Login
SaaS Security Marketing Manager Laura O’Melia has always been interested in living and working internationally. After living in Austin, Texas for twenty years, O’Melia was ready for a new adventure and decided to move to Sydney, Australia with the support and encouragement of her manager and Cisco. The pandemic delayed her plans, but now that O’Melia’s settling into life and work in Australia, she shared how she made the move to work from anywhere and how you can, too.
What do you do?
O’Melia: I am on the Security Marketing team and focus on driving demand for our Zero Trust solution in the Asia-Pacific, Japan and China (APJC) region. I work closely with the Sales teams to do activities that will generate pipeline and educate prospects on our security solutions. I spend time finding new leads and trying new ways to engage with our top prospects while having fun along the way.
What do you like most about working at Cisco?
O’Melia: What I love most about working at Cisco is the amount of positive contributions we get to have on the world, from solving some of the world’s biggest problems around cybersecurity to giving money and resources to others in need. I also love the feeling of empowerment to create my own work/life balance as Cisco allows me the opportunity to have a flexible schedule.
What has been your career journey within Cisco?
O’Melia: I started at Duo Security in 2017. While working in Field Marketing, I was able to gain experience across many different teams. For example, I worked closely with a region in the U.S. as well as the Managed Service Provider team, which is a global team with a completely different business model. The needs differ greatly, from how we report and track metrics to the messaging and offers from one team to the next. I am now working in a very different market that is much larger and includes many more languages, so that brings a new level of understanding to how we show up in the market to achieve business goals.
“Stepping outside of my comfort zone is one of my favorite things to do.”
– Laura O’Melia
What prompted you to relocate from Austin, Texas to Sydney, Australia?
O’Melia: Austin is great and was my home for 20 years, but I still wanted to gain international work experience to learn what it would be like somewhere else and compare it to what I know.
Stepping outside of my comfort zone is one of my favorite things to do, so when I heard Duo was expanding internationally and there was an opportunity in Australia, I was immediately interested. Everyone I know that has visited Australia always has absolutely wonderful things to say, so without ever having visited I agreed to take a long-term international two-year assignment.
How has Cisco supported your relocation?
O’Melia: I worked closely with my manager on the process from start to finish. We had the support of Cisco’s Mobility Services team, a group of Cisco employees that help with relocation services. We worked with immigration to obtain my work visa. I was planning to relocate in March 2020 but as we know, the borders were closed and visas were not being processed for nearly two years. I was already in-role, so continued to support the APJC team from Austin.
When the time came, Cisco had a team of experts that I worked with to pack and ship my belongings and help get set up with an overseas bank. I also worked with a realtor to help me find a place to live, and the team even assists with my U.S. and Australian tax returns while I am away.
How has your work changed since relocating?
O’Melia: My role has expanded from doing lead-gen events for Duo in Australia and New Zealand to now being responsible for driving demand across the APJC region through digital campaigns and other marketing channels. I still strive to provide qualified leads to Sales and educate the market on our offerings. My goal is to help get Cisco Secure solutions into more doors to ultimately give users a better experience and stop the bad actors from doing harm.
What advice do you have for others who want to work from anywhere?
O’Melia: If you get the opportunity, take it. Everyone has their own path, but if you feel your career could benefit, even slightly, from the experience you will gain moving to another country and figuring things out far from what you know today, why not give it a try? You can learn so much from meeting and working with people that have a very different experience than you might know.
Ready for an adventure? If you want to solve global challenges through cybersecurity with the potential to work anywhere, check out our open roles.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Since 1996, United Nations members have commemorated Nov. 16 as International Day of Tolerance. As a word, tolerance can mean different things to different people and cultures. The UN defines tolerance as: “respect, acceptance and appreciation of the rich diversity of our world’s cultures, our forms of expression and ways of being human.” I define it slightly differently. To me, tolerance is acceptance. Tolerance is inclusion. Tolerance is humanity. Tolerance is letting people be and live authentically as they choose.
Being able to live authentically is key. It’s about creating an environment for everyone to fit in and feel a sense of belonging. In a way, this means obfuscating the “standard” and stop paying attention to the degrees of variation from it. Tolerance is a step one in that process and a critical step toward a more diverse and tolerant world.
But if this is the goal, I say we have lots of work left in promoting this within our workforce, especially in the cybersecurity industry. I wrote extensively about this in a blog last year on why diversity matters so much to create stronger cybersecurity organizations. I pointed out that cybersecurity as a technology is multi-faceted and constantly changing. So, it would make sense that a highly diverse organization would provide different perspectives and more creative solutions to these challenges.
Even in the face of this logical goal of creating more diverse workforces, legacy recruiting, education, and even hiring practices are holding us back as an industry. I’ll look at one workforce populations specifically, women in cybersecurity. Currently, women constitute less than 25 percent of the workforce in cybersecurity. Of course, this is inclusive of all roles in cybersecurity meaning that I think it’s fair to say that the percentage of women in technical cybersecurity roles (e.g., software and hardware engineering) would be much lower. That’s discouraging, especially when there are still more than 700,000 cybersecurity positions that remain unfilled, many of them being high-paying roles.
Perhaps the more important question is “why?” The International Information System Security Certification Consortium (ISC2) commissioned a study to examine this issue closely and came up with some important conclusions that I’ll summarize.
In promoting the International Day of Tolerance, Secretary-General Ban Ki-moon listed three ways we as a global society can be more tolerant: education, inclusion, and opportunities. As it happens, those are also exactly the approaches required to create more diverse workforces.
Of the three, I believe education (the earlier the better) is key as it’s foundational to being able to take advantage of inclusion and opportunities. Yes, we must continue to invest in STEM education and encourage more girls and minorities to take part. But the harder challenge is to somehow overcome the perception issue among large parts of these populations that the STEM field is not for them.
I believe that will require an investment in time and interaction in the form of mentoring and community outreach. For example, the Cisco Women in Technology employee resource organization that I’m proud to be the executive sponsor for, started a coding bootcamp targeting underrepresented populations. There will be many more bootcamps next year including weeklong camps in the summer. We need more of this, much more and I know there are many companies in cybersecurity who have similar aspirations and programs.
So, on this International Day of Tolerance, I ask my fellow cybersecurity professionals to at least think of ways they can influence someone in an underrepresented population to explore a career in the STEM field including cybersecurity. Take part in local volunteer activities at a school, especially in an inner-city one, like the kind that the Cisco Networking Academy is renowned for. Join and be an active participant in one of many cybersecurity organizations and affinity groups. Become a sponsor and a mentor to a girl or a minority and help encourage them to get ready to join this exciting and lucrative industry.
But whatever you do, get started. Author and activist Rachel Cargle spoke to us earlier this year as part of our Black History Month celebration about what it means to show up with purpose toward addressing many injustices that still exist today. “There’s an incredible disconnect here between humanity and dignity and all of this stuff in the country, and that should hopefully push you to action,” she said. Indeed, as these are issues that have existed for decades, and we will not solve them in a day, a month, or even a year. But if we don’t start, I’m afraid that the diversity issues that I’ve highlighted will be much the same in the International Day of Tolerance for years to come.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Since releasing SecureX orchestration, we’ve regularly published two types of content for our customers to import and use: atomic actions and workflows. Atomic actions are small, re-usable functions that allow you to do simple things like isolating an endpoint in Cisco Secure Endpoint. Workflows are more complex combinations of activities, often made up of multiple atomic actions, that accomplish a broader objective. One of our most popular workflows fetches blog posts from Talos and then conducts an investigation into each post using a customer’s SecureX-integrated products. As of this blog post’s publishing, we’ve released 75 workflows. So, let’s talk about what’s new…
In the past, when you wanted to communicate with SecureX APIs, you had to go through a multi-step process to generate an API client, use that API client to get a token, and then refresh the token every 10 minutes. This process wasn’t exactly simple, so in April we released the new SecureX Token account key. This special type of account key allows you to integrate with SecureX APIs without creating an API client, generating a token, or worrying about when the token expires. Simply use a SecureX target in conjunction with a SecureX Token account key and the platform takes care of the tokens. For more information about this update and how to take advantage of this new functionality, check out our documentation. Keep in mind that if your orchestration tenant was created prior to April 2022, you may need to create a SecureX Token.
Now that we have SecureX Token account keys and customers have been using them for a few months, we decided it was time to update all of our previously published workflows to be fully compatible with the new account key type. All 24 workflows using SecureX APIs have now been updated to leverage SecureX Tokens. For more information about Cisco-published workflows, check out our workflow list.
Since Cisco Secure Firewall is almost always deployed on-premises and behind a firewall, integrating it with SecureX orchestration in the cloud has required the use of a SecureX orchestration remote. Not all of our customers are interested in deploying an on-premises virtual machine or they lack a VMware ESXi deployment within which to run the VM. Now, with the release of the SecureX Security Services Exchange (SSE) API proxy, you can integrate your SSE-registered FMC devices with orchestration workflows without the need for additional remotes or virtual machines. To show how this works and highlight how easy this integration is, we re-released five of our existing FMC workflows with support for the SSE API proxy:
To stay updated on what’s new with SecureX, check out the following resources:
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Throughout my career, I have noticed the way we “futurize” technology. Often, we are thinking of technology in five-to-ten-year increments. But the fact of the matter is – technology is moving faster than we can keep up. The minute we think we understand it, it’s already onto something new. That’s why here at Cisco, we’re focused on what’s NEXT. We all know technology will continue to grow at a rapid pace, our goal is to remain at the forefront of these changes.
After much anticipation, it’s finally here! I am excited to present the first episode of “NEXT” by Cisco Secure! “NEXT” is a video series illuminating simple conversations about complex topics. Our mission is twofold: First, we want to humanize cybersecurity. Second, we want to build a bridge between Cisco Secure and the ideas of the future.
CTO of Cisco Secure, TK Keanini and I sit down with Michael Ebel, CEO of Atmosfy. If you saw our preview, then you know Atmosfy is on a mission to help inspire others and support local restaurants through live videos.
Want to learn what’s NEXT for Michael Ebel and Atmosfy? Check out our episode!
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
After a three-year hiatus, Cisco Live 2022 Melbourne is back! Personally, it will be a special experience, attending with my team and leaders for the first time as the Asia Pacific Cybersecurity Lead.
I will be speaking on the “Top Priorities for IT and Security Leaders in 2023” on 7 December at the Cisco Secure Insights Live, covering key priorities for security leaders as we enter the new year. Please join me at the Security Experience Hub at the World of Solutions. You can also participate virtually.
Today’s businesses require a strong culture of security and resilience that is pervasive throughout the organization to withstand uncertainty and emerge stronger. Hear from our Cisco security leaders on powering resilience across the enterprise in the following presentations:
Dive into 80+ security sessions by experts to uncover best practices to address key challenges, and maximize your technology investments.
Explore the Security Experience Hub and Demo Stand at the World of Solutions Zone for exciting security activities:
For those joining us online, we have the Cisco Secure Insights Live broadcast on all things security, and Cisco Live broadcast covering keynote presentations by industry leaders.
I’m excited for you to see how we can help you achieve security resilience and look forward to meeting you at Cisco Live 2022 Melbourne. I’m ALL IN, are you?
