing to teach you,” she said.
To pivot professionally Frankel advises not feeling pigeonholed just because you studied a particular topic or have been in a certain industry for a long time. Take what you can from where you started such as storytelling and communications skills in the case of journalism for Frankel. While trying something new may require taking a different level or type of job “sometimes it’s worth it because you have that opportunity to grow and you might find you’re happier somewhere else,” she said.
When discerning professional steps Frankel recommends having open and honest conversations with yourself and others such as mentors.
“Cisco has so many mentorship programs and so many people that are knowledgeable about a lot of things,” she said. ”Just because your current role isn’t a great fit doesn’t mean that there’s not another good fit within the corporation, or it doesn’t mean that you can’t create your own good fit.”
Did you know that Cisco offers cybersecurity trainings and certifications? Start developing your cybersecurity skills today! And if you’re ready to jump into an exciting new career in security, check out the open roles at Cisco Secure and Duo Security.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
We have entered a world where uncertainty has become the normal operating mode for everyone. Within this new frontier, cybersecurity has become even more challenging. However, some cybersecurity professionals have stood out, using their unique skills and resourcefulness to protect the integrity of their businesses, and to withstand unpredictable and dynamically changing threats. In the end, they, and their businesses have emerged even stronger.
These accomplishments have lead them to be selected from over more than 700 Cisco Cybersecurity Advocates – who are also members of Cisco Insider Advocates – to join the League of Cybersecurity Heroes.
Cisco Insider Advocates is a peer networking community developed several years ago for Cisco customers around the globe. Currently, over 14,000 customers are using it to share technology insights, feedback, and best practices, and also to make meaningful connections with others in the industry. We at Cisco believe that when we connect, anything is possible, and the Insider Advocacy program is a great example of the great things that can happen when people come together.
As the global CISO of Mediapro, Roberto has deployed Cisco SecureX together with Umbrella, Secure Endpoint, Secure Firewall, ISE, NGIP, Threat Response, AnyConnect, and Web security. With this partnership, Mediapro has reduced its threat detection time by 90%. In addition, they have seen no false positives in their threat detection alerts. It is rare to boast of a 100% success rate, but they can boldly make that pronouncement. All of this has also benefitted Mediapro financially by incurring zero fines for any compliance issues
What do music, cybersecurity, and teaching all have in common? They all culminate in a readiness to perform. Equally, they all require collaboration, comfort with the unexpected, and a passion for the job. Blair exemplifies the best of these traits, and in doing so, he provides inspiration and excellence to all with whom he interacts. Watching Blair at work makes one wonder if there are more hours granted to him during a day than the average person. He is a time-maximizer, spending most of that time in the service of others.
Too often, cybersecurity certifications are treated derisively by some of the very professionals who need them most. This is not the case with Kevin, who can list the many benefits of attaining certifications. Kevin’s desire to improve his knowledge doesn’t stop with technology and cybersecurity. He is an avid reader of anything that can raise him up to be better than he was the day before. With a career that started in the US Marine Corps, Kevin continues to learn and grow, all the while remaining as masterful at a computer keyboard as he is his with his traditional 55-gallon-barrel BBQ smoker and grill.
Steve is a Senior Cybersecurity and Network Architect at Lake Trust Credit Union. Like most organizations, Lake Trust has had to transition to a completely remote workforce quickly, and thanks to Secure Network Analytics, they were able to transition the employees to work remotely while maintaining the same high level of visibility and protection in place. Steve was the subject of a case study about the benefits that Cisco products have brought to Lake Trust Credit Unions’ customers. He is currently collaborating to update that information to share more of his knowledge.
Being the Head of Information Technology is never an easy job. However, when food manufacturer, Leng-d’Or, was faced with a challenge during the pandemic that could have interrupted its production line, quick thinking, skilled leadership, and a close partnership with Cisco all lead to positive outcomes, and helped them to pull through stronger than before. Part of this success comes from Enric’s distinct understanding of the threats, solutions, and processes needed to bring security to a higher level for the Leng-d’Or organization. Enric also shares his success story very freely, adding immeasurable benefits to the security community.
Cybersecurity is truly a global discipline. Tony Dous proves this by practicing his craft as a Senior Network Security Engineer in Cairo, Egypt. Tony’s involvement with the Cisco community shows how no distance is too far for a motivated cybersecurity professional.
When John Patrick is on the job, there is no longer any feeling that the criminals are one-step ahead of the good guys. He adopted Umbrella together with Meraki to develop a proactive security approach inside his organization. John Patrick created a more unified network from a patchwork of disparate entities. In doing so, he reduced the complexity within the environment. Complexity is so often responsible for security gaps, and John Patrick’s work not only corrected those gaps, but he brought people together in the process. He and his team received great feedback from the employees, who enjoyed a consistent network experience.
We often hear stories about teenagers who become enamored with technology, leading to the fulfillment of a dream. Amit Gumber became interested in cybersecurity at an early age, pursued his passion and has worked in the field ever since. His sense of advocacy is best described in his own words: “I’m quite passionate about sharing knowledge and ideas with peers and participating in collaborative activities.” Amit’s use of Cisco technologies has helped HCL Technologies to stabilize and secure their environment.
One of the most important factors for success is insatiable curiosity. Mark Healey is a continuous learner, and he is an example of someone who enthusiastically shares his knowledge. Whether it is on a personal level, or through his high engagement as part of the Cisco Insider Advocates community, or as an active member of the Internet Society, Mark is an evangelist and a positive voice for cybersecurity.
Wouter holds a special designation, not only as a member of the League of Cybersecurity Heroes, but also as the recipient of the “Cybersecurity Defender of the Year” award. Wouter is an active participant in the cybersecurity community, working with an almost evangelical zeal towards sharing the importance of holistic cybersecurity. His contributions stand out towards making the cyber realm a safer place.
It is often said that the job of a cybersecurity professional in an educational facility is especially challenging. When that facility happens to be the largest in an entire country, with over 4,000 schools and universities, the job of protecting it can seem insurmountable. At AzEduNet, in Azerbaijan, Bahruz and his team is tasked with securing the network for its 1.5 Million students. With Cisco Secure, the security team reduced security incidents by 80%. This not only ensures access for the students, but also keeps the data safe.
Many people want to enter the cybersecurity profession, but few have the dedication and perseverance to fully embrace the skillset required to meet that goal. Walther Noel not only had the desire to refocus his career, but he proved it by earning the CyberOps Associate Certification. His accomplishment is a prime example of how one can step outside of their comfort zone to grow and thrive.
Pascual demonstrates how important it is to make the most of the learning opportunities in Cisco Insiders Advocates. While already a successful NOC engineer, he sought to advance his professional development by studying cybersecurity. He passed the CCNA CyberOps 200-201 exam, moving him closer to propelling his career to even higher achievements.
One of the noblest expressions of knowledge is the desire to freely share that information. Inderdeep lives up to this ideal, offering his expertise to all with no expectations of reciprocity. His charitable spirit has not gone unnoticed, as he has been a previous award winner for Cisco IT Blogs, as well as a designation on the Feedspot top 100 Networking Blog.
Being the first to try a new technology can be a risky proposition. However, as a COO, risk calculations are in one’s blood. Luigi, along with the Sara Assicurazioni organization, hails as the first company in Italy to embrace cloud technology. As a company with more than one million customers, this was a bold initiative that required careful planning, keen insight, and above all, collaboration. In the end, this has resulted not only in a digital transformation, but a business transformation.
Whether it is a technical achievement, a personal triumph, or a spirit of helping others, each member of our League of Cybersecurity Heroes proves how technology and humanity can work together to accomplish the impossible. Congratulations to all of them!
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Instagram
Facebook
Twitter
LinkedIn
We’ve all seen the headlines like “race to the cloud” and “cloud-first.” These articles and publications are true, more and more customers have adopted cloud strategies, but there is more to the story. In these customer conversations, cloud security and network security are often discussed in unison. Why is that?
Customers desire freedom and choice when establishing resilience across every aspect of their business, and this requires both the ability to remain agile, and maintain control of their organization’s most sensitive data. Neither of these can be achieved with just the cloud, or private data center. Organizations are investing in hybrid-multicloud environments to ensure continuity amidst unpredictable threats and change. But these investments will fall short if they do not include security.
The modern enterprise relies on the network more than ever before, and it looks a lot different than it did 10 years ago. According to our 2022 Global Hybrid Cloud Trends Report, where 2,500 global IT leaders were interviewed across 13 countries, 82% said they have adopted hybrid cloud architectures, and 47% of organizations use between two and three public IaaS clouds1. As organizations have grown more dependent on the network, the more complex it has become, making firewall capabilities the most critical element of the hybrid-multicloud security strategy. And Cisco has a firewall capability for every strategy, protecting your most important assets no matter where you choose to deploy it.
In May, Cisco brought offerings from Umbrella and Duo to the AWS Marketplace. Today at AWS Re:Inforce, Cisco Secure announced furthering its partnership with AWS to drive innovation with the goal to protect the integrity of your business. Validating our commitment to hybrid-multicloud security, Cisco has received the AWS Security Competency Partner designation for Network and Infrastructure Security. This designation was awarded through our demonstrated success with customer engagements and rigorous technical validations of Secure Firewall.
This week at AWS Re:Inforce, customers can stop by our booth to see our latest firewall innovation. Cisco Secure Firewall as-a-service on AWS builds on our existing portfolio, giving organizations greater flexibility and choice with a radically simplified SaaS offering. If organizations are truly to embrace security across the multi-environment IT, customers demand simplification without compromising security. With a SaaS-based form factor, management and deployment complexity is reduced. NetOps and SecOps teams will enjoy a simplified security architecture where provisioning of firewalls and control plane infrastructure are managed by Cisco. This will save your teams time by removing the need to rearchitect the network, freeing them to focus on protecting the integrity of your business.
As organizations continue to move more of their day-to-day operations to the cloud, Cisco and AWS are committed to ensure that security is an integral part of their hybrid multi-cloud strategy. We all have seen the impact of security that is bolted on, or too complex. If we are truly to find that balance between agility and protection to ensure business continuity, we need to ensure the same protections we have in the private infrastructure are easily consumed no matter where your data may roam.
Product page: Cisco Secure Firewall for Public Cloud
Partner page: Cisco solutions on AWS
Blog: Securing cloud is everyone’s responsibility
Quick Start page: Cisco solutions on AWS
Amazon Partner Network page: Cisco solutions on AWS
2022 Global Hybrid Cloud Trends Report
1 Henderson, N. & Hanselman, E. (2022, May 25). 2022 Global Hybrid Cloud Trends Report.
S&P Global Market Intelligence, commissioned by Cisco Systems.
https://www.cisco.com/c/en/us/solutions/hybrid-cloud/2022-trends.html ‘
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
We’re excited to announce Cisco Secure Client, formerly AnyConnect, as the new version of one of the most widely deployed security agents. As the unified security agent for Cisco Secure, it addresses common operational use cases applicable to Cisco Secure endpoint agents. Those who install Secure Client’s next-generation software will benefit from a shared user interface for tighter and simplified management of Cisco agents for endpoint security.
Now, with Secure Client, you gain improved secure remote access, a suite of modular security services, and a path for enabling Zero Trust Network Access (ZTNA) across the distributed network. The newest capability is in Secure Endpoint as a new module within the unified endpoint agent framework. Now you can harness Endpoint Detection & Response (EDR) from within Secure Client. You no longer need to deploy and manage Secure Client and Secure Endpoint as separate agents, making management more effortless on the backend.
Within Device Insights, Secure Client lets you deploy, update, and manage your agents from a new cloud management system inside SecureX. If you choose to use cloud management, Secure Client policy and deployment configuration are done in the Insights section of Cisco SecureX. Powerful visibility capabilities in SecureX Device Insights show which endpoints have Secure Client installed in addition to what module versions and profiles they are using.
The emphasis on interoperability of endpoint security agents helps provide the much-needed visibility and simplification across multiple Cisco security solutions while simultaneously reducing the complexity of managing multiple endpoints and agents. Application and data visibility is one of the top ways Secure Client can be an important part of an effective security resilience strategy.
