FreshRSS

🔒
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

Drive Your Cybersecurity Platform Transformation: Lead the Way With SSE

By Bill Mabon

By shifting from point-solutions to a cybersecurity platform approach, IT and security teams significantly improve their efficiency and security outcomes. Security Service Edge (SSE) projects are… Read more on Cisco Blogs

Network Resilience: Accelerating Efforts to Protect Critical Infrastructure

By Matt Fussa

As head of the Cisco Trust Office, Matt Fussa leads a global team that partners with government agencies, regulators, and customers to help shape cybersecurity regulation and manage cyber risk. He is… Read more on Cisco Blogs

Domain Name Industry Brief Quarterly Report: DNIB.com Announces 359.8 Million Domain Name Registrations in the Fourth Quarter of 2023

By Verisign

Today, the latest issue of The Domain Name Industry Brief Quarterly Report was released by DNIB.com, showing the fourth quarter of 2023 closed with 359.8 million domain name registrations across all top-level domains (TLDs), an increase of 0.6 million domain name registrations, or 0.2%, compared to the third quarter of 2023. Domain name registrations also increased by 8.9 million, or 2.5%, year over year.

Check out the latest issue of The Domain Name Industry Brief Quarterly Report to see domain name stats from the fourth quarter of 2023, including:

  • Top 10 largest TLDs by number of reported domain names
  • Top 10 largest ccTLDs by number of reported domain names
  • ngTLDs as percentage of total TLDs
  • Geographical ngTLDs as percentage of total corresponding geographical TLDs

DNIB.com and The Domain Name Industry Brief Quarterly Report are sponsored by Verisign. To see past issues of the quarterly report, interactive dashboards and learn about DNIB.com’s statistical methodology, please visit DNIB.com.

The post Domain Name Industry Brief Quarterly Report: DNIB.com Announces 359.8 Million Domain Name Registrations in the Fourth Quarter of 2023 appeared first on Verisign Blog.

Verisign Provides Open Source Implementation of Merkle Tree Ladder Mode

By Burt Kaliski
A digital blue tree on a gradient blue background.

The quantum computing era is coming, and it will change everything about how the world connects online. While quantum computing will yield tremendous benefits, it will also create new risks, so it’s essential that we prepare our critical internet infrastructure for what’s to come. That’s why we’re so pleased to share our latest efforts in this area, including technology that we’re making available as an open source implementation to help internet operators worldwide prepare.

In recent years, the research team here at Verisign has been focused on a future where quantum computing is a reality, and where the general best practices and guidelines of traditional cryptography are re-imagined. As part of that work, we’ve made three further contributions to help the DNS community prepare for these changes:

  • an open source implementation of our Internet-Draft (I-D) on Merkle Tree Ladder (MTL) mode;
  • a new I-D on using MTL mode signatures with DNS Security Extensions (DNSSEC); and
  • an expansion of our previously announced public license terms to include royalty-free terms for implementing and using MTL mode if the I-Ds are published as Experimental, Informational, or Standards Track Requests for Comments (RFCs). (See the MTL mode I-D IPR declaration and the MTL mode for DNSSEC I-D IPR declaration for the official language.)

About MTL Mode

First, a brief refresher on what MTL mode is and what it accomplishes:

MTL mode is a technique developed by Verisign researchers that can reduce the operational impact of a signature scheme when authenticating an evolving series of messages. Rather than signing messages individually, MTL mode signs structures called Merkle tree ladders that are derived from the messages to be authenticated. Individual messages are authenticated relative to a ladder using a Merkle tree authentication path, while ladders are authenticated relative to a public key of an underlying signature scheme using a digital signature. The size and computational cost of the underlying digital signatures can therefore be spread across multiple messages.

The reduction in operational impact achieved by MTL mode can be particularly beneficial when the mode is applied to a signature scheme that has a large signature size or computational cost in specific use cases, such as when post-quantum signature schemes are applied to DNSSEC.

Recently, Verisign Fellow Duane Wessels described how Verisign’s DNSSEC algorithm update — from RSA/SHA-256 (Algorithm 8) to ECDSA Curve P-256 with SHA-256 (Algorithm 13) — increases the security strength of DNSSEC signatures and reduces their size impact. The present update is a logical next step in the evolution of DNSSEC resiliency. In the future, it is possible that DNSSEC may utilize a post-quantum signature scheme. Among the new post-quantum signature schemes currently being standardized, though, there is a shortcoming; if we were to directly apply these schemes to DNSSEC, it would significantly increase the size of the signatures1. With our work on MTL mode, the researchers at Verisign have provided a way to achieve the security benefit of a post-quantum algorithm rollover in a way that mitigates the size impact.