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
For these Cisconians, hands-on is the way to go when it comes to giving back. Using Cisco’s Time2Give benefit that provides 10 paid days to volunteer each year, team members rolled up their sleeves to build homes, cuddle and care for animals, distribute food and more. If you also value giving back, check out our open roles.
Marketing Specialist, Global Events Julie Kramer used Time2Give to build a shed with Habitat for Humanity of Huron Valley. Kramer especially appreciated learning about the organization’s purpose in addition to learning how to build.
John Hindman, an account executive, used Time2Give to spend a week in Nicaragua with SuNica, an organization centered on clean water and fellowship. Hindman cleared out downed trees, picked coffee and built treehouses to allow the organization to host more children from surrounding communities.
In the community Hindman visited, repurposing recycled materials is critical to the economy, and one way that happens is through “mining” the local landfill. Hindman’s team encouraged local employees and led games and activities for local children.
For those considering Time2Give, Hindman says, “Do it. Unplug, find something you’re passionate about, set up your out-of-office, and ignore everything work-related for the time you’re serving.”
Animal lover Carrie Cordeiro, a Cisco Secure digital strategist/manager on the Brand Marketing team, volunteers with Hopalong and Muttville as a kitten cuddler and dog walker. Most of her time is spent transporting kittens, puppies, cats and dogs around the Bay Area to vet appointments, adoption centers and foster locations.
The best part for Cordeiro is “getting to interact with so many adorable animals,” she said. As for leadership support around utilizing Time2Give? “I love doing it and my management team absolutely supports it, especially when I share photos.”
Customer Success Manager Kristen Gehrke reminds us that, “You don’t always have to look far to utilize Time2Give.” She sewed a baby blanket for Bluebonnet Trails Community Services. “The best part of the experience was giving back to mothers and their babies, as I am an expecting mother myself,” she said.
Engineering Manager Blake Ellingham organized food pantry shelves and packed bags for food distributions with HTB Food Bank. “I love getting to do work with my hands that helps others,” he said.
Ellingham recommends scheduling something routine for Time2Give. “Consistency matters! By going in every week for a half day of volunteering, I was able to make great friends with the staff,” he said.
From empowering youth globally and remotely to volunteering across community hubs, Cisconians deeply value innovative ways to contribute their time and talents.
If you are interested in increasing the impact of your skills and passions at work and beyond, check out our open positions.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Ampol has been Australia’s leading transport fuel company since 1900. What began over 125 years ago is now an organization that powers a country, operating 1,500 retail stores and stations across ANZ, plus 89 depots for refining and importing fuels and lubricants, and 8,200 employees throughout Australia, New Zealand, the United States, and Singapore. And while Ampol’s history goes back a century, they are a modern organization, using internet of things (IoT) technology across operational and retail locations, with sensors on everything from electric vehicle charging units to fuel tank gauges to transportation trucks to refrigeration units inside retail stores.
As a critical energy provider to a country of over 25 million people, Ampol’s security needed to match its evolving infrastructure. As Satish Chowdhary, Network Enterprise Architect, said, “At Ampol, we have implemented sensor technology across our network: from gauges in the fuel tanks to monitor fuel quality and quantity to sensors that monitor the temperature in various refrigerators across our retail sites to ensure goods stay chilled. It’s critical to manage these devices effectively and securely, and that’s where Cisco comes in…With IoT, a major security risk is posed by dodgy legacy devices left unpatched and vulnerable within your network. Cisco’s TrustSec and VLAN segregation automatically isolate vulnerable devices, not exposing the rest of the network to risks from untrusted devices.”
In addition to securing the IoT that let’s Ampol monitor and manage its critical operations, Cisco was able to create a comprehensive security environment that solved for their three strategic goals.
“Three key components of our cyber-resilient strategy were isolation, orchestration, and rapid recovery. Cisco SecureX nailed all three providing us a single interface to see all security events, and malicious files, thus expediting how fast we can isolate events and recover,” Chowdhary explained. “Before using Cisco Secure, security was a hindrance, not an enabler for our IT team, employees, and even customers,” he added.
In fact, Cisco Secure helped Ampol improve their security posture so much that they were able to quickly pivot during the early days of the pandemic.
“When Covid triggered supply challenges during lockdowns, people not being able to access groceries turned to their local service station convenience stores to get what they needed. For Ampol, maintaining that supply continuity was critical, not just for our business, but for the customers who were relying on us to get their supplies. And all of this was done when many employees were now having to work remotely… This was possible only because we could maintain our revamped locations, staff, clients, and business partners safe on our network – while still maintaining speed and efficiency. Cisco Secure was the ticket to Ampol’s resilience in the face of major change,” Chowdhary said.
In addition to enabling flexibility against supply chain fluctuations, Ampol is readily protected against threats, cyberattacks, and other vulnerabilities. Their Cisco security solution included:
“The major force for our Cisco Secure investment was simplification by integrating the entire Security portfolio…If we ever happen to have a cyber-attack, we can quickly find it and contain it,” Chowdhary said, adding, “The greatest outcome of using Cisco Secure is simplicity at its core. We achieved great efficiency integration, better visibility, and context that’s not hidden across five, ten, or fifteen consoles, and ultimately, greater security outcomes.”
To find out how else Cisco Secure is helping protect Ampol against sophisticated threats and other challenges, read the full Ampol case study.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Two years ago, we asked the question: What actually works in cybersecurity?
Not what everyone’s doing—because there are plenty of cybersecurity reports out there that answer that question—but which data-backed practices lead to the outcomes we want to implement in cybersecurity strategies?
The result was the first Security Outcomes Report, in which we analyzed 25 cybersecurity practices against 11 desired outcomes. And thanks to a large international respondent group, together with the mighty data science powers of the Cyentia Institute, we got some good data that raised as many questions as it answered. Sure, we found some strong correlations between practices and outcomes, but why did they correlate?
Last year, our second report focused in on the top five most highly correlated practices and tried to reveal more detail that would give us some guidance on implementation. We found that certain types of technology infrastructure correlated more with those successful practices, and therefore with the outcomes we’re seeking. Is architecture really destiny when it comes to good security outcomes? It does appear to be the case, but we had more research ahead of us to be more confident in a statement that sweeping.
All the while, we’ve been listening to readers considering what they’d like to glean from this research. One big question was, “How do we turn these practices into management objectives?” In other words, now that we have some data on practices we should be implementing, how do we set measurable goals to do so? I’ve led workshops in the UK and in Colombia to help CISOs set their own objectives based on their risk management priorities, and we’ve worked to identify longer-term targets that require close alignment with business leaders.
Another question that took a front-row seat in our presentations and just wouldn’t leave: the topic of cyber resilience, or security resilience. It’s almost reached the status of a buzzword in the security industry, but you can understand why it’s ubiquitous.
“Among the upheaval of the pandemic, political unrest, economic and climate turbulence, and war, everyone is struggling to find a new ‘business as usual’ state that includes being able to adapt better to the shaky ground beneath them.”
But what exactly is security resilience, anyway? What does it mean to security practitioners and executives around the world? And what are the associated cybersecurity outcomes that we can identify and correlate? We know it doesn’t simply mean preventing bad things from happening; that ship has sailed (and sunk). We also know that security resilience doesn’t always mean full recovery from an event or condition that has knocked you down. Rather, it means continuing to operate during an adverse situation, either at full or partial capacity, and mitigating the effects on stakeholders. Ideally speaking, security resilience also means learning from the experience and emerging stronger.
Security resilience is the focus of the third volume of our Security Outcomes Report: Achieving Security Resilience. It tells us how 4,700 practitioners across 26 countries are prioritizing security resilience: what it means to them, what they’re doing successfully to achieve it, and what they’re struggling with. Once again, the data gives us interesting ideas to ponder.
A stronger security culture boosts resilience by as much as 46%. By “culture,” we don’t mean annual compliance-driven awareness training. Cybersecurity awareness is what you know; security culture is what you do. When organizations score better at being able to explain just what it is that they need to do in security and why, they make better decisions in line with their security values, and that leads to better overall security resilience.
It doesn’t matter how many people you have; it matters whether you have any of them available in reserve to respond to events. Organizations with a flexible pool of talent internally (or on standby externally) show anywhere from 11% to 15% improvement in resilience. Which makes sense, as a fully leveraged team will be strained if they have to work even harder to take on an incident.
Because so many organizations around the world are looking to the NIST Cybersecurity Framework as a guidepost for cybersecurity practices, we also analyzed which NIST CSF capabilities correlated most strongly with our list of resilience outcomes. For example, our survey respondents that do a great job tracking key systems and data are almost 11% more likely to excel at containing the spread and scope of security incidents. From one angle, this seems like an obvious result, hardly worth mentioning. On the other hand, it’s worth presenting to your management some data that shows that investing in asset inventory solutions really does have long-range effects on your ability to stop an intrusion.
And there’s much more. The report identifies—and then explores—seven success factors that, if achieved, boost our measure of overall security resilience from the bottom 10th percentile to the top 10th percentile. These include establishing a security culture and properly resourcing response teams, among others.
I hope this introductory blog—the first in a series exploring this latest report—whets your appetite to read the report itself. And remember, we are always aiming to reveal the next undiscovered insight that leads to better security outcomes. Please share your feedback and research requests with us in the comments below, or talk to us at the next security conference.
For more insights like what you’ve seen in today’s blog take a look at the Security Outcomes Report, Volume 3: Achieving Security Resilience.
Explore more data-backed cybersecurity research and other blogs on security resilience:
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Cybersecurity has changed dramatically since the dawn of firewalls in the 1980s. But despite all the upheaval and innovation, they have stood the test of time. The basic concept of allowing “good” traffic to flow and blocking the bad stuff remains essential. Of course, it looks much different now than in the era of Care Bears and Cabbage Patch Kids.
Today’s workers, data, and applications are everywhere, and firewalls must be as well. There’s no longer just one finite space to defend. With the recent explosion of hybrid work and the rapid transition to multi-cloud environments, it’s imperative that firewalls evolve alongside a business — and be ready for whatever’s next.
So, can your firewall grow with you? Or is it stuck in the age of Hair Bands and He-Man?
The past few years have brought about a keen focus on resilience — remaining strong, yet adaptable in the face of unexpected and even unfathomable challenges. But an organization cannot persevere without security being at the forefront of any resilience strategy.
96% of executives consider security resilience highly important to their business.
– Cisco Security Outcomes Report
Firewalls are a critical foundation for building powerful, resilient security infrastructure. Yet contemporary firewalls have to be and do more than one thing. Cisco Secure Firewall delivers world-class security controls wherever you need them, with unified visibility and consistent policy management and enforcement.
As a worldwide leader in networking and security, Cisco is better positioned than any other vendor to incorporate effective firewall controls into your infrastructure — anywhere your data and applications reside. According to a study conducted on behalf of Cisco by Forrester Research, Cisco Secure Firewall customers can:
Cisco Secure Firewall delivers on several key aspects necessary for security resilience: visibility, flexibility, intelligence, integration, and unified controls. Together, they enable organizations to close gaps, see and detect threats faster, and adapt quickly to change.