Visit our homepage to see how Secure Client can help your organization today.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Instagram
Facebook
Twitter
LinkedIn
Over her 25-year-plus career, Saleema Syed has seen the information security industry from a variety of vantage points, all while championing women in technology. Syed worked as director of business systems and data management for Duo Security before rising to vice president of information technology. Later, after Duo was acquired by Cisco, she transitioned to new roles within the larger organization and now heads up operations for Webex Marketing. In this position Syed brings structure across different functions of marketing including brand, events and technology while also serving as chief operating officer for Chief Marketing Officer Aruna Ravichandran.
“I fell in love with the culture, the kindness, the heart of this company,” Syed said.
Recently, she shared her passion for problem solving and inclusion with the Duo Blog, along with the advice she gives mentees navigating their own career paths.
Saleema Syed: I like chaos and I love putting a method to the madness. With marketing we have to react to the market, react to the business, react internally. What energizes me is there’s never a dull day and there is always this ability to bring some overall end to end process.
I love running towards a burning car and figuring out how to put it out. I love change. I know change is the only constant and rather than running away from it, I thrive in it. I like to look at it and ask, “What can we do to break it down and figure out what we need to do?”
My brain works in terms of boxes and flows and charts and spreadsheets so when I look at something I’m like, “Okay, what is a box? What is a process? How do I untangle it?” I like sitting in the discomfort and understanding what to do to get out of it.
Saleema Syed: There are three things I always keep in mind when I look at what I’m doing and where I want to be. One is, at the core of it, does it fill my cup of empathy and allow me to be true to who I am in how I treat people or how I build a team?
The second thing is, will I have the opportunity to influence and impact the people on the team or my family? How do I show myself to my daughter who is growing and seeing how to become who she is as a career person?
The third thing is, is it something new and am I learning something? Continuous learning is a huge part of who I am, so that drives me to get out of my comfort zone constantly.
When I’m changing jobs people usually say, “You’ve set up this team, you’re so comfortable. Now all you have to do is sit back and execute.” And my answer is, “That’s exactly why I am moving.”
If I am comfortable I’m not learning, and I don’t know if I’m adding any more value than I’ve set up. That means it’s time for me to move on and elevate somebody. What I’m doing is sending the elevator down to somebody on the team to grow.
That’s why I’ve had people who work for me for many years follow me through multiple organizations, which as a leader has been my pinnacle of what I call my success. Success is not my role; it is how many people I have impacted and influenced.
Saleema Syed: I keep going back to Duo because working at that organization and meeting those people defined me as a human being. One of the strategic pillars of that organization is to be kinder than necessary.
However complicated the work challenges are, those around me must be aligned with what my integral values are and who I am. They have to have empathy and kindness in their heart. If that is not there, no matter how much I love solving challenges and know I can solve them, I’m not going to go for it. I’ve been extremely lucky at Duo, Cisco and Webex that I’ve been around those kinds of people.
If you look at Webex, I love the core of what we are, the journey we are on, the inclusivity. We are not just selling Webex messaging or other products. At the heart of it we are looking at how we are influencing people and things around us by making sure that there is inclusivity in the collaboration tools that we are launching.
Saleema Syed: My leadership style is pretty simple: nobody works for me; people work with me. I lead with making sure that people know this is the problem you’re trying to solve, here is the context of what we are trying to do. Now, let’s figure out how we solve it. That is something that has helped my team be part of the problem solving that I love to do.
When I interview people my first questions are, “What does the job bring to you? How would this job fill your cup?” That throws people off every time. You can teach any technology, you can teach any skill set, but if you don’t have the basic passion, the attitude to be able to do this job, then everything else can just go out the door.
Saleema Syed: I have a very diverse background. I am an Indian by birth and grew up in the Middle East. When I went into engineering, finished my education and started my career, one of the things I realized was that as a woman of color, I always wanted to apply for positions that I was fully qualified for. I wanted to make sure I knew everything about the job because a very big fear was being asked a question in the interview I didn’t know. LinkedIn’s Gender Insights Report found that women apply for 20% fewer jobs than men despite similar job search behaviors. That has been a very challenging mental barrier for me to break.
Trey Boynton, who was at Duo and now she’s leading Cisco in a beautiful journey of diversity as the senior director of inclusion and collaboration strategy always said, “We have to have that bicycle lane on the road, whether it is for females, whether it is for people of color or any LGBTQIA+ community members. That is how we get people to bring that confidence in to learn, grow and then they can merge easily.”
“Passion is a part of who I am and is contributing to my growth.” – Saleema Syed
Whatever I faced as I was growing up, whether it was my dark skin, whether it was my accent, whether it was, “Oh, you’re way too passionate” has been some of the feedback that I’ve gotten. In my career if I’m told I’m way too passionate I turn that around and say, “Passion is a part of who I am and is contributing to my growth.”
Saleema Syed: Within Webex, within Cisco, I try to be part of anything that I can do in terms of giving back to the community. I’m definitely a big proponent of women in technology. In the local Dallas area I run a program by myself and go into schools and advocate for girls in STEM. Cisco is amazing in how it gives us time to volunteer. I love that educating kids is part of my journey of giving back. That’s the generation you can influence.
How do we enable children and women to be more open to technology and being part of the technology field? Let’s look at the percentage of diversity in the technology field and be aware of it. It’s not only about the diversity numbers, but are we bringing in candidates at the leadership level and giving them not just a seat at the table but a voice at the table, too?
You also have to talk about what you do and with passion and energy because if you don’t, people get intimidated. If you can influence one person who comes from an underrepresented community, imagine what you are doing, not just for that person, but for his household, for his family, for his extended community. I have a lot more to do, but as I get into the next decade of my life and my career, that is something that is a huge focus for me.
Saleema Syed: First and foremost it’s very important to spend time and understand the business and the products in whatever industry you’re going into. It is key to your growth. Especially if it’s a security industry, take time to understand the products, the technology or the function that you’re trying to get into. Contextual understanding and product understanding are extremely important.
The second piece is to keep learning. Cisco is amazing in trying to help you learn and support you financially to be able to do it. I went back and got my executive MBA four years ago. Give yourself a goal of learning a new something, whether it is a new function, new technology or new leadership skill.
The third piece is to create a spreadsheet of where you want to be in two years. Put that out there and then work back just like you would do a project plan. Work back month by month, quarter by quarter. What are the skill sets you need to learn to get there?
The last part is: Do the job you want versus the job you are in. Of course, you have to do the job you are in, but do the job you want to get to. Don’t wait for a title, don’t wait for a promotion to act. No. What do you want to be? Show that to your leaders and yourself. The title will come, money will come, everything will come, but am I doing the job that I want and enjoy and I want to get to?
To learn more about Webex, Cisco and Duo Security and how you can apply your passion, advocacy and problem solving to make a difference in cybersecurity, browse our open roles.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Ransomware and other advanced attacks continue to evolve and threaten organizations around the world. Effectively defending your endpoints from these attacks can be a complex undertaking, and a seemingly endless number of security acronyms only compounds that complexity. There are so many acronyms – EPP, EDR, MEDR, MDR, XDR, and more – for various cybersecurity products and services that it becomes difficult to understand the differences between them and choose the right solution for your organization. Deciphering all these acronyms is a task on its own and deciding which solution works best for you is even more challenging.
We here at Cisco believe that understanding these acronyms and determining which security products or services are the best fit for your organization’s needs doesn’t have to be so hard. That’s why we developed this blog – the first in a series – to give you an overview of the different types of threat detection and response solutions.
This series will help you understand the benefits and disadvantages of each solution, the similarities and differences between these solutions, and how to identify the right solution for your organization. Now let’s go over the different types of security solutions.
There are several types of threat detection and response solutions, including:
These solutions are similar in that they all enable you to detect and respond to threats, but they differ by the environment(s) being monitored for threats, who conducts the monitoring, as well as how alerts are consolidated and correlated. For instance, certain solutions will only monitor your endpoints (EDR, MEDR) while others will monitor a broader environment (XDR, MDR). In addition, some of these solutions are actually managed services where a third-party monitors your environment (MEDR, MDR) versus solutions that you monitor and manage yourself (EDR, XDR).
When evaluating these solutions, keep in mind that there isn’t a single correct solution for every organization. This is because each organization has different needs, security maturities, resource levels, and goals. For example, deploying an EDR makes sense for an organization that currently has only a basic anti-virus solution, but this seems like table stakes to a company that already has a Security Operations Center (SOC).
That being said, there are a few questions you can ask yourself to find the cybersecurity solution that best fits your needs, including:
Of these questions, the most critical are about your security goals and current cybersecurity posture. For instance, organizations at the beginning of their security journey may want to look at an EDR or MEDR solution, while companies that are further along their journey are more likely to be interested in an XDR. Asking whether you already have or are willing to build out a SOC is another essential question. This will help you understand whether you should run your security yourself (EDR, XDR) or find a third-party to manage it for you (MEDR, MDR).
Asking whether you have or are willing to hire the right security talent is another critical question to pose. This will also help determine whether to manage your cybersecurity solution yourself or have a third-party run it for you. Finally, questions about visibility and context, alert, and security tool fatigue, as well as detection and response times will help you to decide if your current security stack is sufficient or if you need to deploy a next-generation solution such as an XDR.
These questions will help guide your decision-making process and give you the information you need to make an informed decision on your cybersecurity solution. For more details on the different endpoint security acronyms and how to determine the right solution for your organization, keep an eye out for the next blog in this series – Unscrambling Cybersecurity Acronyms: The ABCs of EDR and MEDR. Stay tuned!
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Instagram
Facebook
Twitter
LinkedIn
With a rising number of cyberattacks targeting organizations, protecting sensitive customer information has never been more critical. The stakes are high due to the financial losses, reputational damage, legal & compliance fines, and more that often stem from mishandled data. At Cisco Secure, we recognize this and are continuously looking for ways to improve our information security practices.
As a result, we are excited to announce that we have achieved SOC 2 compliance for the Cisco Secure Endpoint solution, Cisco Malware Analytics, and the Cisco SecureX platform! SOC 2 is a compliance framework developed by the American Institute of Certified Public Accountants (AICPA) that helps ensure organizations responsibly handle customer data. This is done via strong information security practices that adhere to trust service criteria for security, availability, and confidentiality.
Achieving SOC 2 compliance means that we have adhered to these trust principles and gone through a rigorous audit by an independent, third-party firm to validate our information security practices. This shows that we are committed to safeguarding your sensitive data with robust controls in place and gives you the peace of mind that your data is in good hands. We have achieved SOC 2 Type 2 compliance for the following Cisco Secure products:
To learn more about SOC 2 compliance for these solutions, please speak to your Cisco representative, or visit the Cisco Trust Portal, where you can access the SOC 2 reports.
Security tools are only as good as the intelligence and expertise that feeds them. We’re very fortunate to have our security technologies powered by Cisco Talos, one of the largest and most trusted threat intelligence groups in the world. Talos is comprised of highly skilled researchers, analysts, and engineers who provide industry-leading visibility, actionable intelligence, and vulnerability research to protect both our customers and the internet at large.
The Talos team serves as a crucial pillar of our innovation — alerting customers and the public to new threats and mitigation tactics, enabling us to quickly incorporate protection into our products, and stepping in to help organizations with incident response, threat hunting, compromise assessments and more. Talos can also be found securing large-scale events such as the Super Bowl, and working with government and law enforcement organizations across the globe to share intelligence.
With Cisco’s vast customer base and broad portfolio — from routers and switches to email and endpoints — Talos has visibility into worldwide telemetry. Once a threat is seen, whether it’s a phishing URL or an IP address hosting malware, detections are created and indicators of compromise are categorized and blocked across our Cisco Secure portfolio.
Talos also leverages its unique insights to help society as a whole better understand and combat the cyberattacks facing us daily. During the war in Ukraine, the group has taken on the additional task of defending over 30 critical infrastructure providers in the country by directly managing and monitoring their endpoint security.
The reality of security today is that organizations must be constantly ready to detect and contain both known and unknown threats, minimize impact, and keep business going no matter what happens in the cyber realm. In light of hybrid work, evolving network architectures, and increasingly insidious attacks, all organizations must also be prepared to rapidly recover if disaster strikes, and then emerge stronger. We refer to this as security resilience, and Talos plays a critical role in helping our customers achieve it.
For several years, our integrated, cloud-native Cisco SecureX platform has been delivering extended detection and response (XDR) capabilities and more. SecureX allows customers to aggregate, analyze, and act on intelligence from disparate sources for a coordinated response to cyber threats.
Through the SecureX platform, intelligence from Talos is combined with telemetry from our customers’ environments — including many third-party tools — to provide a more complete picture of what’s going on in the network. Additionally, built-in, automated response functionality helps to speed up and streamline mitigation. This way, potential attacks can be identified, prioritized, and remediated before they lead to major impact.
For XDR to be successful, it must not only aggregate data, but also make sense of it. Through combined insights from various resources, SecureX customers obtain the unified visibility and context needed to rapidly prioritize the right threats at the right time. With SecureX, security analysts spend up to 90 percent less time per incident.
One of Australia’s largest universities, Deakin University, needed to improve its outdated security posture and transition from ad hoc processes to a mature program. Its small security team sought an integrated solution to simplify and strengthen threat defense.
With a suite of Cisco security products integrated through SecureX, Deakin University was able to reduce the typical investigation and response time for a major threat down from over a week to just an hour. The university was also able to decrease its response time for malicious emails from an hour to as little as five minutes.
“The most important outcome that we have achieved so far is that security is now a trusted function.”
– Fadi Aljafari, Information Security and Risk Manager, Deakin University
Also in the education space, AzEduNet provides connectivity and online services to 1.5 million students and 150,000 teachers at 4,300 educational institutions in Azerbaijan. “We don’t have enough staff to monitor every entry point into our network and correlate all the information from our security solutions,” says Bahruz Ibrahimov, senior information security engineer at AzEduNet.
The organization therefore implemented Cisco SecureX to accelerate investigations and incident management, maximize operational efficiency with automated workflows, and decrease threat response time. With SecureX, AzEduNet has reduced its security incidents by 80 percent.
“The integration with all our Cisco Secure solutions and with other vendors saves us response and investigation time, as well as saving time for our engineers.”
– Bahruz Ibrahimov, Senior Information Security Engineer, AzEduNet
The sophistication of attackers and sheer number of threats out there today make it extremely challenging for most cybersecurity teams to effectively stay on top of alerts and recognize when something requires their immediate attention. According to a survey by ESG, 81 percent of organizations say their security operations have been affected by the cybersecurity skills shortage.
That’s why Talos employs hundreds of researchers around the globe — and around the clock — to collect and analyze massive amounts of threat data. The group uses the latest in machine learning logic and custom algorithms to distill the data into manageable, actionable intelligence.
“Make no mistake, this is a battle,” said Nick Biasini, head of outreach for Cisco Talos, who oversees a team of global threat hunters. “In order to keep up with the adversaries, you really need a deep technical understanding of how these threats are constructed and how the malware operates to quickly identify how it’s changing and evolving. Offense is easy, defense is hard.”
Earlier this year, we unveiled our strategic vision for the Cisco Security Cloud to deliver end-to-end security across hybrid, multicloud environments. Talos will continue to play a pivotal role in our technology as we execute on this vision. In addition to driving protection in our products, Talos also offers more customized and hands-on expertise to customers when needed.
Cisco Talos Incident Response provides a full suite of proactive and emergency services to help organizations prepare for, respond to, and recover from a breach — 24 hours a day. Additionally, the recently released Talos Intel on Demand service delivers custom research unique to your organization, as well as direct access to Talos security analysts for increased awareness and confidence.
Visit our dedicated Cisco Talos web page to learn more about the group and the resources it offers to help keep global organizations cyber resilient. Then, discover how XDR helps Security Operations Center (SOC) teams hunt for, investigate, and remediate threats.
Watch video: What it means to be a threat hunter
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Just like the myriad expanding galaxies seen in the latest images from the James Webb space telescope, the cybersecurity landscape consists of a growing number of security technology vendors, each with the goal of addressing the continually evolving threats faced by customers today. In order to be effective, cybersecurity tools have to be collaborative—be it sharing relevant threat intelligence, device & user insights, acting on detection and remediation workflows, and more.
We at Cisco Secure have embraced this concept for a while now with our continually growing ecosystem of multi-vendor technology integrations. At the RSA Conference 2022 earlier this year, Jeetu Patel, Cisco’s Executive Vice President and General Manager of Security and Collaboration, spoke of how the ‘cybersecurity poverty line’ is widening and how malicious actors are taking advantage of this gaping hole to unleash persistent attacks. It is imperative that cybersecurity vendors interact with and collaborate with each other to lower this gap. To do this, security vendors must adopt open ecosystems of APIs to easily integrate with each other to provide effective ways for mutual customers to defend and react to cybersecurity attacks.
Like in prior years, this fiscal year 2022 saw us growing to include new ecosystem partners and integrations. With 22 new partners and 51 new integrations in our ecosystem, Cisco Secure Technical Alliance (CSTA) now boasts over 450 integrations, including technical integrations with Cisco Duo and Cisco Kenna. This allows our mutual customers the freedom to implement the cybersecurity tools of their choice with the knowledge that these tools can integrate with each other if they need to, thus realizing a better return on investment in their cybersecurity spending and improving cybersecurity posture.
In this annual round-up of our ecosystem, we congratulate our new partners in CSTA and existing partners as well, who have either created new integrations across our portfolio or augmented existing ones. For more details on each partner integration in this announcement, please read through the individual partner highlights below.
Happy integrating!
The AlienApp for Cisco Secure Endpoint enables you to automate threat detection and response activities between USM Anywhere and Cisco Secure Endpoint. It also enhances the threat response capabilities of USM Anywhere by providing orchestration and response actions to isolate or un-isolate hosts based on risks identified in USM Anywhere. In addition, it allows you to collect hourly events from Cisco Secure Endpoint through the USM Anywhere Job Scheduler. Read more here.
AttackIQ automates the evaluation of Cisco Secure Endpoint against the tactic categories as outlined by MITRE ATT&CK. The AttackIQ and Cisco partnership and technical integration enables organizations to validate that the Cisco Secure Endpoint is deployed correctly and configured optimally, ensuring protection for your endpoints against the latest threats. Read more here.
With Certego Tactical Response for Cisco Secure Endpoint, monitored endpoints are monitored by the Certego PanOptikon SOAR platform. When Certego IRT detects malicious activities on a specific host in the customer’s network, it can isolate compromised hosts to block the attack, even without requiring the user to access the Cisco Secure Endpoint Console. Read more about the Certego here.
Cisco Secure Endpoint is now certified for the ServiceNow ITSM San Diego release. The Cisco Secure Endpoint App on ServiceNow provides users with the ability to integrate event data from the Cisco Secure Endpoint into ServiceNow by creating ITSM incidents. The app automates the collection of events from Cisco Secure Endpoint and groups them into single incidents. Read more here.
FAMOC manage from Techstep, a Gartner-recognized MMS provider, is an MDM designed to give IT a complete view and absolute control over mobile devices used by the workforce, so that people can work more effectively and securely. With the Cisco Security Connector for iOS integration, FAMOC MDM extends its enterprise mobility management with an extra layer of network security and traffic analysis tool, giving IT admins tools to make actionable decisions and design access control policies. Read more here.
Elastic Security now supports event ingestion from Cisco Umbrella, providing visibility into user activity and attempts to access potentially malicious domains. This new integration supports Umbrella proxy, cloud firewall, IP, and DNS logs. This integration enables security analysts to detect threats and visualize Cisco Umbrella data, and also correlate Umbrella events with other data sources including endpoint, cloud, and network. This integration expands on Elastic’s on-going expansion of Cisco integrations including ASA, Nexus, Meraki, Duo and Secure Firewall Threat Defense. Read more here.
FortiSIEM brings together visibility, correlation, automated response, and remediation in a single, scalable solution. It reduces the complexity of managing network and security operations to effectively free resources, improve breach detection, and even prevent breaches. Read more here.
Hunters ingests Cisco Umbrella log and alert information into our SOC Platform; the Platform then correlates that information with all of the other (vendor agnostic) customer security telemetry, including EDR, Identity and Cloud/Network log data, in the customer’s infrastructure to synthesize and detect incidents with a higher fidelity than any single tool alone can produce. Read more here.
LearnSafe equips school leaders (K-12) with evidence-based information to better understand which students are exhibiting behavioral issues and in need of help based on what they are using, saying, and doing on the school-owned computer. With Cisco Umbrella, LearnSafe administrators are able to block access to domains their students should not be accessing. Read more here.
The Cisco Umbrella solution for Microsoft Azure Sentinel is now live! This integration enables your customers to ingest Cisco Umbrella events stored in Amazon S3 into Microsoft Sentinel using the Amazon S3 REST API. Read more here.
Sumo Logic’s cloud-native collector supports automatic ingestion of logs from Cisco Umbrella’s hosted AWS S3 buckets. Data collected from Umbrella can then be routed to Sumo’s Cloud SIEM, where it is then automatically normalized and applied to our rule’s engine. Several built-in rules for Umbrella have been created that, when triggered, will generate security signals in the platform. These and other security signals are then clustered together based on related entities (IP, email, domain name, URL, etc.) to create insights for review by the SOC. Read more here.
The Secure Firewall team and Alkira have validated Secure Firewall (Virtual) Version 7.1 to run on Alkira’s cloud network as-a-service (CNaaS) platform. The solution offers on-demand hybrid and multi-cloud connectivity, integrated network and security services, end-to-end visibility, controls and governance. Read more here.
The Secure Firewall team has validated Cyware’s STIX 1.2 threat intelligence feed for interoperability with Secure Firewall’s Threat Intelligence Director. Customers can quickly operationalize the inbound data to protect the network from the latest threats. Read more here.
Dragos protects critical infrastructure and has joined the CSTA program. Dragos inventories assets, determines risk and vulnerabilities and generates firewall policy objects that administrators can apply to their Cisco Secure Firewall deployment through its REST API. Read more here.
The Secure Firewall team and Equinix have validated Secure Firewall (Virtual) to run on Equinix’s Network Edge as a Service platform. Equinix Fabric allows you to connect digital infrastructure and services on demand via secure, software-defined interconnection (Ecosystem). Read more here.
Fastvue has joined the CSTA program. The Fastvue Site Clean engine intelligently interprets Cisco Secure Firewall log data so that non-technical employees can easily see what people are actually doing online. The data use to keep companies compliant with workplace and school policies. Read more here.
Alef Nula has developed a new integration with ISE. The Alef Nula Identity Bridge consumes identity updates published by pxGrid and serves them to ASA firewalls using the CDA/Radius protocol. Using pxGrid v2.0, it replaces unsupported Cisco CDA and allows ASA firewalls to become an identity consumer of ISE context. It can read the full identity database and can update registered ASA firewalls in Full Download mode. Read more here.
Forescout’s pxGrid Plugin integrates with existing Cisco ISE deployments so that you can benefit from Forescout visibility and assessment for policy decisions, while continuing to use ISE as an enforcement point. The pxGrid Plugin enables Forescout platform policies to detect ISE-related properties on endpoints, and to apply Cisco ISE ANC policies, including policies that assign Security Groups to devices. Read more here.
FortiManager provides automation-driven centralized management of Fortinet devices from a single console, enabling full administration and visibility of your network devices through streamlined provisioning and innovative automation tools. FortiManager dynamically collects updates from Cisco ISE with pxGrid and forwards them to FortiGate using the Fortinet Single Sign On (FSSO) protocol. This enables the use of session information collected by Cisco ISE to be leveraged in FortiOS security policies. Read more here.
Radiflow provides OT ICS policy creation and enforcement with the Radiflow iSID IDS. They recently completed a new integration with ISE leveraging pxGrid. With this integration Cisco ISE receives enriched data of OT devices from Radiflow iSID and will process it according to the profiles and policies which have been configured. Enriching ISE with OT specific insights available with iSID’s DPI engine enables better decision making within ISE by providing additional context to categorize devices by their type/function within the OT environment. Read more here.
XTENDISE is a simple web application connected to Cisco ISE. It is designed for administrators, helpdesk, operators or anyone who needs to work with ISE and helps them with everyday routine tasks related to 802.1X without the need to train them in Cisco ISE. XTENDISE saves administrators’ time, prevents errors and increases network security. Read more here.
The Cisco Secure Malware Analytics Add-On for Splunk leverages the Threat Grid API to enrich events within Splunk. The add-on is now updated for Splunk 8 and is available on Splunkbase. Read more here.