Watch video: Cisco Secure Firewall Overview
With most of today’s internet traffic being encrypted, security measures can become obsolete without the ability to see into all traffic, encrypted or not. While decryption is commonplace, it is simply not feasible in many cases, and can have serious impacts on network performance. With its Encrypted Visibility Engine, Cisco Secure Firewall leverages deep packet inspection (DPI) to identify potentially malicious applications in encrypted traffic without offloading to another appliance and degrading performance.
Due to a highly distributed network and workforce, as well as constantly maturing attacks, the ability to see into every corner of your ecosystem is crucial. Cisco Secure Firewall blends multiple technologies to detect and block more threats in more places. By combining traditional firewall capabilities with URL filtering, application visibility and control, malware defense, and Snort 3 intrusion prevention, organizations gain robust protection against even the most sophisticated threats.
Cisco offers a wide variety of firewalls for defending the different areas of your network — including physical, virtual, and cloud-native — as well as cloud-delivered. We can secure businesses and offices of all types and sizes, from the data center to the cloud.
Cisco Secure also provides flexible firewall management options, enabling you to deploy and operate your security architecture in a way that is tailored to the unique requirements of your NetOps, SecOps, and DevOps teams. No matter which firewall models you choose or environments you operate in (physical or virtual), you can use a single, simplified application to manage all your firewalls from one place.
The threat landscape changes every day, and our defenses must change with it. Cisco Talos is one of the largest and most trusted threat intelligence groups in the world. Its in-depth insight into global threats, and advanced research and analysis, enable us to quickly incorporate protections for new threats into our products via hourly updates. That way, Cisco customers are continuously safeguarded from both known and unknown threats.
“When the Log4j vulnerability was discovered, we were protected before we even completed our patching,” said Paul Smith, network administrator at Marian University. “As a result of automated hourly updates from Talos, Cisco Secure Firewall had an early detection signature, so it was already blocking the concerning traffic from infiltrating our network.”
Another differentiator for Cisco Secure Firewall is that it’s part of an integrated security ecosystem. With Cisco SecureX, organizations can correlate data from multiple technologies and unleash XDR capabilities for a centralized, automated response to threats.
“At the end of the day, it’s about protecting the data, and we do that with the integration of [Cisco] Secure Endpoint, Umbrella, and Secure Firewall, which combine to protect the networks, endpoints, workstations, and servers — and all of this can be correlated easily within SecureX.”
– Elliott Bujan, IT Security Manager, Marine Credit Union
The new Cloud-delivered Firewall Management Center leverages the cloud to facilitate agile, simplified operations for a distributed, hybrid network. It provides efficiency at scale by allowing security teams to swiftly deploy and update policies across their environment with just a few clicks, as well as take coordinated actions to prioritize, investigate, and remediate threats within a single pane of glass. And with a cloud-delivered management center, Cisco regularly updates its software behind the scenes, which reduces risk, maintains compliance, and gives your team more time to focus on other priorities.
Additionally, Cisco Secure Firewall dynamically shares policies driven by intelligence from Cisco Secure Workload, which uses microsegmentation to prevent lateral movement of attackers throughout a network. This allows security policies to be harmonized across both the network and application environments, boosting efficacy and fostering collaboration between teams.
These are just some examples of what makes up a comprehensive, modernized firewall. But Cisco is not stopping there. We continue to innovate to meet evolving business needs. For example, the new enterprise-class 3100 Series firewalls are specially designed for hybrid work, supporting more end users with high-performance remote access for increased organizational flexibility.
Additionally, Cisco Secure Firewall serves as a key component of advanced security strategies including XDR, SASE, and zero trust, helping businesses keep pace with accelerating digital transformation. According to Cisco’s most recent Security Outcomes Report, organizations with mature XDR, SASE, and zero trust implementations all boast significantly higher levels of security resilience.
Fuel and energy retailer, Ampol, uses a variety of Cisco technologies, including Secure Firewall, to segment and safeguard its network. “Cisco was an integral part of our success during COVID-19 as we were able to serve customers without interruption in stores,” said Amir Yassa, senior project specialist at Ampol. “Deploying our retail resilience project, mostly comprised of Cisco products, enabled us to reduce our IT-related incidents by 90%, thus enabling us to serve our customers better now and into the future.”
Is your firewall keeping up with future demands, or is it still stuck in the 80s teasing its hair? If it’s the latter, we can help. Visit cisco.com/go/firewall and learn how to refresh your firewall.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Cisco’s latest release of the Secure Firewall operating system, Secure Firewall Threat Defense Version 7.3, addresses key concerns for today’s firewall customers. The 7.3 release delivers more features to the three key outcomes: see and detect more threats faster in an increasingly encrypted environment, simplify operations, and lower the TCO of our security solution.
QUIC Fingerprinting
The QUIC protocol is seeing significant adoption but seeing within QUIC is highly challenging. It is the default protocol for popular sites such as Google and Facebook, almost 10% of sites today now support transport over the QUIC protocol. Further enhancements to Cisco’s Encrypted Visibility Engine (EVE), first launched a year ago in 7.1, allows for the fingerprinting of traffic that is using the QUIC Protocol in Secure Firewall 7.3. This allows for enhanced visibility of this traffic for use in policy decisions to help determine the nature of the traffic and identify potential malicious traffic hiding in the QUIC Protocol.
MITRE Rule Groups
The Intrusion Prevention System (IPS) in Secure Firewall 7.3 now includes groups of rules mapped to the MITRE framework so that customers can both deploy explicit protections and see events mapped to those known attackers’ tactics and techniques. Additionally, the reporting and eventing capabilities have been enhanced to show any events that map to specific tactics as described by MITRE.
Remote Access VPN Dashboard
Remote work is here to stay. Hybrid work is the new normal, to complement our best-in-class Remote Access VPN Capabilities inside Cisco Secure Firewall, release 7.3 delivers a consolidated dashboard for monitoring the Remote Access infrastructure. The new dashboard capabilities consolidate existing and new information into a single location so that customers can track logged in users, failed attempts to connect, location that users are connecting from as well as insights on throughput and bandwidth usage, providing customers with the security and business visibility they need to manage Remote Access VPN capabilities regardless of scale.
Enhanced Cluster Capabilities
Clustering capabilities within Secure Firewall offer a powerful way to scale out for performance and resiliency. With the release of Secure Firewall 7.3, operational enhancements to the clustering solution have been added so that customers can now monitor the full suite of metrics relating to the health of their cluster directly from the Secure Firewall Management Center as well as the capability to perform backup and restore actions on cluster nodes for a significantly reduced time-to-recovery in the event of a failure
Additional Site-To-Site VPN Capabilities
The Virtual Tunnel Interface (VTI) Capabilities have been further enhanced with Dynamic Virtual Tunnel Interface (DVTI) capabilities allowing for simplified connectivity between branch and hub sites. Support has also been added for OSPF and EIGRP routing protocols in conjunction with Virtual Tunnel Interfaces for added flexibility with route-based VPNs as well as Loopback Interface configuration to aid with management services in a dynamic environment.
Secure Firewall 3105 Hardware
Alongside the new Software and further extending Cisco’s powerful Secure Firewall 3100 series hardware platforms launched earlier this year, the new Secure Firewall 3105 bridges the gap on both price and performance between the small and mid-range hardware platforms. Delivering all the key capabilities of the other appliances in the 3100 series such as Clustering, Dual Power Supplies and Network Module support, as well as impressive performance from Firewall, VPN and TLS decryption thanks to the new architecture, the 3105 model targets the lower end of the mid-range with 10Gbps throughput.
Expanded support in Microsoft Azure Cloud
As organisations continue to adopt services from public cloud providers, Cisco Security recognises the need to enable our customers the flexibility to deploy more form factors in more locations as well as the ability to scale to meet modern cloud network demands.
Automated integration to Cisco Umbrella
Building on the DNS Integration capabilities delivered in Secure Firewall 7.2, customers leveraging the advanced capabilities of Cisco Umbrella can now significantly reduce the configuration overhead required to direct traffic to the Cisco Umbrella Cloud by making use of the SASE Topology capabilities in Secure Firewall 7.3. Customers can now automatically configure and manage IPSec Tunnels between Secure Firewall devices across their environment and the Umbrella Cloud as well as having a single view of the tunnel status directly within Secure Firewall Management Center.
These are just some of the many new features in the 7.3 version. We encourage you to take download it here and try it out. You can find more information on the 7.3 software release here.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Nowadays, “cybersecurity” is the buzzword du jour, infiltrating every organization, invited or not. Furthermore, this is the case around the world, where an increasing proportion of all services now have an online presence, prompting businesses to reconsider the security of their systems. This, however, is not news to Cisco, as we anticipated it and were prepared to serve and assist clients worldwide.
Secure Cloud Analytics, part of the Cisco Threat, Detection, and Response (TD&R) portfolio, is an industry-leading tool for tackling core Network Detection and Response (NDR) use cases. These workflows focus primarily on threat detection and how security teams may recognize the most critical issues around hunting and forensic investigations to improve their mean-time-to-respond.
Over the last year, the product team worked tirelessly to strengthen the NDR offering. New telemetry sources, more advanced detections, and observations supplement the context of essential infrastructure aspects as well as usability and interoperability improvements. Additionally, the long-awaited solution Cisco Telemetry Broker is now available, providing a richer SecOps experience across the product.
As part of our innovation story on alerting capabilities, Secure Cloud Analytics now features new detections tied to the MITRE ATT&CK framework such as Worm Propagation, Suspicious User Agent, and Azure OAuth Bypass.
Additionally, various new roles and observations were added to the Secure Cloud Analytics to improve and change user alerts, that are foundational pieces of our detections. Alerts now include a direct link to AWS’ assets and their VPC, as well as direct access to Azure Security Groups, enabling further investigation capabilities through simplified workflows. In addition, the Public Cloud Providers are now included in coverage reports that provide a gap analysis to determine which accounts are covered. Alert Details offers new device information, such as host names, subnets, and role metrics that emphasize detection techniques. To better configure alerts, we are adding telemetry to gain contextual reference on their priority. Furthermore, the ingest process has grown more robust due to data from the Talos intelligence feed and ISE.
The highly anticipated SecureX integration is now available in a single click, with no API credentials required and smooth interaction between the two platforms. Most importantly, Secure Cloud Analytics alerts may now be configured to automatically publish as incidents to the SecureX Incident Manager. The Talos Intelligence Watchlist Hits Alert is on by default due to its prominence among the many alert types.
Among other enhancements to graphs and visualizations, the Encrypted Traffic widget allows for an hourly breakdown of data. Simultaneously, the Device Report contains traffic data for a specific timestamp, which may be downloaded as a CSV. Furthermore, the Event Viewer now displays bi-directional session traffic to provide even more context to Secure Cloud Analytics flows, as well as additional columns to help with telemetry log comprehension: Cloud Account, Cloud Region, Cloud VPC, Sensor and Exporter.
On-premises sensors now provide additional telemetry on the overview page and a dedicated page where users can look further into the telemetry flowing through them in Sensor Health. To optimize the Secure Cloud Analytics deployment and improve the user experience, sensors may now be deleted from the interface.
Regarding telemetry, Cisco Telemetry Broker can now serve as a sensor in Secure Cloud Analytics, so users can identify and respond to threats faster with additional context sent to Secure Cloud Analytics. In addition, there will soon be support for other telemetry types besides IPFIX and NetFlow.