Censys now has an integration with SecureX threat response, which returns Sightings of IP and IPv6 Observables (IOCs) in an investigation. Read more about the Censys relay module here.
The new Exabeam integration empowers users to investigate an observable and determine if it is contained in a log message stored in Exabeam Fusion SIEM Data Lake. It provides users with the date and time the observable was seen in the log, the forwarder that sent the log, and the raw log messages. When you pivot into Exabeam and search for an observable in all the log messages, the results of the search are displayed in the Exabeam UI. This integration allows you to query IPv4, IPv6, SHA-1, SHA-256, MD5, domain, URL, file path, user and email data types and it returns sightings of an observable from each log message. Read more here.
The LogRhythm integration empowers users to investigate an observable and determine if it is contained in an event stored in LogRhythm. It provides users with the date and time the observable was seen in the event and the raw event data. This integration allows you to query IPv4 and IPv6 data types and it returns sightings of an observable from each event. Read more here.
A proof-of-concept integration with RSA NetWitness SIEM was built for the RSAC SOC and Black Hat NOCs. The SecureX Concrete Relay implementation using NetWitness as a third-party Cyber Threat Intelligence service provider. The Relay itself is just a simple application written in Python that can be easily packaged and deployed. Read more here.
Cisco SecureX threat response integration with SecOps is now certified for the ServiceNow San Diego release. The module allows ServiceNow SecOps to leverage the Verdicts, Refer and Response capabilities provided by SecureX threat response to assist the security analyst in their investigation workflow. Read more here.
The Sumo Logic Cloud SIEM integration provides security analysts with enhanced visibility across the enterprise to thoroughly understand the impact and context of an attack. Streamlined workflows automatically triage alerts to maximize security analyst efficiency and focus. This integration indicates to users that the observable in an investigation is contained in an insight and/or signal within Sumo Logic Cloud SIEM. It allows you to query IPv4, IPv6, SHA-1, SHA-256, MD5, domain, and URL data types. It also returns sightings and indicators of an observable from each insight and signal retrieved from Sumo Logic Cloud SIEM. Read more here.
APIVoid provides JSON APIs useful for cyber threat analysis, threat detection and threat prevention. The following APIVoid atomic actions for SecureX Orchestration Workflows are now available: Get Domain Reputation, Get IP Reputation, Get URL Reputation, Get URL Status. Access the workflows here.
Censys is a company that allows users to discover the devices, networks, and infrastructure on the Internet and monitor how it changes over time. SecureX orchestration atomic actions for Censys is now available and includes: Basic Search. Access the workflows here.
This integration radically reduces the time and resources enterprises spend to detect, investigate, and remediate ransomware threats to data. It empowers SecOps, ITOps and NetOps with visibility and automation to collaborate in countering ransomware — regardless of whether data resides on-premises or in the cloud — delivering enterprise-wide confidence in deterring, detecting, and recovering fast from cyberattacks. Cohesity’s next-gen data management enhances Cisco SecureX by adding visibility and context to data, complementing Cisco’s existing capabilities for networks, endpoints, clouds, and apps. Read more here.
SecureX orchestration atomic actions for workflows are now available for Farsight Security DNSDB. They include various items like DKIM key inspections, DNS Resource Records and more. Access the workflows here.
SecureX orchestration workflows for Fortinet FortiGate are now available: Block URL, IP and Domain Threat Containment. Access the workflows here.
SecureX orchestration workflows for Jamf Pro include: Lock Computer, Lock Mobile Device. Access the workflows here.
SecureX orchestration workflows for Palo Alto Networks Panorama are now available: Block URL, IP, Domain Threat Containment. Access the workflows here.
A new Orchestration action provides top MacOS IR Indicators to ServiceNow This workflow runs multiple Orbital queries on the endpoint provided to look for top incident response indicators of compromise. The results are then posted to a ServiceNow incident. Supported observables: ip, mac_address, amp_computer_guid, hostname. Access the workflow here.
Shodan is a database of billions of publicly available IP addresses, and it’s used by security experts to analyze network security. SecureX orchestration atomic actions for Shodan include: Basic Search. Access the workflows here.
Earlier this year we announced SecureX Device Insights which provides comprehensive endpoint inventory in a single unified view. Endpoint searching and reporting allows you to assess device security configuration on employee-owned, contractor-owned, company owned, and IoT/OT devices—without risking business disruption. With Device Insights you can
Device insights supports the following third-party sources in its initial release: Jamf Pro, Microsoft Intune, Ivanti MobileIron and VMware Workspace ONE (formerly AirWatch).
Bitglass’ Next-Gen CASB provides data protection, threat protection, access management, and visibility, while Duo offers identity verification options like SSO and MFA. The Duo and Bitglass integration provide a synergistic solution that funnels traffic through Duo’s SSO and verifies users via its MFA so Bitglass can deliver real-time data loss prevention and granular adaptive access control. Because of Bitglass’ agentless architecture, the joint solution can secure any app, any device, anywhere. Read more about the integration here. A joint solution brief is also available here.
Cmd helps companies authenticate and manage user security in Linux production environments without slowing down teams — you don’t need to individually configure identities and devices. Cmd integrates with Duo to put 2FA checkpoints into Linux-based data centers and cloud infrastructure. The combination of Cmd and Duo enables development teams to run at the modern, agile pace they are accustomed to without any security-induced slowdowns. Read more here.
Darktrace is an AI-native platform that delivers self-learning cyber defense and AI investigations and seamlessly integrates with other tools via an open and extensible architecture. Darktrace’s Security Module for Duo provides coverage over access, user sessions and platform administration within the Duo platform. Read more here.
Dashlane is a password manager that now supports Duo using Duo SSO. The integration lets IT Administrators easily deploy Duo + Dashlane and set up access policies. End users can easily access Dashlane and their passwords with SSO from Duo. Read more here.
HashiCorp Vault is an identity-based secrets and encryption management system. A secret is anything that you want to tightly control access to, such as API encryption keys, passwords, and certificates. Add another layer of protection and protect access to secrets within HashiCorp Vault with Duo Security MFA. Read more here. A recording of the Cisco Duo + HashiCorp webinar is available to view here.
Oort discovers vulnerabilities across an entire user population (or a segment of it). Trigger notifications related to behavioral anomalies or best practices, or policies not being followed. Oort integrates with Duo for identity analytics and threat detection to provide a complete picture of the user behavior and highlight any anomalous activity or identify risks. Read more here.
Perimeter 81 simplifies cyber and network security for the hybrid workforce, ensuring secure access to local networks, applications, and cloud infrastructure. Their integration with Duo provides protection for administrators and end-users who need to log in to Perimeter 81. Read more here.
Specops Software, a leading provider of password management and authentication solutions, protects businesses by securing user authentication across high-risk tasks including account unlocks and password recovery via self-service or the IT service desk. Organizations can extend Duo authentication to secure user verification across these use cases. Read about the integration here. A blog on the integration is also available here.
Sectona is a Privileged Access Management company that delivers integrated privilege management components for securing dynamic remote workforce access across on-premises or cloud workloads, endpoints, and machine-to-machine communication. Duo’s secure access multi-factor authentication can be used to ensure that each user authenticates using multiple methods (factors) while accessing Sectona Privileged Access Management. Read more here.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Self-awareness goes a long way in determining your next professional steps. While job searching, it’s critical to identify how to leverage your transferable skills and network, while also evaluating what environmental factors of work and work culture matter to you most. Learn what it’s like to work at Cisco and the top 10 ways to suss out a workplace that suits your needs from leaders at Cisco Secure, Cisco Talos and Duo Security.
First things first. Emily Reid, the newly appointed director of employee experience at Cisco Secure who came from Duo Security, advises, “Do your own research to see how the company and their employees describe the culture publicly — on the company’s website and through other sites, articles and resources. For tech companies specifically I always think, “What else do you have beyond the ping-pong table?”’
The interview process is the next key opportunity to find out what culture is like beyond amenities. To gain multiple perspectives, Reid recommends asking about company culture in every interview you have.
The question at the top of Reid’s list: Do you have programs and resources to support the development and success of your employees? “I want to know how a company will be investing in my career growth and if I will feel welcome and included as part of the team. Seeing what a company chooses to center and highlight when describing their culture is usually very telling,” she said.
Interning at a company is another way to get firsthand knowledge and can lead to full-time employment. “several former interns are now people leaders managing their own teams — and their own interns — coming full circle,” Reid said.
Knowing that there is safety and support in bringing your whole self to work is vital. What policies, programs and initiatives are in place that demonstrate an organization’s commitment to diversity, equity, inclusion and belonging?
Cisco’s ongoing commitments to social justice and pay parity include twelve action steps as part of Cisco’s Social Justice Blueprint. Cultivating a conscious culture includes on-going dialogue, programs and events meant to increase equality. Employee Resource Organizations and mentorship programs provide more opportunities to build community and share knowledge, resources and advocacy.
What environment allows you to do your best work? Also consider what perks and processes an employer offers to enhance flexibility and adaptability. During the pandemic, Duo and Cisco transitioned all global events, training and professional development workshops to fully virtual. As in person options resumed following the pandemic, all events are designed to ensure an inclusive experience no matter where you’re joining from.
“We don’t want to go back to a world where people not based in an office feel like they are getting a lesser experience,” Reid said.
Considering how to make programs and information accessible to employees regardless of where they work is also important to Sammi Seaman, team lead of employee experience at Cisco Talos. She’s currently spearheading a new hire program that is “more inclusive of folks whether they’re office based, remote or somewhere across the world.”
It’s essential to consider how you want your life and work to intersect, particularly as hybrid work becomes more popular. How important is paid time off, flexible work options or a consistent structure?
Cisco Secure offers “Days for Me,” days off for employees to decompress and do something to fill their cups. Monthly “Focus Days” are days without meetings, so employees can prioritize the projects that need attention.
Curran recalls one candidate who, despite multiple offers from competitors, chose Cisco Secure because of the flexible work environment: “This person has a young child and felt that the “Days for Me” and flexibility to work from home in a hybrid situation would work best for his career long-term.”
As Reid’s team helps lead the transition to hybrid work, the book Out of Office: The Big Problem and Bigger Promise of Working From Home by Charlie Warzel and Anne Helen Petersen has been inspiring. The book “does an amazing job of sharing a vision for an inclusive future that empowers employees to be successful and have a ‘work/life balance’ that truly works,” Reid said.
Currently Cisco Secure offers a hybrid model while many employees still work remotely. In terms of maintaining accessibility through this transition, Marketing Specialist Julie Kramer advocated for more accessibility and saw changes at Cisco as a result.
“Webex pre-COVID didn’t have any closed captioning. So, another deaf person and I reached out and closed captioning and the transcript option got added,” Kramer shared.
Kramer prefers to have high-quality and frequently the same interpreters who “know the terminology for my job, marketing and technology. In business, the security and marketing industry can really talk fast, so you need a high-quality interpreter that can keep up and one that is qualified and certified,” she said.
Consider what pace of your specific role and within an industry is needed for you to feel engaged without overwhelmed. While different roles within the same organization and industry may run at different paces, it’s important to tune into what might be expected on your potential new team.
Seaman finds that the fast pace of cybersecurity can be “delightful and challenging. There’s a lot of fast-paced pivoting that happens, which makes for an interesting workplace because two days are never the same,” she said.
Do you prefer a hierarchical structure, or one that is more flat? Are you most effective and fulfilled riding solo, or while consistently connecting with coworkers? Does contributing your ideas make you feel empowered?
At Cisco Secure, there is space to join conversations. “No matter where you sit in the company, you have a voice and can speak up and collaborate and self-organize on a project. It feels like a bunch of really hard working, humble, smart people who are trying to solve problems together,” said Manager of Duo’s Global Knowledge and Communities Team Kelly Davenport.
To enhance communication and knowledge among distributed teams, Seaman started a dialogue series called “The More You Know.” Questions include: What do you do? How do you do it? How can that help other parts of Cisco Talos? The conversations lead to future collaboration and resource sharing.
Do you want to grow professionally and increase your skills and knowledge? A culture of teaching and learning within an organization can help hone and expand your skills and connections.
Lead of Strategic Business Intelligence Ashlee Benge finds the security world “very dynamic. You really can never stop learning. Within Cisco Talos, the people around me are such smart, dedicated people that there’s really a lot that you can gain from just being involved in the group as a whole.”
For Seaman, who didn’t come from a technical background, Cisco Talos offered opportunities to expand her technical knowledge, including from colleagues. “Coming into Cisco Talos, people are like, “Here, let me teach you. You can totally do this. Just because you didn’t know how to do it doesn’t mean you can’t learn. Let’s go,” Seaman shared. Seaman’s colleagues have also learned from her expertise in information and knowledge management given her background as a librarian.
More formally, the Learning and Development team recently launched a comprehensive talent development program with enablement resources and support for people leaders. Aspects include: “really thoughtful templates for employees to use with their manager to talk through career goals, development areas, and to define an actionable investment plan. These resources are fueling great career conversations, strong alignment, and thoughtful development plans,” Reid said.
Do you want to refine your skills within your wheelhouse? Or are you driven to try new tasks and potentially change roles within your next organization?
Benge, whose background is in computational astrophysics, has found her interests shift from technical security research to business strategy and data science. At Cisco Talos, she’s been involved in everything from detection research and threat hunting, to community outreach, conference talks and traveling to support sales engagements. Currently, she’s helping to lead threat hunting in Ukraine.
“My leaders have always made it very clear that if there’s an interest, it’s okay to pursue it and it doesn’t have to necessarily be within the scope of my role. Having that freedom to pursue interests within the industry has been really engaging,” Benge said.
In addition to company values and mission statements, leaders and employees contribute to an organization’s culture every day. If you want to enhance your company’s culture, participate.
“Feedback on what employees want to see is crucial,” Reid said. “The easiest way to contribute to developing culture and a positive employee experience in your workplace is to add to what’s already happening! Culture takes participation and ownership from all employees.”
Reid shared that in performance reviews at Cisco, “‘Team Impact” is equally as important as “Results.” Contributing positively to company culture should contribute to performance reviews and promotion justification,” she said.
To learn more about Cisco’s company culture and how you can contribute to it, check out our open roles.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
The release of Microsoft Azure Gateway Load Balancer is great news for customers, empowering them to simply and easily add Cisco Secure Firewall capabilities to their Azure cloud infrastructure. By combining Azure Gateway Load Balancer with Cisco Secure Firewall, organizations can quickly scale their firewall presence across their Azure cloud environment, providing protection for infrastructure and applications exactly where and when they need it.
With applications and resources hyper-distributed across hybrid-multicloud environments, organizations require agile security to protect their environment at each control point. This integration empowers organizations to dynamically insert Cisco’s security controls and threat defense capabilities in their Azure environment, removing the clunkiness of provisioning and deploying firewalls, as well as the need to rearchitect the network. Organizations can now enjoy highly available threat defense on the fly, protecting their infrastructure and applications from known and unknown threats.
Combining Secure Firewall with Azure Gateway Load Balancer offers a significant reduction in operational complexity when securing cloud infrastructure. Azure Gateway Load Balancer provides bump-in-the-wire functionality ensuring Internet traffic to and from an Azure VM, such as an application server, is inspected by Secure Firewall without requiring any routing changes. It also offers a single entry and exit point at the firewall and allows organizations to maintain visibility of the source IP address. Complementing these features, organizations can take advantage of our new Cloud-delivered Firewall Management Center. It enables organizations to manage their firewall presence 100% through the cloud with the same look and feel as they’ve grown accustomed to with Firewall Management Center. With Cloud-delivered Firewall Management Center, organizations will achieve faster time-to-value with simplified firewall deployment and management.
Azure Gateway Load Balancer support for Cisco Secure Firewall Threat Defense Virtual is available now. To learn more about how Cisco Secure Firewall drives security resilience across your hybrid-multicloud environment, see the additional resources below and reach out to your Cisco sales representative.
Microsoft Blog: Gateway Load Balancer now generally available in all regions
Azure Marketplace listing: Cisco Secure Firewall Threat Defense Virtual
Cisco Secure Firewall At-a-Glance
Cisco Secure Firewall for Public Cloud
Cloud-delivered Firewall Management Center
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
The hybrid work environment has been around for years, albeit not common but it existed. I can recall my first job where I was able to split my time working in an office and working from my makeshift home office. This was many moons ago as I will call it… pre-COVID-19.
Job seekers are certainly looking to have the flexibility of working from anywhere at any time – preferably in an environment of their choosing. Even though a hybrid workforce will provide people with the option to work from anywhere, those remote locations are sometimes in unsecured locations. Organizations must now reimagine a workforce that will need access to your internal collaboration tools along with access to your network from both on- and off-premises.
Cisco, a leader in equipping organizations with the right products for a hybrid workforce, provides the tools & services to protect your organization from bad threat actors.
With pervasive ransomware attacks, malware attacks, and email attacks, you must be ready and have not only a security solution but also a security analyst team ready to respond when an attack happens.
Securing access to your endpoint must be a top priority and your security analysts must be agile and have the right telemetry to provide around-the-clock monitoring and the ability to quickly respond to threats.
Cisco Secure Endpoint provides you with the visibility and ability to respond to threats by blocking them before they compromise your network. Combined with global, proactive threat hunting, leading-edge forensic/analytic capabilities, and reduced leading Mean Time To Detection (MTTD)/Mean Time To Resolution (MTTR) across the supply chain that no other vendor can parallel; why would you partner with any other company to secure and scale your unique hybrid workforce or workplace clients?
Click here to listen to my fireside chat on how we at Cisco would define 5 Best Practices Security Analysts Can Use to Secure Their Hybrid Workforce:
I am joined by Cisco Talos global Senior Threat Defense and Response Analyst, William (Bill) Largent who has over 20 plus years of infosec experience, specifically in network intrusion detection, traffic analysis, and signature/rule writing.
I will also be speaking with Eric Howard, Cisco Secure Technical Marketing Engineer Leader for the Security Platform and Response Group. Eric is a seasoned team leader in both Information Security Sales, and Product Management. He has built and led teams that apply deep technical understanding to business needs, initiatives, and strategies in both start-ups and established companies.
This is a conversation you do not want to skip! There were a lot of gems shared by these gentlemen that will get you where you need to be as a Security Analyst.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
This month’s Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, Apple has also quashed a pair of zero-day bugs affecting certain macOS and iOS users, and released iOS 16, which offers a new privacy and security feature called “Lockdown Mode.” And Adobe axed 63 vulnerabilities in a range of products.
Microsoft today released software patches to plug at least 64 security holes in Windows and related products. Worst in terms of outright scariness is CVE-2022-37969, which is a “privilege escalation” weakness in the Windows Common Log File System Driver that allows attackers to gain SYSTEM-level privileges on a vulnerable host. Microsoft says this flaw is already being exploited in the wild.
Kevin Breen, director of cyber threat research at Immersive Labs, said any vulnerability that is actively targeted by attackers in the wild must be put to the top of any patching list.
“Not to be fooled by its relatively low CVSS score of 7.8, privilege escalation vulnerabilities are often highly sought after by cyber attackers,” Breen said. “Once an attacker has managed to gain a foothold on a victim’s system, one of their first actions will be to gain a higher level of permissions, allowing the attacker to disable security applications and any device monitoring. There is no known workaround to date, so patching is the only effective mitigation.”
Satnam Narang at Tenable said CVE-2022-24521 — a similar vulnerability in the same Windows log file component — was patched earlier this year as part of Microsoft’s April Patch Tuesday release and was also exploited in the wild.
“CVE-2022-37969 was disclosed by several groups, though it’s unclear if CVE-2022-37969 is a patch-bypass for CVE-2022-24521 at this point,” Narang said.
Another vulnerability Microsoft patched this month — CVE-2022-35803 — also seems to be related to the same Windows log file component. While there are no indications CVE-2022-35803 is being actively exploited, Microsoft suggests that exploitation of this flaw is more likely than not.
Trend Micro’s Dustin Childs called attention to CVE-2022-34718, a remote code execution flaw in the Windows TCP/IP service that could allow an unauthenticated attacker to execute code with elevated privileges on affected systems without user interaction.
“That officially puts it into the ‘wormable’ category and earns it a CVSS rating of 9.8,” Childs said. “However, only systems with IPv6 enabled and IPSec configured are vulnerable. While good news for some, if you’re using IPv6 (as many are), you’re probably running IPSec as well. Definitely test and deploy this update quickly.”
Cisco Talos warns about four critical vulnerabilities fixed this month — CVE-2022-34721 and CVE-2022-34722 — which have severity scores of 9.8, though they are “less likely” to be exploited, according to Microsoft.
“These are remote code execution vulnerabilities in the Windows Internet Key Exchange protocol that could be triggered if an attacker sends a specially crafted IP packet,” wrote Jon Munshaw and Asheer Malhotra. “Two other critical vulnerabilities, CVE-2022-35805 and CVE-2022-34700 exist in on-premises instances of Microsoft Dynamics 365. An authenticated attacker could exploit these vulnerabilities to run a specially crafted trusted solution package and execute arbitrary SQL commands. The attacker could escalate their privileges further and execute commands as the database owner.”
Not to be outdone, Apple fixed at least two zero-day vulnerabilities when it released updates for iOS, iPadOS, macOS and Safari. CVE-2022-32984 is a problem in the deepest recesses of the operating system (the kernel). Apple pushed an emergency update for a related zero-day last month in CVE-2022-32983, which could be used to foist malware on iPhones, iPads and Macs that visited a booby-trapped website.
Also listed under active attack is CVE-2022-32817, which has been fixed on macOS 12.6 (Monterey), macOS 11.7 (Big Sur), iOS 15.7 and iPadOS 15.7, and iOS 16. The same vulnerability was fixed in Apple Watch in July 2022, and credits Xinru Chi of Japanese cybersecurity firm Pangu Lab.
“Interestingly, this CVE is also listed in the advisory for iOS 16, but it is not called out as being under active exploit for that flavor of the OS,” Trend Micro’s Childs noted. “Apple does state in its iOS 16 advisory that ‘Additional CVE entries to be added soon.’ It’s possible other bugs could also impact this version of the OS. Either way, it’s time to update your Apple devices.”
Apple’s iOS 16 includes two new security and privacy features — Lockdown Mode and Safety Check. Wired.com describes Safety Check as a feature for users who are at risk for, or currently experiencing, domestic abuse.
“The tool centralizes a number of controls in one place to make it easier for users to manage and revoke access to their location data and reset privacy-related permissions,” wrote Lily Hay Newman.
“Lockdown Mode, on the other hand, is meant for users who potentially face targeted spyware attacks and aggressive state-backed hacking. The feature comprehensively restricts any nonessential iOS features so there are as few potential points of entry to a device as possible. As more governments and repressive entities around the world have begun purchasing powerful commodity spyware to target individuals of particular importance or interest, iOS’s general security defenses haven’t been able to keep pace with these specialized threats.”
To turn on Lockdown Mode in iOS 16, go to Settings, then Privacy and Security, then Lockdown Mode. Safety Check is located in the same area.
Finally, Adobe released seven patches addressing 63 security holes in Adobe Experience Manager, Bridge, InDesign, Photoshop, InCopy, Animate, and Illustrator. More on those updates is here.
Don’t forget to back up your data and/or system before applying any security updates. If you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a decent chance other readers have experienced the same and may chime in here with useful tips.
In the first part of this blog series on Unscrambling Cybersecurity Acronyms, we provided a high-level overview of the different threat detection and response solutions and went over how to find the right solution for your organization. In this blog, we’ll do a deeper dive on two of these solutions – Endpoint Detection and Response (EDR) and Managed Endpoint Detection and Response (MEDR). However, first let’s take a look back at the history of endpoint security solutions and understand how we got EDR and MEDR security solutions.
The very first endpoint security solutions started out as anti-virus solutions (AV) with basic security functionality that relied heavily on signature-based detection. These solutions were effective against known threats where a signature was created, but ineffective against unknown threats such as new and emerging attacks. That meant that organizations struggled to stay ahead of attackers, who were continuously evolving their techniques to evade detection with new types of malware.