As we can see from the vast number of new additions to Secure Cloud Analytics, the product team has been working hard to understand the latest market trends, listen to the customers’ requests, and build one of the finest SaaS products in the NDR industry segment. The efforts strongly underline how Secure Cloud Analytics can solve some of the most important challenges in the NDR space around visibility, fidelity of alerts and deployment complexity by providing a cloud hosted platform that can offer insights on-premise and on cloud environments simultaneously from the same dashboard. Learn more about new features that allow Secure Cloud Analytics to detect, analyze, and respond to the most critical dangers to their company much more quickly.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Oh, the scammers online are frightful, and the deals they offer seem delightful. No matter what you think you know, let it go, let it go, let it go (to the tune of 1945’s Let it Snow by Vaughn Monroe with the Norton Sisters).
‘Tis the season to find ourselves awash in good tidings and, well, consumerism. While it’s only partly tongue in cheek, we must be honest with ourselves. We spend a lot of money online. Often, we find ourselves leaving things to the last minute and hope that the delivery folks can make the magic happen and send us all the widgets and grapple grommets while we surf the Internet from the safety of our sofas with coffee in hand.
But, not every deal is what it appears to be. Scammers are always lurking in the void of the Internet waiting for a chance to fleece the unexpecting from their hard-earned money. This can manifest itself to the unsuspecting in many ways. There are shipping frauds, gift card giveaways and vishing (phone-based scams).
Scams tend to rely on generating a false sense of urgency. The shipping scam emails often show up in our inboxes as a warning about a missed or delayed package that will be sent back to the point of origin if we don’t answer quickly. Of course, this requires a payment to receive the fictitious package.
These types of shipping scam emails are quite effective this time of year when more often than naught many people have enough orders coming to their house to make a fort with the empty boxes.
The other kinds of attacks are the gift card scams and vishing. The first of which taps into the sense of excitement that a person might receive something for free. “Fill out this form with your credit card information for a chance to win a $200 gift card.” Sadly, this attack works well for older generations for which giveaways were more common and they aren’t as accustomed to spotting digital swindlers.
The last scam that we will tackle here is often labeled as vishing or voice phishing. This is a method whereby the attackers call a victim and attempt to convince their target that they need to do something which will lead to the exposure of financial information while pressuring the victim to think if they don’t act quickly that they will miss an opportunity for personal gain.
Unfortunately, the aforementioned scams really bring in a lot of return for the criminal element. In 2021, over 92,000 victims over the age of 60 reported losses of $1.7 billion. This represents a 74 percent increase in losses over losses reported in 2020.
One additional scam that plays on the heart strings is the romance scams. A lot of single people find themselves lonely during the holidays and can be manipulated into thinking that they’ve found a romantic match. But this can drain the bank accounts as well.
In 2021, the IC3 received reports from 7,658 victims who experienced over $432 million in losses to Confidence Fraud/Romance scams. This type of fraud accounts for the highest losses reported by victims over the age of 60.
All these attacks prey on people’s emotional responses. So, how do we prepare ourselves? We need to make knowledge a capability and arm ourselves with information that will help us avoid being taken advantage of by criminals.
Passwords are a significant exposure. They are the digital equivalent of a house key. A password will work for anyone that has access to it. We need to utilize technologies such as multi-factor authentication (MFA) on websites where it is possible to do so. So even if bad actors have our password, the victim still needs to approve the login.
If we don’t have the option to use MFA it would be an excellent idea to make use of a password manager. This is a way to safely store passwords and not fall into the trap of reusing passwords on multiple sites. Attackers bank on human nature and if we use the same credentials on multiple sites there is a high possibility that the criminals could gain access to other sites if they compromise just one.
I’m usually one to eschew the practice of New Year’s resolutions but I’ll make an exception. Keep a keen sense about yourselves whenever you receive an email or SMS that you were not expecting. If a deal is too good to be true then, well, it most likely is a scam. If you’re in doubt, try to look up the phone number, email address, person or “organization” offering the “deal.” More often than not, you’ll find lots of people reporting that it’s a scam.
Rather than being visited by the three ghosts of holiday scams, make sure you and your loved ones are prepared for a happy holiday and a prosperous New Year.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Speaking to many CISOs, it’s clear that many security executives view zero trust as a journey that can be difficult to start, and one that even makes identifying successful outcomes a challenge. Simultaneously, the topic of security resilience has risen up the C-level agenda and is now another focus for security teams. So, are these complementary? Or will they present conflicting demands that will disrupt rather than assist the CISO in their role?
One of the most striking results coming from Cisco’s latest Security Outcomes Report is that organizations with a mature zero trust implementation – those with basic controls, constant validation and automated workflows – experience a 30% improvement in security resilience compared to those who have not started their zero trust journey. So, these two initiatives – implementing zero trust and working to achieve security resilience – appear to complement each other while supporting the CISO when a cyber black swan swims in.
Security resilience is the ability to withstand an incident and recover more strongly. In other words, ride out the storm and come back better. Meanwhile, zero trust is best known as a “never trust, always verify” principle. The idea is to check before you provide access, and authenticate identity based on a risk profile of assets and users. This starts to explain why the two are complementary.
The Security Outcomes Report summarizes the results of a survey of more than 4,700 security professionals. Among the insights that emerge are nine security resilience outcomes they consider most important. The top three outcomes for resilience are prevention, mitigation and adaptation. In other words, they prioritize first the ability to avoid an incident by having the right controls in place, then the ability to reduce and reverse the overall impact when an incident occurs, and then the ability to pivot rapidly without being bound by too rigid a set of systems. Zero trust will support these outcomes.
Preventing, or reducing the likelihood of a cybersecurity incident, is an obvious first step and no surprise as the most important outcome. Pursuing programs that identify users and monitor the health of devices is a crucial a preventative step. In fact, simply ensuring that multifactor authentication (MFA) is ubiquitous across the organization can bring an 11% improvement in security resilience.
When incidents occur, security teams will need a clear picture of the incident they are having to manage. This will help in them respond quickly, with a proactive determination of recovery requirements. Previous studies show that once a team achieves 80% coverage of critical systems, the ability to maintain continuity increases measurably. This knowledge will also help teams develop more focused incident response processes. A mature zero trust environment has also been found to almost double a team’s ability to streamline these processes when compared to a limited zero trust implementation.
When talking to CISOs about successful implementation programs, communication within the business emerges as a recurring theme. Security teams must inform and guide users through the phases of zero trust implementation, while emphasizing the benefits to them. When users are aware of their responsibility to keep the organization secure, they take a participatory role in an important aspect of the business. So, when an incident occurs, they can support the company’s response. This increases resilience. Research has shown that a mature program will more than double the effect of efforts to improve the security culture. Additionally, the same communication channels established to spread the word of zero trust now can be called upon when an incident requires immediate action.
Mature implementations have also been seen to help increase cost effectiveness and reduce unplanned work. This releases more resource to cope with the unexpected – another important driver of resilience surfaced in Volume 3 of the Security Outcomes Report. Having more efficient resources enables the security function to reallocate teams when needed. Reviewing and updating resource processes and procedures, along with all other important processes, is a vital part of any of any change initiative. Mature zero trust environments reflect this commitment continuous assessment and improvement.
Inherent in organizational resilience is the ability to adapt and innovate. The corporate landscape is littered with examples of those who failed to do those two things. A zero trust environment enables organizations to lower their risk of incidents while adapting their security posture to fit the ongoing changes of the business. Think of developing new partners, supporting new products remotely, securing a changing supply chain. The basic tenets of MFA – including continuous validation, segmentation and automation – sets a foundation that accommodates those changes without compromising security. The view that security makes change difficult is becoming obsolete. With zero trust and other keys to achieving security resilience, security now is a partner in business change. And for those CISOs who fear even starting this journey, understanding the benefits should help them take that first step.
Download the Security Outcomes Report, Vol. 3: Achieving Security Resilience today.
Learn more about cybersecurity research and security resilience:
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
When the Internet Engineering Task Force (IETF) announced the TLS 1.3 standard in RFC 8446 in August 2018, plenty of tools and utilities were already supporting it (even as early as the year prior, some web browsers had implemented it as their default standard, only having to roll it back due to compatibility issues. Needless to say, the rollout was not perfect).
Toward the end of 2018, EMA conducted a survey of customers regarding their TLS 1.3 implementation and migration plans. In the January 2019 report, EMA concluded:
Some participants’ organizations may find they have to go back to the drawing board and come up with a Plan B to enable TLS 1.3 without losing visibility, introducing unacceptable performance bottlenecks and greatly increasing operational overhead. Whether they feel they have no choice but to enable TLS 1.3 because major web server and browser vendors have already pushed ahead with it or because they need to keep pace with the industry as it embraces the new standard is unclear. What is clear is that security practitioners see the new standard as offering greater privacy and end-to-end data security for their organizations, and that the long wait for its advancement is over.
When EMA asked many of the same questions in an updated survey of 204 technology and business leaders toward the end of 2022, they found that nearly all the conclusions in the 2018/2019 report still hold true today. Here are the three biggest takeaways from this most recent survey:
While regulatory frameworks and vendor controls continue to push the adoption of the TLS 1.3 standard, adoption still comes with a significant price tag – one that many organizations are just not yet ready or able to consume. Technology improvements will increase rates of adoption over time, such as Cisco Secure Firewall’s ability to decrypt and inspect encrypted traffic. More recent and unique technologies, like Cisco’s encrypted visibility engine, allow the firewall to recognize attack patterns in encrypted traffic without decryption. This latter functionality preserves performance and privacy of the encrypted flows without sacrificing the visibility and monitoring that 94% of respondents were concerned about.
Readers wishing to read the full EMA report can do so here and readers wishing to learn more about Cisco Secure Firewall’s encyrpted visibility engine can do so here.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Cybersecurity professionals are often perceived as sole practitioners, plying their craft in dimly lit rooms. Nothing could be further from the truth, as one of the keys to being a successful cybersecurity professional is the ability to collaborate and, more importantly, to share knowledge as far and wide as possible.
At Cisco, we have formed the Cisco Insider Advocacy program, which consists of a global community of professionals passionate about working and spreading their knowledge with others. We celebrate these individuals’ efforts with annual awards in various disciplines and locales. In 2023, Cisco will recognize top advocates by region for the Global Advocate Awards. Our first event – highlighting Cisco customers from across the EMEA region – is around the corner. It all happens at Cisco Live in Amsterdam, in a live ceremony on February 8!
I am joined on the Advocate Awards judges’ panel by my colleagues, Cindy Valladares, Director of Brand Strategy and Customer Advocacy at Cisco Secure, Caroline Surujpaul, EMEA and European Marketing Director at Cisco Secure and Sarah Stephens, Senior Security Marketing Leader for EMEA at Cisco Secure. We are pleased to introduce the nominees for the Cybersecurity Defender of the Year Award in EMEA.
We have five distinguished nominees, and while we have yet to select a winner, you will see how each of their contributions to Cisco’s cybersecurity community raised our attention.
Alessandro was featured in a recent successful case study about the Future of Work with Umbrella, as well as an earlier piece about simplified security using Cisco Meraki in Talent Garden.