To address this problem, AV vendors added detection technologies such as heuristics, reputational analysis, behavioral protection, and even machine learning to their solutions, which became known as Endpoint Protection Platforms (EPP). These unified solutions were effective against both known and unknown threats and frequently used multiple approaches to prevent malware and other attacks from infecting endpoints.
As cyberattacks grew increasingly sophisticated though, many in the cybersecurity industry recognized that protection against threats wasn’t enough. Effective endpoint security had to include detection and response capabilities to quickly investigate and remediate the inevitable security breach. This led to the creation of EDR security solutions, which focused on post-breach efforts to contain and clean up attacks on compromised endpoints.
Today, most endpoint security vendors combine EPP and EDR solutions into a single, converged solution that provides holistic defense to customers with protection, detection, and response capabilities. Many vendors are also offering EDR as a managed service (also known as MEDR) to customers who need help in securing their endpoints or who don’t have the resources to configure and manage their own EDR solution. Now that we’ve gone over how endpoint security evolved into EDR and MEDR security solutions, let’s cover EDR and MEDR in more depth.
EDR solutions continuously monitor your endpoints for threats, alert you in case suspicious activity is detected, and allow you to investigate, respond to and contain potential attacks. Moreover, many EDR security solutions provide threat hunting functionality to help you proactively spot threats in your environment. They’re often coupled with or part of a broader endpoint security solution that also includes prevention capabilities via an EPP solution to protect against the initial incursion.
As a result, EDR security solutions enable you to protect your organization from sophisticated attacks by rapidly detecting, containing, and remediating threats on your endpoints before they gain a foothold in your environment. They give you deep visibility into your endpoints while effectively identifying both known and unknown threats. Furthermore, you can quickly contain attacks that get through your defenses with automated response capabilities and hunt for hidden threats that are difficult to detect.
While EDR provides several benefits to customers, it has some drawbacks. Chief among them is that EDR security solutions are focused on monitoring endpoints only versus monitoring a broader environment. This means that EDR solutions don’t detect threats targeting other parts of your environment such as your network, email, or cloud infrastructure. In addition, not every organization has the security staff, budget, and/or skills to deploy and run an EDR solution. This is where MEDR solutions come into play.
Managed EDR or MEDR solutions are EDR capabilities delivered as a managed service to customers by third-parties such as cybersecurity vendors or Managed Service Providers (MSPs). This includes key EDR functionality such as monitoring endpoints, detecting advanced threats, rapidly containing threats, and responding to attacks. These third-parties usually have a team of Security Operations Center (SOC) specialists who monitor, detect, and respond to threats across your endpoints around the clock via a ‘follow the sun’ approach to monitoring.
MEDR security solutions allow you to offload the work of securing your endpoints to a team of security professionals. Many organizations need to defend their endpoints from advanced threats but don’t necessarily have the desire, resources, or expertise to manage an EDR solution. In addition, a team of dedicated SOC experts with advanced security tools can typically detect and respond to threats faster than in-house security teams, all while investigating every incident and prioritizing the most critical threats. This enables you to focus on your core business while getting always-on security operations.
Similar to EDR though, one downside to MEDR security solutions is that they defend only your endpoints from advanced threats and don’t monitor other parts of your infrastructure. Moreover, while many organizations want to deploy EDR as a managed service, not everyone desires this. For example, larger and/or more risk-averse organizations who are looking to invest heavily in cybersecurity are typically satisfied with running their own EDR solution. Now, let’s discuss how to choose the right endpoint security solution when trying to defend your endpoints from threats.
As I mentioned in my previous blog, there isn’t a single correct solution for every organization. This logic applies to EDR and MEDR security solutions as well since each solution works well for different types of organizations, depending on their needs, resources, motivations, and more. Nevertheless, one major factor to consider is if you have or are willing to build out a SOC for your organization. This is important because organizations that don’t have or aren’t willing to develop a SOC usually gravitate towards MEDR solutions, which don’t require significant investments in cybersecurity.
Another factor to keep in mind is your security expertise. Even if you’re have or are willing to build a SOC, you may not have the right cybersecurity talent and skills within your organization. While you can always build out your security team, you may want to evaluate an MEDR solution because a lack of expertise makes it difficult to effectively manage an EDR solution. Finally, a common misconception is that you must choose between an EDR and a MEDR solution and that you cannot run both solutions. In reality, many organizations end up using both EDR and MEDR since MEDR solutions often complement EDR deployments.
I hope this information and key factors help you better understand EDR and MEDR solutions while acting as a guide to selecting the best endpoint security solution for your organization. For more details on the different cybersecurity acronyms and how to identify the right solution for your needs, stay tuned for the next blog in this series – Unscrambling Cybersecurity Acronyms: The ABCs of MDR and XDR Security. In the meantime, learn how Cisco Secure Endpoint stops threats with a comprehensive endpoint security solution that includes both advanced EDR and MEDR capabilities powered by an integrated security platform!
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Giving back is part of the ethos at Cisco. Part of how that happens is through employees volunteering as part of Cisco’s Time2Give benefit in which employees can use paid time to contribute to their communities and support the causes they’re passionate about. During the pandemic, Cisco increased this benefit from five paid volunteering days to 10 and encourages virtual volunteering, too.
Elizabeth Chang, a software engineer on the Duo Security platform services team, considers Time2Give a great opportunity to “invest in people around you. It is amazing that Cisco supports what we are passionate about and that we can use this time to grow ourselves in other areas of life,” she said.
Cisconians care deeply about many causes, and this post celebrates how teammates spend their time supporting children, youth and teens in and out of school and those preparing for college. Stay tuned for future posts highlighting how other employees give their time. You may even be inspired to find out how you can develop your skills while contributing to organizations that matter to you!
Pierpaolo Panarotto, an account executive on Duo’s EMEAR continental team, volunteers at Sport senza frontiere onlus, a summer sports camp in Italy for refugee children. This summer Panarotto tutored and taught badminton. The program also welcomed children from Ukraine this year.
For Panarotto, the best part, hands down, was seeing the children’s smiles. He advised, “Give back to your community. Sometimes we forget how lucky we are.”
Chang also volunteered at a summer camp, supporting middle and high school students in Boston. The program she supported, Area Youth Ministry Leadership Camp and Summer Boost, fosters leadership skills and college readiness while promoting mentorship.
By helping lead a coding workshop, Chang was able to share what she does professionally. “I was glad that I got to help inspire youth to pursue computer science,” she said. The camp was such a hit that many participants “didn’t want to go home because they had such a fun time,” Chang shared.
“Take the time! You’ll never get the opportunity to go back and take it later. Your community and your heart will thank you!” – Sarah Moon-Musser
Now that school has started, Engineering Program Manager in Platform Engineering Sarah Moon-Musser helps teach the Belleville High School Marching Band’s color guard choreography for their halftime show. She loves spending time with the students. To those considering utilizing Time2Give Moon-Musser says, “Take the time! You’ll never get the opportunity to go back and take it later. Your community and your heart will thank you!”
College readiness is also a passion for Justin Fan and Seema Kathuria who both volunteer with Code2College. They’re able to volunteer virtually by reviewing resumes and college entrance essays and providing constructive feedback through shared documents.
Senior Product Marketing Manager, Kathuria appreciates “learning about the experiences of high school students and how they approach writing about their accomplishments,” she said.
For Fan, a senior customer success manager in security customer success, “the best part is supporting younger generations as they move into college and career. They’re so much more focused and mature than I was at their age,” he said. Fan also participates in virtual career workshops with high school and college students with Students Rising Above.
For others wanting to use Time2Give, Fan suggests finding opportunities you’re passionate about and utilizing light meeting days to volunteer. Kathuria says, “Take advantage of the 10 Time2Give days per year that Cisco gives us. It is very generous, and it feels so good to give back to the community in whatever way makes you happy and fulfilled.”
If you’re looking to feel fulfilled by your work and the impact you can make, please check out our open roles.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Technology has typically had a reputation for being exciting and inventive. Unfortunately, this hasn’t always been the case for security. But times have changed. We are now recognizing the crucial role security plays in any groundbreaking technology. Without strong defenses, even the most visionary app is likely to crash and burn. So it’s imperative that big security players like Cisco stay on top of what’s next.
I am thrilled to announce that in November, we will be launching our new video series, “NEXT” by Cisco Secure. In the series, my esteemed co-host TK Keanini and I will interview some of the brightest new minds in tech to find out more about the future of the industry and how we can best secure it. Watch the series preview below!
As the CTO of Cisco Secure, TK has over 25 years of networking and security expertise, as well as a penchant for driving technical innovation. As for me, I’m a cybersecurity specialist of 10 years with an obsession for communication and empathy. Together, TK and I will bring new cyber pioneers to the forefront and highlight the criticality of digital protection and privacy for everyone.
Whether we’re discussing Web3, the metaverse, or next-generation healthcare, we’ll learn and laugh a lot. Through simple conversations about complex topics, we’re building a bridge between leading-edge tech and how Cisco is helping to safeguard what’s on the horizon.
And what better time to preview this series than during Cybersecurity Awareness Month? A time when we focus on the reality that security belongs to everyone — not just the threat hunter, or the product engineer, or the incident responder — but everyone.
We all have a responsibility to protect the world’s data and infrastructure, and should all have a seat at the table for important security conversations. We hope you’ll join us as we dive into what’s making waves out there, and how we can keep it safe.
Follow our Cisco Secure social channels to catch our first episode in November, when we will speak with Michael Ebel, CEO of Atmosfy. Atmosfy is revolutionizing restaurant reviews by incorporating engaging live video that inspires others and supports local businesses. TK and I will chat with Michael about the origin of Atmosfy, and how the company keeps its content authentic and organization resilient.
In the meantime, explore our other Cybersecurity Awareness Month resources.
Who do you want to hear from next? Tell us your ideas for future guests in the comments.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
The concept of zero trust is not a new one, and some may even argue that the term is overused. In reality, however, its criticality is growing with each passing day. Why? Because many of today’s attacks begin with the user. According to Verizon’s Data Breach Investigations Report, 82% of breaches involve the human element — whether it’s stolen credentials, phishing, misuse or error.
Additionally, today’s businesses are hyper-connected, meaning that — in addition to your employees — customers, partners and suppliers are all part of your ecosystem. Couple that with hybrid work, IoT, the move to the cloud, and more emboldened attackers, and organizational risk increases exponentially.
Adopting a zero trust model can dramatically reduce this risk by eliminating implicit trust. It has become so crucial, in fact, that several governments including the U.S., UK and Australia have released mandates and guidance for how organizations should deploy zero trust to improve national security.
However, because zero trust is more of a concept than a technology, and so many vendors use the term, organizations struggle with the best way to implement it. At Cisco, we believe you should take a holistic approach to zero trust, starting with what you have and adding on as you identify gaps in your defenses. And while layers of protection are necessary for powerful security, so is ease of use.
Zero trust plays a major role in building security resilience, or the ability to withstand unpredictable threats or changes and emerge stronger. Through zero trust, the identity and security posture of users, devices and applications are continuously checked and verified to prevent network intrusions — and to also limit impact if an unauthorized entity does gain access.
Organizations with high zero trust maturity are twice as likely to achieve business resilience.
– Cisco’s Guide to Zero Trust Maturity
Eliminating trust, however, doesn’t really conjure up images of user-friendly technology. No matter how necessary they are for the business, employees are unlikely to embrace security measures that make their jobs more cumbersome and time-consuming. Instead, they want fast, consistent access to any application no matter where they are or which device they are using.
That’s why Cisco is taking a different approach to zero trust — one that removes friction for the user. For example, with Cisco Secure Access by Duo, organizations can provide those connecting to their network with several quick, easy authentication options. This way, they can put in place multi-factor authentication (MFA) that frustrates attackers, not users.
Cisco Secure Access by Duo is a key pillar of zero trust security, providing industry-leading features for secure access, authentication and device monitoring. Duo is customizable, straightforward to use, and simple to set up. It enables the use of modern authentication methods including biometrics, passwordless and single sign-on (SSO) to help organizations advance zero trust without sacrificing user experience. Duo also provides the flexibility organizations need to enable secure remote access with or without a VPN connection.
During Cisco’s own roll-out of Duo to over 100,000 people, less than 1% of users contacted the help desk for assistance. On an annual basis, Duo is saving Cisco $3.4 million in employee productivity and $500,000 in IT help desk support costs. Furthermore, 86,000 potential compromises are averted by Duo each month.