Alessandro also authored a book about digital transformation long before it was a common buzzword. That is typical of Alessandro’s foresight, the ability to be proactive to changes before they are commonplace. He is indeed on the cutting edge.
Alessandro considers his involvement in the Advocacy community as “a very easy goal for me. First, because I’m very passionate about cybersecurity, and second because here I can find very valuable peers and professionals to share information with.” Alessandro’s abilities are borne from passion, drive, and adherence to a personal code of excellence; he learned security in a strictly hands-on style. He is also a member of Cisco’s “League of Cybersecurity Heroes.”
Christoffer, the newest Cisco Insider Advocacy community member, has gotten off to a brisk involvement with the group. He was recently featured in the case study “NTNU Supports a Diverse Academic and Research Community with Proactive Security,” which detailed how the Norwegian University of Science and Technology tackled the management of a dizzying 110,000 endpoints connecting to the university’s VPN.
Christoffer fully embraces the ideology of collaboration, mentioning that when he was seeking a security solution, “We didn’t want a vendor. We didn’t want a product. We wanted a partner to help us attack this large problem of cybersecurity.” He also demonstrates a fervent dedication to sharing by authoring half a dozen works in the cybersecurity realm, ranging from scientific to academic articles. His involvement in the Insider Advocacy community has earned him a spot in Cisco’s “League of Cybersecurity Heroes.”
Mark is one of the most erudite cybersecurity professionals one could meet. He has extensive educational credentials and enjoys sharing his knowledge, making him one of the Top 10 most engaged advocates of the Cybersecurity Channel within the Cisco Insider Advocates community.
Mark’s professional involvement extends beyond his local precinct, offering his knowledge of security best practices across the UK Policing community. In completing his most recent university degree, he authored a dissertation that “has led to an initiative to improve the security posture of my workplace.” Mark’s support to other Cisco customers has also led to his election as Vice-Chair of the Internet Society Cybersecurity Special Interest Group. He is also a member of Cisco’s “League of Cybersecurity Heroes.”
Luigi is a valuable member of the Insider Advocacy group and was recently featured in a video and written success story about Zero Trust and XDR.
Luigi is an agent of change who embraces the collaborative spirit of a true cybersecurity expert, as exemplified in his entire professional approach: “Since the infrastructure is now cloud-based, we had to change our mindset regarding cybersecurity as well. It was important to have the people, the process, the organisation, and the technology under the same security umbrella.”
When not working to ensure the security of the Sara Assicurazioni environment, Luigi has dedicated time to speaking at events, such as the “Experts Learning from Experts” global virtual session, a special virtual roundtable dedicated to Zero Trust and, last but not least, his presentation at Cisco Live Emea in Amsterdam about XDR and Zero Trust. His contributions to the Insider Advocacy platform reflect a tireless commitment to the cybersecurity community. Luigi is also a member of Cisco’s “League of Cybersecurity Heroes.”
Last year, Diego participated as speaker at the Tech Forum: Convergencia entre redes y seguridad. He will also be featured in a future ThreatWise TV – Cisco episode
Diego recognised early on that remote work would place his organisation outside the scope of their security and took proactive measures to meet the challenge. Part of his proactive approach is to freely communicate his ideas, leading to his involvement in the Insider Advocacy community. This has also earned him a place within Cisco’s “League of Cybersecurity Heroes.”
Diego’s view of working with Cisco’s products is summed up in a catchy phrase: “If it’s connected, it’s protected.” His involvement within the Insider Advocacy community makes us echo that sentiment by stating that he is connected, helping to keep everyone protected.
One point of note is the absence of women from the list of nominees. This was not the result of bias, as Cisco has a history of substantial diversity, equity, and inclusion. As you can see from the activities of the current nominees, the selection was based strictly on contributions to the community. We would love to see more engagement and membership in the Insider Advocacy program, not only from women but from a broader geographic area. This would increase the choices of possible nominees and add an even wider palette of inclusion to the entire nomination process.
We know that there is an entire population of cybersecurity professionals who seek more connection with like-minded individuals, and we welcome you to join this cohesive community.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
For Cisco engineers working on Duo, having a remote-first workplace has helped them reach life goals, connect with colleagues around the world, and be intentional communicators. We understand that working remotely can be an adjustment — that’s why we’ve compiled the 10 parts of remote work that surprised our team members most and their advice for navigating the nuances. If you’re interested in being part of a remote-first workplace, check out our open positions.
Senior Engineering Leader David Rines has worked remotely for the past seven years. He’s found that Cisco’s approach to distributed teams has “enabled us to pick up the right talent, and not necessarily local talent. We are moving towards a global, follow the sun environment,” he said.
One of the aspects Rines appreciates most of this structure is getting “a widely varied set of perspectives and experiences that help build a more reliable, more robust product, which is why we’re here.”
Another benefit to having colleagues across the globe is the sharing of recipes, a perk Senior Site Reliability Engineer Bernard Ting particularly enjoys. Proactively communicating with colleagues virtually “helps you to form bonds with people from other teams. You can always learn something new about cultures elsewhere. I talk to people about food and so I’m always gathering recipes from people from all over the world,” Ting shared.
While some may fear that working remotely could lead to feelings of isolation and loneliness, a different camaraderie can flourish in the structure of our distributed teams. With colleagues across time zones, “there’s always someone there who you can reach out to help solve your problem,” Rines said.
Collaboration hours are another way Site Reliability Engineering Manager Jaya Sistla has cultivated virtual community and problem-solving. These hours are blocked off for team members to talk about what they’re working on. “The main thing is being able to ask for help so you don’t go into the rabbit hole debugging things,” Sistla said.
Ting points out that working in a distributed model allows you to really engage in virtual events and conversations. Given that the team mainly communicates through online chat, Ting has found that “forces you to see everyone as equally approachable, which has made me more comfortable reaching out to people from anywhere in the world.”
For folks sharing an office, collaboration can happen through casual chats over coffee. When facing a challenge, you can ask your neighbor for support. While ideally virtual communication could have a similar cadence and spontaneity, the logistics of remote and distributed work require intentionality and being proactive in connecting with colleagues as people and as co-workers.
When Ting first started working remotely, he felt that every meeting needed to be formal and have a business objective. By sharing his feelings with his manager, he was reassured that “socializing is a very important part of teamwork, because if you don’t have a good relationship with your colleagues you’re not going to be able to have healthy discussions, healthy conflict or be able to critique each other when the situation arises.”
Since that conversation, Ting has been more proactive about catching up with colleagues, which can include sharing a coffee over video chat. Duo’s “coffee roulette” formalizes the process as every month, employees who opt in can be randomly paired up for a quick half-hour chat focused exclusively on socializing. Ting has found being proactive about socializing virtually helpful. “It’s made me more intentional with my time and really treasure the social experience you can get,” he said.
Some folks may be concerned that without a manager observing their efforts and work ethic day in and day out, it may be harder to recognize accomplishments and challenges. Ting found that within his team “when you work on projects and in your one-on-ones with your managers, they’re always very intentional about learning what you’ve been doing and seeing what your progress is like on certain projects. I’ve been asked, ‘How do you think you can improve? What are some of the things you’ve been doing outside of the team work?’”
To cultivate cross-team collaboration and education, there are thoughtfully planned virtual lunch and learns. “We schedule training sessions and common meetings at times that are flexible for everyone. If it has to be repeated, we do it so people can comfortably attend rather than stretching themselves and attending at odd hours,” Sistla said.
For Software Engineer Nick Aspinall, an important and fun part of working remotely is keeping in touch with virtual messaging. One unique perk has been getting to create and customize emojis with team members including a few of himself in “various ridiculous states,” he said.
Connecting with colleagues on themed channels focused on personal and professional interests from coffee to pets “makes it really cool because you can meet people across different teams and still get some of the feeling of rubbing elbows that you get when you’re in the office,” Aspinall said. Participating in these virtual conversations boosts morale while also providing an endless supply of cute animal pics.
Given the multi-faceted nature of our work and the importance of consistent information sharing, having different communication channels and formats to communicate data with varying degrees of complexity is vital. Having information readily accessible, accurate and updated is particularly necessary in a field like cybersecurity.
Senior Software Engineer Mario Lopez finds that the variety of information sources contributes to an easeful remote working experience. For instance, for complex architecture decisions or detailing, Duo’s Wiki is the best source.
Software Engineer Hanna Fernandez has benefited from chat channels dedicated to design and engineering topics to “see what everyone’s up to and what thoughts people have,” she said. Sista pointed out these are great places to ask questions and open up dialogue to solve problems.
Our culture is “video-on,” meaning that it is preferred that during video meetings, as much as possible, attendees have their cameras on. Lopez loves this because “you get a bit of that personal human element.”
“We’re all people behind these screens. You definitely get some of people’s personality through text, but you get it more when you actually see them. It’s infectious when you see someone smiling. You’ve got to smile back,” he shared (while we both smiled).
When Fernandez started at Cisco, she was advised to schedule individual meetings with everyone she would be working with on every team that she joined. That suggestion is one she’s applied even virtually.
“It’s a great strategy because I already know that my team is super talented and very smart, but this way I also get to know them as humans beyond their roles,” Fernandez said. Fernandez also finds it important to check in with co-workers and ask how they’re feeling and how their time off was. “I know a lot of people hate small talk, but it’s not just small talk. I’m genuinely interested in how my co-workers are doing.”
One of Ting’s biggest goals was buying his first house in the countryside outside of London. By working remotely, Ting has flexibility in his location which allowed him to achieve his goal of buying a house and settling down with his partner, while giving their dogs the space they need to be dogs.
When transitioning from fully remote to hybrid, it’s important to recognize that there will be some shifts to get accustomed to. As the structures of remote, distributed and hybrid work evolve, it’s important to stay flexible and notice what’s possible through multiple modalities of team building. Many teams have enjoyed in-person gatherings and connecting through virtual lunches and team games when remote.
Fernandez has had multiple roles with multiple structures at Cisco. As an intern, she was fully in person and shared desk space with other interns who collaborated on full stack engineering. While working in finance IT, Fernandez was hybrid and many of her colleagues were distributed among multiple offices. The pandemic began while she was in a DevOps role, forcing her to maintain boundaries around her work time while working fully remotely. In her current role working on Duo, Fernandez is completely remote but advocates for in-person events if possible, because “humans are social creatures who want to see each other’s faces in real life once in a while.”
For Aspinall, “when we did come back to the office, there was a bit of an adjustment period where you were overstimulated from the office.” He also wanted to ensure team members who were 100% remote were fully included. Now he sees that while half his team is fully remote and the other half is hybrid, “that doesn’t stop anyone from doing anything. All of our meetings feel the same. They’re all seamless.”
If you’re interested in joining our team from wherever you are in the world, check out our open roles.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Related tags
In today’s security climate, NetOps and SecOps teams are witnessing increased attack surface area as applications and workloads move far beyond the boundaries of their data center. These applications/workloads move to, and reside in multi-cloud architecture, adding complexity to connectivity, visibility, and control. In the multi-cloud world, the SecOps teams use a distributed security model that is expensive, difficult to deploy, and complex to manage.
Cisco has partnered with Alkira to help secure your multi-cloud environment. Combining Alkira’s simplified cloud connection through their cloud network-as-a-service platform (SaaS-like model) with Cisco’s industry-leading security controls, we can deliver a centralized security model for multi-cloud architecture that is easy to deploy, manage, and increases visibility and control.
Cisco Secure Firewall Threat Defense Virtual provides unmatched security controls such as stateful firewalling, Snort3 IPS, URL filtering, malware defense, application visibility and control, and more. Additionally, with the purchase of Secure Firewall Threat Defense Virtual, you will receive license entitlement to Cisco SecureX, our open XDR and orchestration platform, helping you accelerate threat detection, investigation, and remediation.
Cisco Secure Firewall Management Center (FMC) is required for managing Secure Firewall Threat Defense Virtual, helping administrators enforce consistent access policies, rapidly troubleshoot security events, and view summarized reports across the deployment.
Secure Firewall Threat Defense Virtual is available on Alkira’s service marketplace through Bring-Your-Own-License (BYOL) and Pay-As-You-Go licensing options. Customers can seamlessly deploy and insert Secure Firewall in their Alkira Cloud Exchange Points (CXP).
Benefits of this integrated architecture include:
The Cisco Secure Firewall Threat Defense brings the following capabilities to the environment:
Figure 1 shows a multi-cloud environment inter-connected using Alkira Cloud Exhange Platform (CXP). In the above architecture, Cisco provides seamless insertion of security controls and enables the following use cases for firewall insertion:
Using Alkira’s customer portal, Cisco Secure Firewall Threat Defense Virtual can be easily inserted in the traffic path within minutes. Figure 2 shows how automation & orchestration eliminates additional configuration required in the legacy insertion model.
Cisco Secure Firewall Threat Defense Virtual is managed using Cisco Secure Firewall Management Center (FMC). Customers can use on-premises FMC or build a virtual FMC instance in the cloud. Cisco and Alkira support both models of deployment.
Cisco Secure Firewall Threat Defense Virtual protects the following traffic flows in Alkira CXP:
Alkira and Cisco’s partnership simplifies the deployment of enterprise-grade security in the cloud while enabling multi-cloud visibility and end-to-end threat defense for customers.
Additional Resources:
Cisco Secure Firewall Threat Defense
Cisco Secure Firewall Data Sheet
Cisco Secure Firewall Management Center
Alkira blog on Cisco Secure Firewall Threat Defense
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
The use of unmanaged and IoT devices in enterprises is growing exponentially, and will account for 55.7 billion connected devices by the end of 2025. A critical concern is deploying IoT devices without requisite security controls.
While these numbers are numbing, their reality is undeniable. 90% of customers believe digitization has accelerated the importance placed upon security. The World Economic Forum now lists cybersecurity failure as a critical threat, and estimates a gap of more than 3 million security experts worldwide, hindering secure deployments at scale. Furthermore, 83% of IoT-based transactions happen over plaintext channels and not SSL, making them especially risky.
Securing an IoT device can be achieved either through securing the IoT device itself, or hardening the network it accesses. Securing devices can be cumbersome, requiring complex manufacturing partnerships and increasing unit prices, thereby reducing adoption. On the other hand, securing the network is always desirable as it helps secure access, encrypt traffic, and ease management.
Being a leader in both security and networking, Cisco continues to bring security closer to networking, providing the network with built-in security, and enabling the network to act both as sensor and as an enforcer. The convergence of security and networking leverages the network’s intelligence and visibility to enable more-informed decisions on policy and threats.
Cisco uniquely integrates security and networking, for instance we recently integrated Cisco Secure Firewall to operate on Cisco Catalyst 9000 Series switches. Additionally, Secure Firewall can be deployed in a containerized form, on-premises and in clouds. Cisco Secure Firewall classifies traffic and protects applications while stopping exploitation of vulnerable systems. Additionally, we offer Identity Services Engine with AI Endpoint Analytics to passively identify IoT devices and apply segmentation policies. Furthermore, Cisco offers management flexibility by integrating with Cisco Defense Orchestrator and DNA Center and with existing customer tools like SIEMs and XDRs.
Let’s look at three use cases where the addition of Secure Firewall capability on Catalyst 9000 Series switches solves real world problems:
Use case 1: Securing the Smart Building: This solution is ideal to secure smart buildings, converging various IoT systems into a single IT-managed network infrastructure. Smart buildings lower the operational and energy costs. Smarter building systems, however, pose serious security risks as these include so many unmanaged devices such as window shades, lighting, tailored HVAC, and more. One of the methods to secure smart buildings is to control access to avoid manipulation of sensors. Such control is attained with a networking switch with enhanced firewall capability. The firewall ensures granular segmentation, directing policies for traffic generated out of IoT devices, providing access to the right users. This integration also brings security closer to endpoints, making policy orchestration simpler.
Use Case 2: Centrally manage isolated IoT network clusters: IoT devices which communicate with each other in the same subnet typically cannot be routed, which is a challenge. By default, most IoT networks are configured in the same subnet, making it difficult to manage them centrally. Administrators are forced to physically connect to the IoT network to manage and collect telemetry. Furthermore, IoT vendors often charge hefty amounts to update IP addresses of devices. Cisco Secure Firewall, hosted on the Catalyst switch, solves this problem and not only inspects traffic from the IoT network but also translates duplicate IoT IP addresses to unique global IP addresses using NAT for centralized management of isolated IoT networks.
Use Case 3: Securely encrypt IoT traffic passing through a shared IT network: At airports, for example, multiple vendors manage unique systems such as baggage, air quality, biometric access control, etc, which share a common network. IoT traffic is usually in plain text, making it susceptible to packet sniffing, eavesdropping, man-in-the-middle attacks, and other such exploits. The IPSec capability on Cisco Secure Firewall encrypts IoT traffic, securing data transfer and reducing risk.
Cisco’s IoT initiatives join the once disconnected worlds of IT and IoT, unifying networking and security. For further details refer to the At-A Glance and see how and an Australian oil company, Ampol, fortified its retail IoT with Cisco Secure!
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
“Where do we start?”
This is the question every CISO asks about every new program. In fact, I ask and answer that question many times a month. There’s a reason for this, of course. A strong start to any project builds momentum, reassures stakeholders, and sets the stage for what’s to come. Security resilience initiatives are no different. Security resilience is the ability to anticipate and respond to unpredictable threats or changes, and then emerge stronger. It’s hard to imagine a more vital undertaking for CISOs. And as with all initiatives, CISOs always want to know where to begin.
They’re likely to find some valuable starting points in the Security Outcomes Report, Volume 3: Achieving Security Resilience, the latest in a series of reports released by Cisco and reflecting the viewpoints of 4,700 IT and security professionals from 26 countries. The report identifies seven success factors CISOs can pursue to improve outcomes within their own enterprise security resilience programs, placing a high priority on security resilience. The seven success factors range in nature from the architectural—simplifying your hybrid IT environment, maximizing zero trust adoption—to more relationship-focused factors.
It’s the latter that caught my eye.
Seven success factors for resilience:
It shouldn’t surprise any CISO that the first two success factors are built around relationships. These factors zero in on relationships with company leadership (as measured by establishing executive support) and relationships with people across the organization (as measured by cultivating a culture of security). Experienced CISOs know that these factors can make or break security initiatives.
Given the objective of security resilience is to withstand threats and come back even stronger, it’s clear that resilience must exist before, during, and after a cybersecurity incident. This has repercussions on the executive level and throughout the business. Lack of executive support can lead to detection, response, and recovery capabilities that are chronically underfunded. This leaves CISOs at a disadvantage when security incidents do inevitably happen and panic strikes the C-suite. What’s more, CISOs who lack strong executive relationships may also find themselves struggling to oversee incident management and coordinate communications. And afterward? Remediating and improving the security posture, which often impacts multiple parts of the organization beyond IT and often requires significant investment, stalls without a necessary lift from leadership.
The security report, which scores resilience levels across a series of criteria, finds that organizations reporting a strong backing from leadership have resilience scores that are 39% higher when compared to organizations reporting weak support. “Bridges to the C-suite are built upon a solid understanding of how the business works and how security initiatives can make it work even better,” notes the report. “Support goes both ways in any relationship, after all.”
In addition to keeping the program aligned, CISOs must keep in communication with their peers and superiors. Those who share only transactional relationships within the C-Suite find their interactions limited to status updates and budget requests. Transformational relationships, however, involve more frequent and deeper communication and interactions, which cover a broader set of topics than submitting the latest budget ask. They are, in other words, more valuable.
Of course, executive support is just one crucial factor for success. Resilience programs need broad support from throughout the organization, not just at the top. Every time an employee picks up a mouse or accesses an app from their mobile phone, they make a choice to either strengthen or lessen the organization’s security posture. Every time an improvement is necessary following a security event, cultural buy-in determines whether this new request from security is implemented or circumvented.
According to the report, organizations that successfully foster a culture of security can see a 46% increase in resilience compared to those who lack such a culture. Much like aligning a program with the business direction furthers leadership buy-in, CISOs need to align security policy with the functional direction of the business—but in a way that helps employees see security measures as protecting not just corporate data and IT assets but also their own future. When employees aren’t on board or see security measures as IT concerns with no relation to them, resilience suffers. “Frequent security policy violations and workarounds,” notes the report, “are evidence of poor security culture.” By viewing policy exceptions as feedback, and investigating these from the perspective of identifying and correcting misalignment, security leaders can enroll employees as the willing participants in the solution—rather than contributors to the problem.
Security leaders know, by and large, what we need to do to secure our organizations. We have frameworks with pages of controls. We have risk registers with lists of action items. Where we often struggle is translating this knowledge into action. To do that, we must see our efforts within the strategic context of executive leaders and the tactical reality of the line managers in our organization. We must personalize and prioritize our efforts around what matters to the people we collaborate with. It is through engaging people that our security programs become human-centric and, in turn, become more resilient.
Where do we start? With relationships. Good relationships lead to good security programs, and good security programs lead to great relationships. And all of these contribute to security resilience.
Download the Security Outcomes Report, Vol. 3: Achieving Security Resilience today.
Explore more original research and blogs like this:
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Cisco Live is the premier destination for Cisco customers and partners to gain knowledge and build community. Our teams work hard to deliver education and inspiration, ignite creativity, deliver practical know-how, and accelerate the connections that fuel your digital future.
The Cisco Secure team is excited to share our expertise to help power the strategies – and safety – of your organization.
In 2023, the threat landscape will evolve to one that sees attacks on every surface, from criminals who are opportunistic, yet laser-focused on their goal. The attacks themselves could be email-borne, directly targeted, socially based, or a mix of all three.
Criminals will target vulnerabilities, operational deficiencies, suppliers, and business partners, as a means of accomplishing their goals. They will use the target’s own environment and take advantage of existing people and technology problems, including alert fatigue and staffing shortages.
To face this reality and address the needs of organizations both large and small, Cisco will continue to focus on education and innovation in the areas of preventing insider threats, providing consistent and informed alerts, enabling actionable intelligence, and delivering solutions to implement a zero-trust security framework.
As the organization that pioneered networking, we are driven to secure every connection, providing end-to-end protection for users and devices across multiple clouds and networks with a seamless experience.