La-Z-Boy, one of the world’s leading residential furniture producers, also wanted to defend its employees against cybersecurity breaches through MFA and zero trust. It needed a data security solution that worked agnostically, could grow with the company, and that was easy to roll out and implement.
“When COVID first hit and people were sent home to work remotely, we started seeing more hacking activity…” said Craig Vincent, director of IT infrastructure and operations at La-Z-Boy. “We were looking for opportunities to secure our environment with a second factor…. We knew that even post-pandemic we would need a hybrid solution.”
“It was very quick and easy to see where Duo fit into our environment quite well, and worked with any application or legacy app, while deploying quickly.” – Craig Vincent, Director of IT Infrastructure and Operations, La-Z-Boy
Today, Duo helps La-Z-Boy maintain a zero trust framework, stay compliant, and get clear visibility into what is connecting to its network and VPN. Zero trust helps La-Z-Boy secure its organization against threats such as phishing, stolen credentials and out-of-date devices that may be vulnerable to known exploits and malware.
As mentioned, zero trust is a framework, not a single product or technology. For zero trust to be truly effective, it must do four things:
Many technology companies may offer a single component of zero trust, or one aspect of protection, but Cisco’s robust networking and security expertise enables us to provide a holistic zero trust solution. Not only can we support all the steps above, but we can do so across your whole IT ecosystem.
Modern organizations are operating multi-environment ecosystems that include a mix of on-premises and cloud technologies from various vendors. Zero trust solutions should be able to protect across all this infrastructure, no matter which providers are in use. Protections should also extend from the network and cloud to users, devices, applications and data. With Cisco’s extensive security portfolio, operating on multiple clouds and platforms, zero trust controls can be embedded at every layer.
Depending on where you are in your security journey, embedding zero trust at every layer of your infrastructure may sound like a lofty endeavor. That’s why we meet customers where they are on their path to zero trust. Whether your first priority is to meet regulatory requirements, secure hybrid work, protect the cloud, or something else, we have the expertise to help you get started. We provide clear guidance and technologies for zero trust security mapped to established frameworks from organizations like CISA and NIST.
Much of our Cisco Secure portfolio can be used to build a successful zero trust framework, but some examples of what we offer include:
All of our technologies and services are backed by the unparalleled intelligence of Cisco Talos — so you always have up-to-date protection as you build your zero trust architecture. Additionally, our open, integrated security platform — Cisco SecureX — makes it simple to expand and scale your security controls, knowing they will work with your other technologies for more unified defenses.
As Italy’s leading insurance company, Sara Assicurazioni requires complete visibility into its extended network, including a multi-cloud architecture and hybrid workforce. The company has adopted a comprehensive zero trust strategy through Cisco Secure.
“Our decentralized users, endpoints, and cloud-based servers and workloads contribute to a large attack surface,” says Paolo Perrucci, director of information and communications technology architectures and operations at Sara Assicurazioni. “With Cisco, we have the right level of visibility on this surface.”
“The main reason we chose Cisco is that only Cisco can offer a global security solution rather than covering one specific point…. Thanks to Cisco Secure, I’m quite confident that our security posture is now many times better because we are leveraging more scalable, state-of-the-art security solutions.” – Luigi Vassallo, COO & CTO, Sara Assicurazioni
To learn more, explore our zero trust page and sign up for one of our free zero trust workshops.
Watch video: How Cisco implemented zero trust in just five months
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
The last few years have proved to be a catalyst for digital transformation for many of our enterprise customers. Application modernization and adopting multicloud are the foundational building blocks for digitizing business. Customers employ CI/CD (continuous integration, continuous delivery) to modernize their applications, building them on a cloud infrastructure. This evolution has given rise to new application security challenges in terms of speed, scale, as well as new and unfamiliar control points – not to mention siloed organizations and tools.
To address these security challenges, Cisco Secure Workload delivers zero trust microsegmentation in an infrastructure, location, and form factor agnostic way. It safeguards application workloads, wherever they live across the hybrid and multicloud environment. The recent release of Secure Workload 3.7 introduces “policy as code” support – delivering security at the speed of DevOps. It enables Secure Workload to be integrated with the customer’s choice of CI/CD toolchains, such as Jenkins or GitLab, and ingest the application security policy during the build phase of the application. Secure Workload then renders the policies onto the relevant workloads when the application goes live.
As the graphic below illustrates, Secure Workload ingests policies using Terraform or Ansible, which are widely adopted tools used by the DevOps team to automate infrastructure related tasks. Secure Workload integrates with the CI/CD toolchains using a YAML (.yml) manifest to ingest the policy. It then programs the same policies to the relevant enforcement point to achieve least privilege access for the newly built or upgraded application.
Policy as code helps customers automate policy deployment at the speed and scale of modern applications. It also simplifies collaboration between DevOps/DevSecOps and NetSec teams. The policies are written in the application language and give appropriate controls to developers to write their requirements into the application while the NetSec team ensures full compliance to the infosec policies dictated by the CISO organization.
In summary, Secure Workload removes the barriers to achieving automated application deployment across highly distributed multicloud environments, without compromising security, compliance, or user experience. The result – stronger security, faster application deployment, and more efficient collaboration.
For more information on policy as code, contact your Cisco Account Team or Partner Account Manager.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
It’s Partner Summit week and, for me, it’s an important reminder that no one company, not even Cisco, can do it alone. Our partners provide diverse perspectives, expertise, and solutions offerings. Each partner plays a key part in delivering the outcomes and experiences our customers need, want, and expect. So, when we say, “Let’s Own It”, it’s a rally cry for Cisco and our partners alike to do our parts to seize the massive opportunity that we have in front of us and turn it into mutual success.
Together, I know we can achieve amazing things. Foremost on my mind right now is both the opportunity and necessity to empower customers with security resilience. Resilience means customers can protect the integrity of every aspect of their business so that they can withstand unpredictable threats or changes and emerge stronger. It’s about providing controlled, trusted access to applications and services, at any time, from any place.
Resilience can also help customers deal with issues the moment they arise. If changes are needed, they will have the visibility to determine priorities, thanks to actionable intelligence and insight in the face of some major security realities that they are dealing with every day.
One, businesses are more interconnected, meaning that a breach on anyone in the value chain has dramatic ripple effects on the others.
Two, security attacks are becoming more personalized. Individuals remain one of the easiest targets for cybercriminals and their attacks are becoming more sophisticated and customized for the individual.
Three, hybrid work is here to stay. People around the world will continue to work from anywhere, on managed and unmanaged devices, over secured and unsecured networks, to applications spread across multiple clouds and data centers.
Our vision for enabling a more resilient organization is the Cisco Security Cloud. It’s an open, integrated security platform that will protect the integrity of entire IT ecosystems by safeguarding users, devices and applications across public clouds and private data centers, without public cloud lock-in. Delivering on the Security Cloud is part of our long-term product strategy; but the innovations we are announcing at Partner Summit this week are foundational elements that execute on this vision.
Specifically, we are announcing new solutions and technologies across our portfolio in Secure Connectivity, Network Security, and Zero Trust. I encourage all partners to drill down on each announcement in the accompanying blogs and news announcements. But here are the highlights of the announcements.
Helping increase resistance to phishing attacks and improve user experience through frictionless access using Duo Passwordless, which is now generally available with support for Duo Mobile as a passwordless authenticator.
Expanding the Cisco Secure Firewall 3100 series, the first firewall purpose-built for hybrid work, with the Secure Firewall 3105, ideal for branch office and similar use cases focused on performance at a competitive price point.
Strengthening Umbrella’s data loss prevention (DLP) capabilities by adding API-based enforcement and unified reporting to protect sensitive data, e.g., intellectual property and financial and healthcare information. This complements Umbrella’s current inline-DLP functionality and collectively forms multi-mode DLP.
New Secure Workload capabilities delivering policy-as-code workload security for cloud-native and public-cloud application development. Common use cases for policy-as-code include access control to infrastructure and simplifying enterprise compliance and controls.
Our strategy and our innovation roadmap are all designed to set you up, our partners, for long-term success. In addition, we are committed to several partner enablement programs to help you deliver more value to customers and to help you become more profitable. Examples include:
Partner Summit is for you. So, my call-to-action is for you to maximize the value you get out of this week by attending as many of the informative, high-impact security sessions many teams worked hard to create. I am really looking forward to meeting as many of you as possible – on the expo floor, at the sessions, or in our 1-on-1 meetings.
Security has never been more critical and the need for resiliency is a requirement for virtually every business. The time for us to own it and innovate to win this future together has never been better.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Cisconians delight in contributing to their communities in a variety of ways including at the local theatre, farm and library. Cisco’s paid Time2Give benefit encourages team members to volunteer at the places where their passions thrive.
How should you decide where to get involved? Customer Success Program Manager Kate Pydyn advises: “Find something that speaks to your passion while giving back. There are so many opportunities that involve being outdoors, crafting, teaching skills you’ve developed, telling stories or providing comfort.”
With ten paid days a year to give, these Cisconians demonstrate that building relationships with people, the arts and the earth can increase fulfillment, connection and community.
Urban farming is an issue very close to the heart of Petra Hammerl, a senior enterprise customer success manager who works on Duo Security. Hammerl frequently volunteers at Farm City Detroit, part of Detroit Blight Busters. Using Time2Give, Hammerl has shared the experience by “bringing a crew of awesome co-workers which has been amazing and a lot of fun,” she said.
“It felt great to take action! There are so many problems in the world, and I often feel powerless to make a difference. What I did was small, but with all of the volunteers together, the work that was done makes a real difference in the lives of my neighbors.” – Kate Pydyn
Pydyn and Emily Gennrich, a manager of operations for security customer success at Cisco Secure, joined in on the fun by contributing to multiple facets of gardening from weeding to harvesting food. “It felt great to take action! There are so many problems in the world, and I often feel powerless to make a difference. What I did was small, but with all of the volunteers together, the work that was done makes a real difference in the lives of my neighbors,” Pydyn said.
Senior Communications Manager, Brand Strategy & Design at Cisco Secure Chrysta Cherrie spent her Time2Give as a sighted assistant at the VISIONS vendor fair, hosted at the Ann Arbor District Library Downtown. “I was really happy to take some time to volunteer at the VISIONS vendor fair for people who are blind, visually impaired or physically disabled,” Cherrie said.
Learning how to be a sighted assistant was “a reminder that we can do more when we can rely on each other. Taking the time to better understand how someone makes their way through life gives you a chance to build empathy,” Cherrie said. She escorted attendees around the event where exhibitors offered products and services like electronic readers, leader dogs and transportation. There were also talks throughout the day and Cherrie helped attendees navigate between the presentation and vendor areas.
Meeting attendees of the VISIONS vendor fair and experiencing how meaningful the event is also moved Cherrie. The fair “brings out folks throughout southeast Michigan, so there’s a good chance that the person you’re assisting will run into some friends, and getting to see people connect like that can’t help but make you feel good,” Cherrie said.
Jenny Callans, a senior design researcher who works on Duo Security, serves as the chair of the Friends of the Detroit Film Theatre’s Auxiliary, a part of the Detroit Institute of Arts. “We support the mission of the Friends of the Detroit Film Theatre to make great niche films accessible to audiences,” she said. To do that, the organization is responsible for building a community of film fans and overseeing how donations are spent.
For Callans, the most meaningful part of using Time2Give to support the FDFT and the DIA is sharing her love of film with others. Time2Give supports her duties as FDFT chair, and gives her a sense of connection when she’s visiting the DFT to take in a movie. “Sitting in a theatre next to my young adult son, but surrounded by strangers watching a film that is unusual or unexpected but which moves me and challenges me to think is the best part hands-down,” Callans said.
From supporting youth to volunteering at community hubs, Time2Give “is a fantastic opportunity to have a long-lasting, meaningful relationship with your community by volunteering as a board or committee member! Having a long-term presence with an org is amazingly impactful, for you and for the organization,” Callans said.
Time2Give is one of Cherrie’s favorite things about working at Cisco. She says, “Take advantage of the opportunity! Time2Give is a great way to give back to your community and the people and causes that you care about.”
Stay tuned for more posts celebrating the community engagement Time2Give fosters and check out our open roles to join in on giving back.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
The word is out! Cisco Secure Endpoint’s effectiveness is off the charts in protecting your enterprise environment.