As our vision for the integrated Cisco Security Cloud evolves, we’re continuing to challenge existing models and unify security and networking, with foundational elements that execute on this vision. From verified push – which protects organizations from MFA-focused phishing attacks – to Wi-Fi Fingerprint, and Remembered Devices, the performance enhancements with Enterprise Single Sign-on and Cisco+ Secure Connect, we continue to meet our customers where they are, offering true zero trust, with frictionless experiences for the hybrid workforce.
We’re excited to celebrate the following innovations and updates announced at Cisco Live EMEA:
Finding the balance between usability and security is now easier than ever. With Risk-Based Authentication, users have the access they need, secured by real-time contextual signals. Organizations can increase security efficacy by dynamically adjusting authentication requirements based on risk levels and by enabling safer end-user behavior. Risk-based authentication now includes wi-fi fingerprint, remembered device, and verified push features, which work together to reduce risk while preserving user experience by only requesting additional interaction for suspicious logins or a change in risk.
Our Enterprise Ready Single Sign-on expands Duo SSO with three new capabilities to easily connect single sign-on to modern apps and empower end users. By adding major protocol support, improved admin tooling, and SSO on demand password resets, organizations enable easier and more secure access from anywhere.
Cisco SD-WAN customers can now enjoy all the benefits of a turnkey, single-vendor SASE solution that brings together industry-leading networking with security: Cisco+ Secure Connect. This new integration gives Cisco SD-WAN (powered by Viptela) customers fast, secure private application and internet access, enabling them to deliver a secure experience, anywhere work happens.
We are also announcing the introduction of industry-first Business Risk Observability, an enhancement of our Full-Stack Observability application security solution. Available through Cisco Secure Application, which is integrated into Cisco AppDynamics, it provides a business risk scoring solution which brings together Kenna Risk Meter score distribution and Business Transactions from Cisco AppDynamics and integrates with Panoptica for API security and Talos for threat intelligence.
The initial findings from our first Cybersecurity Readiness Index reveal that while technology to devices is widely adopted, more progress is needed to protect identity, networks and applications. The report assessed the preparedness of companies around the world to safeguard against cyber threats in the current environment. See our key findings and security readiness trends, with the full report launching in the coming weeks.
As we navigate 2023, we will continue to face uncertainties and challenges. We are fully committed to our customers and partners in the journey to provide security resilience, supporting a frictionless user experience, and solutions threat intelligence that work to continually minimize risk.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Congratulations to security advocate Luigi Vassallo, Chief Operating Officer and Chief Technology Officer of Sara Assicurazioni Insurance, an innovative Italian cloud-first insurance firm.
In the last two years, cybersecurity has advanced and can feel like a one-two punch to those who are not prepared. But what does that preparation look like? For Luigi Vassallo, it was more than just tackling cybersecurity defense on his own. Luigi reached out to the Cisco community, offering his knowledge and expertise to help others. This is what stood out to make him our Cybersecurity Defender of the Year in EMEA for the Cisco Global Advocate Awards 2023 EMEA event.
Cisco’s advocacy community, Cisco Insider Advocates, brings our customers together and provides a way for them to make powerful connections, expand their professional and personal networks, and learn from top experts in their field. Luigi personifies the spirit of Insider Advocates by sharing freely within the community.
One may wonder where Luigi finds the time or energy to participate in the community. Luigi finds immeasurable energy by training as a kickboxer and as an avid cyclist. This energy transforms into a philosophy of helping others. As Luigi says, it is about being “the best version of yourself.”
Luigi sums up his approach to cybersecurity this way: “Cybersecurity for me is like boxing: you never know when your opponent will attack, but you have to know in advance how to respond and what you can do.”
Luigi has been featured in a profile piece, as well as a video, where he speaks about his personal goals, as well as his goals for making Sara Assicurazioni as secure as possible with Cisco’s products. Part of his passion comes from being comfortable with the uncertainty of cybersecurity, coupled with the confidence that Cisco is there to help his organization. I’m honored that Sara Assicurazioni has joined forces with Cisco Secure to confidently define zero-trust and XDR strategies that increase security resilience and drive better customer outcomes for them.
When notified of the award, Luigi’s humility and dedication to the community was evident, as he shared, “I feel happy and surprised about this award, as I didn’t expect to win because there were so many good advocates who were nominated with me. I want to thank Cisco for awarding me the Cybersecurity Defender of the Year honor.”
Luigi also credits the Cisco Insider Advocacy program for its ability to connect and grow the cybersecurity community, adding:
“This is also what makes Cisco different from other security vendors; the capacity to recognize the innovation and resilience of its customers. I feel that we are part of the same movement, and we are together in the same fight against cybercriminals. To all other nominees, I want to say thank you for your hard work in cybersecurity and in sharing your good practices with me in the Cisco Insider Advocacy community and now at Cisco Live EMEA.”
We congratulate Luigi, not only for keeping his guard up, but for helping others to do the same by being part of the Cisco Insider Advocacy community.
The Cisco Global Advocate Awards celebrates Cisco’s passionate and innovative customer advocates who go above and beyond in demonstrating thought leadership and supporting Cisco through success stories, speaking engagements, product reviews, and so much more.
We’re planning three exclusive events that will coincide with Cisco Live conferences in Amsterdam, Las Vegas, and Melbourne in 2023. We hope you’ll join us as we recognize our customer advocates by region for actively supporting Cisco. You won’t want to miss it.
To learn more, and to become a member, please visit us here.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Cisco is honored to be this year’s winner of the Best Next Generation Firewall Award in the SE Labs 2023 Annual Report. This industry recognition validates Cisco’s continuous push towards harmonizing network, workload, and application security across hybrid and multicloud environments. I’m incredibly proud of the Cisco Secure Firewall team and am thankful for our amazing customers who continue to trust Cisco and develop their network security around our capabilities.
SE Labs, a cybersecurity testing and evaluation firm, provides impartial and independent assessments of various cybersecurity products and solutions. In their 2023 Annual Report, SE Labs states:
“Our Annual Security Awards recognizes security vendors that notonly do well in our tests, but perform well in the real world withreal customers. These awards are the only in the industry thatrecognize strong lab work combined with practical success.”
SE Labs performs tests on behalf of customers seeking independent proof-of-value assistance, as well as security vendors. At Cisco, we use third-party evaluations from multiple sources, including SE Labs, to augment our internal testing and to drive product improvement.
Winners were determined after months of in-depth testing, based on a combination of continual public testing, private assessments and feedback from corporate clients who use SE Labs to help choose security products and services. The award further validates that our customers can expect superior threat protection and performance with Cisco Secure Firewall.
SE Labs’ reports use the MITRE ATT&CK framework, employing both common “commodity” malware samples and sophisticated, targeted attacks. Their network security testing uses full attack chains to assess the detection and protection abilities of network devices and combinations of network and endpoint solutions. SE Labs publishes its testing methodologies and is BS EN ISO 9001: 2015 certified for The Provision of IT Security Product Testing.
As a worldwide leader in networking and security, Cisco is better positioned than any other security vendor to incorporate effective firewall controls into our customers’ infrastructure — anywhere data and applications reside. We offer a comprehensive threat defense with industry-leading Snort 3 IPS to protect users, applications, and data from continuously evolving threats. Our solutions also leverage machine learning and advanced threat intelligence from Cisco Talos, one of the world’s largest commercial threat intelligence teams.
In the constantly evolving world of cybersecurity, it is important to have access to the latest and most advanced technologies to stay ahead of threats. Whether you are an enterprise, government, healthcare, or a service provider organization, Cisco Secure Firewall provides top-ranked security.
When you invest in Cisco Secure Firewall, you are investing in award-winning threat defense with capabilities that are built for the real world. Learn more about SE Labs 2023 Annual Report, Cisco Secure Firewall and how you can refresh your firewall.
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Providing secure access and a frictionless user experience are typically competing initiatives, but they don’t have to be! Read on to learn why.
In our world today, context changes quickly. We work from home, coffee shops and the office. We use multiple devices to do work. And on the flip side, attackers are becoming increasingly savvy, getting around security controls, such as multi-factor authentication (MFA), to gain unauthorized access.
To quote Wendy Nather, Cisco’s head of Advisory CISOs, “Trust is neither binary nor permanent.” Therefore, security controls must constantly evaluate for change in trust, but without adding unnecessary friction for end-users.
It’s no surprise that the recently published Cybersecurity Readiness Index, a survey of 6,700 cybersecurity leaders from across the globe, revealed that more progress is needed to protect identity, networks and applications.
To address these challenges and to make zero trust access for the workforce easy and frictionless, Cisco Duo announced the general availability of Risk-Based Authentication and enhancements to our enterprise ready Single Sign-On solution at Cisco Live EMEA 2023 earlier this week.
Risk-Based Authentication fulfills the zero trust philosophy of continuous trust verification by assessing the risk level for each access attempt in a manner that is frictionless to users. A higher level of authentication is required only when there is an increase in assessed risk. Duo dynamically detects risk and automatically steps up authentication with two key policies:
The Risk-Based Factor Selection policy detects and analyzes authentication requests and adaptively enforces the most secure factors. It highlights risk and adapts its understanding of normal user behavior. It does this by looking for known attack patterns and anomalies and then allowing only the more secure authentication methods to gain access.
For example, Duo can detect if an organization or employee is being targeted for a push bombing attack or if the authentication device and access device are in two different countries, and Duo responds by automatically elevating the authentication request to a more secure factor such as phishing resistant FIDO2 security keys or Verified Duo Push.
The Risk-Based Remembered Devices policy establishes a trusted device session (like “remember this computer” check box), automatically without asking the user the check a box, during a successful authentication. Once the session is established, Duo looks for anomalous IP addresses or changes to a device throughout the lifetime of the trusted session and requires re-authentication only if it observes a change from historical baselines.
The policy also incorporates a Wi-Fi Fingerprint provided by Duo Device Health app to ensure that IP address changes reflect actual changes in location and not normal usage scenarios such as a user establishing an organizational VPN (Virtual Private Network) session.
Duo uses anonymized Wi-Fi Fingerprint to reliably detect whether the access device is in the same location as it was for previous authentications by comparing the Wi-Fi networks that are “visible” to the access device. Further, Duo preserves user privacy and does not track user location or collect any private information. Wi-Fi Fingerprint only lets Duo know if a user has changed location.
A typical organization uses over 250 applications. Single sign-on (SSO) solutions help employees access multiple applications with a single set of credentials and allow administrators to enforce granular policies for application access from a single console. Integrated with MFA or passwordless authentication, SSO serves as a critical access management tool for organizations that want to implement zero trust access to corporate applications.
Duo SSO is already popular among Duo’s customers. Now, we are adding two new capabilities that cater to modern enterprises:
An increasing number of applications use OIDC for authentication. It is a modern authentication protocol that lets application and website developers authenticate users without storing and managing other people’s passwords, which is both difficult and risky. To date, Duo SSO has supported SAML web applications. Supporting OIDC allows us to protect more of the applications that our customers are adopting as we all move towards a mobile-first world and integrate stronger and modern authentication methods.
Password resets are expensive for organizations. It is estimated that 20-50% of IT helpdesk tickets are for password resets. And according to a report by Ponemon Institute, large enterprises experience an average loss of $5.2 million a year in user productivity due to password resets.