This is not just a baseless opinion; however, the facts are rooted in actual test results from the annual AV-Comparative EPR Test Report published in October 2022. Not only did Secure Endpoint knock it out of the park in enterprise protection; but Cisco Secure Endpoint obtained the lowest total cost of ownership (TCO) per agent at $587 over 5 years. No one else was remotely close in this area. More to come on that later.
If you are not familiar with the “AV-Comparatives Endpoint Prevention and Response Test is the most comprehensive test of EPR products ever performed. The 10 products in the test were subjected to 50 separate targeted attack scenarios, which used a variety of different techniques.”
These results are from an industry-respected third-party organization that assesses antivirus software and has just confirmed what we know and believe here at Cisco, which is our Secure Endpoint product is the industry’s best of the best.
Look for yourself at where we landed. That’s right, Cisco Secure Endpoint smashed this test, we are almost off the quadrant as one of the “Strategic Leaders”.
We ended up here for a combination of reasons, with the top being our efficacy in protecting our customers’ environments in this real-world test that emulates multi-stage attacks similar to MITRE’s ATT&CK evaluations which are conducted as part of this process (click here for an overview of MITRE ATT&CK techniques). Out of all the 50 scenarios tested, Secure Endpoint was the only product that STOPPED 100% of targeted threats toward enterprise users, which prevented further infiltration into the organization.
In addition, this test not only assesses the efficacy of endpoint security products but also analyzes their cost-effectiveness. Following up on my earlier remarks about achieving the lowest cost of ownership, the graph below displays how we stacked up against other industry players in this space including several well-known vendors that chose not to display their names due to poor results.
These results provide a meaningful proof point that Cisco Secure Endpoint is perfectly positioned to secure the enterprise as well as secure the future of hybrid workers.
Enriched with built-in Extended Detection and Response (XDR) capabilities, Cisco Secure Endpoint has allowed our customers to maintain resiliency when faced with outside threats.
As we embark on securing “what’s next” by staying ahead of unforeseen cyber threats of tomorrow, Cisco Secure Endpoint integration with the complete Cisco Secure Solutions portfolio allows you to move forward with the peace of mind that if it’s connected, we can and will protect it.
Now that you have seen how effective Secure Endpoint is with live real-world testing, try it for yourself with one of our live instant demos. Click here to access instructions on how to download and install your demo account for a test drive.
Click here to see what analysts, customers, and third-party testing organizations have to say about Cisco Secure Endpoint Security efficacy, easy implementation and overall low total cost of ownership for their organization —and stay ahead of threats.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Organizations embrace the public cloud for the agility, scalability, and reliability it offers when running applications. But just as organizations need these capabilities to ensure their applications operate where needed and as needed, they also require their security does the same. Organizations may introduce multiple individual firewalls into their AWS infrastructure to produce this outcome. In theory, this may be a good decision, but in practice—this could lead to asymmetric routing issues. Complex SNAT configuration can mitigate asymmetric routing issues, but this isn’t practical for sustaining public cloud operations. Organizations are looking out for their long-term cloud strategies by ruling out SNAT and are calling for a more reliable and scalable solution for connecting their applications and security for always-on protection.
To solve these challenges, Cisco created stateful firewall clustering with Secure Firewall in AWS.
Firewall clustering for Secure Firewall Threat Defense Virtual provides a highly resilient and reliable architecture for securing your AWS cloud environment. This capability lets you group multiple Secure Firewall Threat Defense Virtual appliances together as a single logical device, known as a “cluster.”
A cluster provides all the conveniences of a single device (management and integration into a network) while taking advantage of the increased throughput and redundancy you would expect from deploying multiple devices individually. Cisco uses Cluster Control Link (CCL) for forwarding asymmetric traffic across devices in the cluster. Clusters can go up to 16 members, and we use VxLAN for CCL.
In this case, clustering has the following roles:
The above diagram explains traffic flow between the client and the server with the insertion of the firewall cluster in the network. Below defines the roles of clustering and how packet flow interacts at each step.
Owner: The Owner is the node in the cluster that initially receives the connection.
Backup Owner: The node that stores TCP/UDP state information received from the Owner so that the connection can be seamlessly transferred to a new owner in case of failure.
Director: The Director is the node in the cluster that handles owner lookup requests from the Forwarder(s).
Forwarder: The Forwarder is a node in the cluster that redirects packets to the Owner.
Fragment Owner: For fragmented packets, cluster nodes that receive a fragment determine a Fragment Owner using a hash of the fragment source IP address, destination IP address, and the packet ID. All fragments are then redirected to the Fragment Owner over Cluster Control Link.
Cisco brought support for AWS Gateway Load Balancer (Figure 2). This feature enables organizations to scale their firewall presence as needed to meet demand (see details here).
Building off the previous figure, organizations can take advantage of the AWS Gateway Load Balancer with Secure Firewall’s clustering capability to evenly distribute traffic at the Secure Firewall cluster. This enables organizations to maximize the benefits of clustering capabilities including increased throughput and redundancy. Figure 3 shows how positioning a Secure Firewall cluster behind the AWS Gateway Load Balancer creates a resilient architecture. Let’s take a closer look at what is going on in the diagram.
Figure 3 shows an Internet user looking to access a workload. Before the user can access the workload, the user’s traffic is routed to Firewall Node 2 for inspection. The traffic flow for this example includes:
User -> IGW -> GWLBe -> GWLB -> Secure Firewall (2) -> GLWB -> GWLBe -> Workload
In the event of failure, the AWS Gateway Load Balancer cuts off existing connections to the failed node, making the above solution non-stateful.
Recently, AWS announced a new feature for their load balancers known as Target Failover for Existing Flows. This feature enables forwarding of existing connections to another target in the event of failure.
Cisco is an early adaptor of this feature and has combined Target Failover for Existing Flows with Secure Firewall clustering capabilities to create the industry’s first stateful cluster in AWS.
Figure 4 shows a firewall failure event and how the AWS Gateway Load Balancer uses the Target Failover for Existing Flows feature to switch the traffic flow from Firewall Node 2 to Firewall Node 3. The traffic flow for this example includes:
User -> IGW -> GWLBe -> GWLB -> Secure Firewall (3) -> GLWB -> GWLBe -> Workload
Organizations need reliable and scalable security to protect always-on applications in their AWS cloud environment. With stateful firewall clustering capabilities from Cisco, organizations can protect their applications while maintaining cloud benefits such as agility, scalability, and reliability.
Cisco Secure Firewall Threat Defense Virtual is available in the AWS marketplace, providing features like firewalling, application visibility & control, IPS, URL filtering, and malware defense. Cisco offers flexible options for firewall licensing, such as pay-as-you-go (PAYG) and bring-your-own-license (BYOL). To learn more about how Cisco Secure Firewall clustering capabilities can help protect your AWS applications, see our additional resources, check out our 30-day free trial, or speak to your Cisco sales representative.
Cisco Secure Firewall Clustering in the Cloud
Introducing AWS Gateway Load Balancer Target Failover for Existing Flows
Secure Firewall for Public Cloud webpage
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
In the second part of this blog series on Unscrambling Cybersecurity Acronyms, we covered Endpoint Detection and Response (EDR) and Managed Endpoint Detection and Response (MEDR) solutions, which included an overview of the evolution of endpoint security solutions. In this blog, we’ll go over Managed Detection and Response (MDR) and Extended Detection and Response (XDR) solutions in more depth.
MDR solutions are a security technology stack delivered as a managed service to customers by third-parties such as cybersecurity vendors or Managed Service Providers (MSPs). They’re similar to Managed Endpoint Detection and Response (MEDR) solutions since both solutions are managed cybersecurity services that use Security Operations Center (SOC) experts to monitor, detect, and respond to threats targeting your organization. However, the main difference between these two offerings is that MEDR solutions monitor only your endpoints while MDR solutions monitor a broader environment.
While MDR security solutions don’t have an exact definition for the types of infrastructure they monitor and the underlying security stack that powers them, they often monitor your endpoint, network, and cloud environments via a ‘follow the sun’ approach that uses multiple security teams distributed around the world to continually defend your environment. These security analysts monitor your environment 24/7 for threats, analyze and prioritize threats, investigate potential incidents, and offer guided remediation of attacks. This enables you to quickly detect advanced threats, effectively contain attacks, and rapidly respond to incidents.
More importantly, MDR security solutions allow you to augment or outsource your security to cybersecurity experts. While nearly every organization must defend their environment from cyberattacks, not every organization has the time, expertise, or personnel to run their own security solution. These organizations can benefit from outsourcing their security to MDR services, which enable them to focus on their core business while getting the security expertise they need. In addition, some organizations don’t have the budget or resources to monitor their environment 24/7 or they may have a small security team that struggles to investigate every threat. MDR security services can also help these organizations by giving them always-on security operations while enabling them to address every threat to their organization.
One drawback to deploying an MDR security service is that you become dependent on a third-party for your security needs. While many organizations don’t have any issues with this, some organizations may be hesitant to hand over control of their cybersecurity to a third-party vendor. In addition, organizations such as larger, more-risk averse companies may not desire an MDR service because they’ve already made cybersecurity investments such as developing their own SOC. Finally, MDR security solutions don’t have truly unified detection and response capabilities since they’re typically powered by heterogenous security technology stacks that lack consolidated telemetry, correlated detections, and holistic incident response. This is where XDR solutions shine.
XDR solutions unify threat monitoring, detection, and response across your entire environment by centralizing visibility, delivering contextual insights, and coordinating response. While ‘XDR’ means different things to different people because it’s a fairly nascent technology, XDR solutions usually consolidate security telemetry from multiple security products into a single solution. Moreover, XDR security solutions provide enriched context by correlating alerts from different security solutions. Finally, comprehensive XDR solutions can simplify incident response by allowing you to automate and orchestrate threat response across your environment.
These solutions speed up threat detection and response by providing a single pane of glass for gaining visibility into threats as well as detecting and responding to attacks. Furthermore, XDR security solutions reduce alert fatigue and false positives with actionable, contextual insights from higher-fidelity detections that mean you spend less time sifting through endless alerts and can focus on the most critical threats. Finally, XDR solutions enable you to streamline your security operations with improved efficiency from automated, orchestrated response across your entire security stack from one unified console.
A major downside to XDR security solutions is that you typically have to deploy and manage these solutions yourself versus having a third-party vendor run them for you. While Managed XDR (MXDR) services are growing, these solutions are still very much in their infancy. In addition, not every organization will want or need a full-fledged XDR solution. For instance, organizations with a higher risk threshold may be satisfied with using an EDR solution and/or an MDR service to defend their organization from threats.
As I mentioned in the first and second parts of this blog series, you shouldn’t take a ‘one-size-fits-all’ approach to cybersecurity since every organization has different needs, goals, risk appetites, staffing levels, and more. This logic holds true for MDR and XDR solutions, with these solutions working well for certain organizations and not so well for other organizations. Regardless, there are a few aspects to consider when evaluating MDR and XDR security solutions.
One factor to keep in mind is if you already have or are planning on building out your own SOC. This is important to think about because developing and operating a SOC can require large investments in cybersecurity, which includes having the right expertise on your security teams. Organizations unwilling to make these commitments usually end up choosing managed security services such as MDR solutions, which allows them to protect their organization without considerable upfront investments.
Other critical factors to consider are your existing security maturity and overall goals. For instance, organizations who have already made significant commitments to cybersecurity often think about ways to improve the operational efficiency of their security teams. These organizations frequently turn to XDR tools since these solutions reduce threat detection and response times, provide better visibility and context while decreasing alert fatigue. Moreover, organizations with substantial security investments should consider open and extensible XDR solutions that integrate with their existing tools to avoid having to ‘rip and replace’ security tools, which can be costly and cumbersome.
I hope this blog series on the different threat detection and response solutions help you make sense of the different cybersecurity acronyms while guiding you in your decision on the right security solution for your organization. For more information on MDR solutions, read about how Cisco Secure Managed Detection and Response (MDR) rapidly detects and contains threats with an elite team of security experts. For more information on XDR solutions, learn how the Cisco XDR offering finds and remediates threats faster with increased visibility and critical context to automate threat response.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
FreshRSS 