When logging into browser-based applications, Duo SSO already allows users to reset passwords when they have expired in the same login workflow. And we heard from our customers that users want the option to proactively reset passwords. Now, Duo SSO offers the convenience to reset their Active Directly passwords before they expire. This capability further increases user productivity and reduces IT helpdesk tickets.
Risk-Based Authentication and enhancements to Duo SSO are available now to all paying customers based on their Duo Edition. If you are not yet a Duo customer, sign up for a free 30-day trial and try out these new capabilities today!
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple issued (and then quickly pulled) an emergency update to fix a zero-day vulnerability that is being exploited on MacOS and iOS devices.
On July 10, Apple pushed a “Rapid Security Response” update to fix a code execution flaw in the Webkit browser component built into iOS, iPadOS, and macOS Ventura. Almost as soon as the patch went out, Apple pulled the software because it was reportedly causing problems loading certain websites. MacRumors says Apple will likely re-release the patches when the glitches have been addressed.
Launched in May, Apple’s Rapid Security Response updates are designed to address time-sensitive vulnerabilities, and this is the second month Apple has used it. July marks the sixth month this year that Apple has released updates for zero-day vulnerabilities — those that get exploited by malware or malcontents before there is an official patch available.
If you rely on Apple devices and don’t have automatic updates enabled, please take a moment to check the patch status of your various iDevices. The latest security update that includes the fix for the zero-day bug should be available in iOS/iPadOS 16.5.1, macOS 13.4.1, and Safari 16.5.2.
On the Windows side, there are at least four vulnerabilities patched this month that earned high CVSS (badness) scores and that are already being exploited in active attacks, according to Microsoft. They include CVE-2023-32049, which is a hole in Windows SmartScreen that lets malware bypass security warning prompts; and CVE-2023-35311 allows attackers to bypass security features in Microsoft Outlook.
The two other zero-day threats this month for Windows are both privilege escalation flaws. CVE-2023-32046 affects a core Windows component called MSHTML, which is used by Windows and other applications, like Office, Outlook and Skype. CVE-2023-36874 is an elevation of privilege bug in the Windows Error Reporting Service.
Many security experts expected Microsoft to address a fifth zero-day flaw — CVE-2023-36884 — a remote code execution weakness in Office and Windows.
“Surprisingly, there is no patch yet for one of the five zero-day vulnerabilities,” said Adam Barnett, lead software engineer at Rapid7. “Microsoft is actively investigating publicly disclosed vulnerability, and promises to update the advisory as soon as further guidance is available.”
Barnett notes that Microsoft links exploitation of this vulnerability with Storm-0978, the software giant’s name for a cybercriminal group based out of Russia that is identified by the broader security community as RomCom.
“Exploitation of CVE-2023-36884 may lead to installation of the eponymous RomCom trojan or other malware,” Barnett said. “[Microsoft] suggests that RomCom / Storm-0978 is operating in support of Russian intelligence operations. The same threat actor has also been associated with ransomware attacks targeting a wide array of victims.”
Microsoft’s advisory on CVE-2023-36884 is pretty sparse, but it does include a Windows registry hack that should help mitigate attacks on this vulnerability. Microsoft has also published a blog post about phishing campaigns tied to Storm-0978 and to the exploitation of this flaw.
Barnett said it’s while it’s possible that a patch will be issued as part of next month’s Patch Tuesday, Microsoft Office is deployed just about everywhere, and this threat actor is making waves.
“Admins should be ready for an out-of-cycle security update for CVE-2023-36884,” he said.
Microsoft also today released new details about how it plans to address the existential threat of malware that is cryptographically signed by…wait for it….Microsoft.
In late 2022, security experts at Sophos, Trend Micro and Cisco warned that ransomware criminals were using signed, malicious drivers in an attempt to evade antivirus and endpoint detection and response (EDR) tools.
In a blog post today, Sophos’s Andrew Brandt wrote that Sophos identified 133 malicious Windows driver files that were digitally signed since April 2021, and found 100 of those were actually signed by Microsoft. Microsoft said today it is taking steps to ensure those malicious driver files can no longer run on Windows computers.
As KrebsOnSecurity noted in last month’s story on malware signing-as-a-service, code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software.
Dan Goodin at Ars Technica contends that whatever Microsoft may be doing to keep maliciously signed drivers from running on Windows is being bypassed by hackers using open source software that is popular with video game cheaters.
“The software comes in the form of two software tools that are available on GitHub,” Goodin explained. “Cheaters use them to digitally sign malicious system drivers so they can modify video games in ways that give the player an unfair advantage. The drivers clear the considerable hurdle required for the cheat code to run inside the Windows kernel, the fortified layer of the operating system reserved for the most critical and sensitive functions.”
Meanwhile, researchers at Cisco’s Talos security team found multiple Chinese-speaking threat groups have repurposed the tools—one apparently called “HookSignTool” and the other “FuckCertVerifyTimeValidity.”
“Instead of using the kernel access for cheating, the threat actors use it to give their malware capabilities it wouldn’t otherwise have,” Goodin said.
For a closer look at the patches released by Microsoft today, check out the always-thorough Patch Tuesday roundup from the SANS Internet Storm Center. And it’s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: AskWoody.com usually has the lowdown on any patches that may be causing problems for Windows users.
And as ever, please consider backing up your system or at least your important documents and data before applying system updates. If you encounter any problems with these updates, please drop a note about it here in the comments.
In large metropolitan areas, tourists are often easy to spot because they’re far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like data theft and ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior.
In a blog post published last month, Cisco Talos said it was seeing a worrisome “increase in the rate of high-sophistication attacks on network infrastructure.” Cisco’s warning comes amid a flurry of successful data ransom and state-sponsored cyber espionage attacks targeting some of the most well-defended networks on the planet.
But despite their increasing complexity, a great many initial intrusions that lead to data theft could be nipped in the bud if more organizations started looking for the telltale signs of newly-arrived cybercriminals behaving like network tourists, Cisco says.
“One of the most important things to talk about here is that in each of the cases we’ve seen, the threat actors are taking the type of ‘first steps’ that someone who wants to understand (and control) your environment would take,” Cisco’s Hazel Burton wrote. “Examples we have observed include threat actors performing a ‘show config,’ ‘show interface,’ ‘show route,’ ‘show arp table’ and a ‘show CDP neighbor.’ All these actions give the attackers a picture of a router’s perspective of the network, and an understanding of what foothold they have.”
Cisco’s alert concerned espionage attacks from China and Russia that abused vulnerabilities in aging, end-of-life network routers. But at a very important level, it doesn’t matter how or why the attackers got that initial foothold on your network.
It might be zero-day vulnerabilities in your network firewall or file-transfer appliance. Your more immediate and primary concern has to be: How quickly can you detect and detach that initial foothold?
The same tourist behavior that Cisco described attackers exhibiting vis-a-vis older routers is also incredibly common early on in ransomware and data ransom attacks — which often unfurl in secret over days or weeks as attackers methodically identify and compromise a victim’s key network assets.
These virtual hostage situations usually begin with the intruders purchasing access to the target’s network from dark web brokers who resell access to stolen credentials and compromised computers. As a result, when those stolen resources first get used by would-be data thieves, almost invariably the attackers will run a series of basic commands asking the local system to confirm exactly who and where they are on the victim’s network.
This fundamental reality about modern cyberattacks — that cybercriminals almost always orient themselves by “looking up” who and where they are upon entering a foreign network for the first time — forms the business model of an innovative security company called Thinkst, which gives away easy-to-use tripwires or “canaries” that can fire off an alert whenever all sorts of suspicious activity is witnessed.
“Many people have pointed out that there are a handful of commands that are overwhelmingly run by attackers on compromised hosts (and seldom ever by regular users/usage),” the Thinkst website explains. “Reliably alerting when a user on your code-sign server runs whoami.exe can mean the difference between catching a compromise in week-1 (before the attackers dig in) and learning about the attack on CNN.”
These canaries — or “canary tokens” — are meant to be embedded inside regular files, acting much like a web beacon or web bug that tracks when someone opens an email.
The Canary Tokens website from Thinkst Canary lists nearly two-dozen free customizable canaries.
“Imagine doing that, but for file reads, database queries, process executions or patterns in log files,” the Canary Tokens documentation explains. “Canarytokens does all this and more, letting you implant traps in your production systems rather than setting up separate honeypots.”
Thinkst operates alongside a burgeoning industry offering so-called “deception” or “honeypot” services — those designed to confuse, disrupt and entangle network intruders. But in an interview with KrebsOnSecurity, Thinkst founder and CEO Haroon Meer said most deception techniques involve some degree of hubris.
“Meaning, you’ll have deception teams in your network playing spy versus spy with people trying to break in, and it becomes this whole counterintelligence thing,” Meer said. “Nobody really has time for that. Instead, we are saying literally the opposite: That you’ve probably got all these [security improvement] projects that are going to take forever. But while you’re doing all that, just drop these 10 canaries, because everything else is going to take a long time to do.”
The idea here is to lay traps in sensitive areas of your network or web applications where few authorized users should ever trod. Importantly, the canary tokens themselves are useless to an attacker. For example, that AWS canary token sure looks like the digital keys to your cloud, but the token itself offers no access. It’s just a lure for the bad guys, and you get an alert when and if it is ever touched.
One nice thing about canary tokens is that Thinkst gives them away for free. Head over to canarytokens.org, and choose from a drop-down menu of available tokens, including:
-a web bug / URL token, designed to alert when a particular URL is visited;
-a DNS token, which alerts when a hostname is requested;
-an AWS token, which alerts when a specific Amazon Web Services key is used;
-a “custom exe” token, to alert when a specific Windows executable file or DLL is run;
-a “sensitive command” token, to alert when a suspicious Windows command is run.
-a Microsoft Excel/Word token, which alerts when a specific Excel or Word file is accessed.
Much like a “wet paint” sign often encourages people to touch a freshly painted surface anyway, attackers often can’t help themselves when they enter a foreign network and stumble upon what appear to be key digital assets, Meer says.
“If an attacker lands on your server and finds a key to your cloud environment, it’s really hard for them not to try it once,” Meer said. “Also, when these sorts of actors do land in a network, they have to orient themselves, and while doing that they are going to trip canaries.”
Meer says canary tokens are as likely to trip up attackers as they are “red teams,” security experts hired or employed by companies seeking to continuously probe their own computer systems and networks for security weaknesses.
“The concept and use of canary tokens has made me very hesitant to use credentials gained during an engagement, versus finding alternative means to an end goal,” wrote Shubham Shah, a penetration tester and co-founder of the security firm Assetnote. “If the aim is to increase the time taken for attackers, canary tokens work well.”
Thinkst makes money by selling Canary Tools, which are honeypots that emulate full blown systems like Windows servers or IBM mainframes. They deploy in minutes and include a personalized, private Canarytoken server.
“If you’ve got a sophisticated defense team, you can start putting these things in really interesting places,” Meer said. “Everyone says their stuff is simple, but we obsess over it. It’s really got to be so simple that people can’t mess it up. And if it works, it’s the best bang for your security buck you’re going to get.”
Further reading:
Dark Reading: Credential Canaries Create Minefield for Attackers
NCC Group: Extending a Thinkst Canary to Become an Interactive Honeypot
Cruise Automation’s experience deploying canary tokens
FreshRSS