Put simply, this means that in a quantum environment, the MTL mode of operation developed by Verisign will enable internet infrastructure operators to use the longer signatures they will need to protect communications from quantum attacks, while still supporting the speed and space efficiency we’ve come to expect.

For more background information on MTL mode and how it works, see my July 2023 blog post, the MTL mode I-D, or the research paper, “Merkle Tree Ladder Mode: Reducing the Size Impact of NIST PQC Signature Algorithms in Practice.”

Recent Standardization Efforts

In my July 2023 blog post titled “Next Steps in Preparing for Post-Quantum DNSSEC,” I described two recent contributions by Verisign to help the DNS community prepare for a post-quantum world: the MTL mode I-D and a public, royalty-free license to certain intellectual property related to that I-D. These activities set the stage for the latest contributions I’m announcing in this post today.

Our Latest Contributions

  • Open source implementation. Like the I-D we published in July of this year, the open source implementation focuses on applying MTL mode to the SPHINCS+ signature scheme currently being standardized in FIPS 205 as SLH-DSA (Stateless Hash-Based Digital Signature Algorithm) by the National Institute of Standards and Technology (NIST). We chose SPHINCS+ because it is the most conservative of NIST’s post-quantum signature algorithms from a cryptographic perspective, being hash-based and stateless. We remain open to adding other post-quantum signature schemes to the I-D and to the open source implementation.
    We encourage developers to try out the open source implementation of MTL mode, which we introduced at the IETF 118 Hackathon, as the community’s experience will help improve the understanding of MTL mode and its applications, and thereby facilitate its standardization. We are interested in feedback both on whether MTL mode is effective in reducing the size impact of post-quantum signatures on DNSSEC and other use cases, and on the open source implementation itself. We are particularly interested in the community’s input on what language bindings would be useful and on which cryptographic libraries we should support initially. The open source implementation can be found on GitHub at: https://github.com/verisign/MTL
  • MTL mode for DNSSEC I-D. This specification describes how to use MTL mode signatures with DNSSEC, including DNSKEY and RRSIG record formats. The I-D also provides initial guidance for DNSSEC key creation, signature generation, and signature verification in MTL mode. We consider the I-D as an example of the kinds of contributions that can help to address the “Research Agenda for a Post-Quantum DNSSEC,” the subject of another I-D recently co-authored by Verisign. We expect to continue to update this I-D based on community feedback. While our primary focus is on the DNSSEC use case, we are also open to collaborating on other applications of MTL mode.
  • Expanded patent license. Verisign previously announced a public, royalty-free license to certain intellectual property related to the MTL mode I-D that we published in July 2023. With the availability of the open source implementation and the MTL mode for DNSSEC specification, the company has expanded its public license terms to include royalty-free terms for implementing and using MTL mode if the I-D is published as an Experimental, Informational, or Standards Track RFC. In addition, the company has made a similar license grant for the use of MTL mode with DNSSEC. See the MTL mode I-D IPR declaration and the MTL mode for DNSSEC I-D IPR declaration for the official language.

Verisign is grateful for the DNS community’s interest in this area, and we are pleased to serve as stewards of the internet when it comes to developing new technology that can help the internet grow and thrive. Our work on MTL mode is one of the longer-term efforts supporting our mission to enhance the security, stability, and resiliency of the global DNS. We’re encouraged by the progress that has been achieved, and we look forward to further collaborations as we prepare for a post-quantum future.

Footnotes

  1. While it’s possible that other post-quantum algorithms could be standardized that don’t have large signatures, they wouldn’t have been studied for as long. Indeed, our preferred approach for long-term resilience of DNSSEC is to use the most conservative of the post-quantum signature algorithms, which also happens to have the largest signatures. By making that choice practical, we’ll have a solution in place whether or not a post-quantum algorithm with a smaller signature size is eventually available. ↩

The post Verisign Provides Open Source Implementation of Merkle Tree Ladder Mode appeared first on Verisign Blog.

Verisign Celebrates Hispanic Heritage Month

By Ellen Petrocci
Photographs of three Hispanic Verisign employees on a dark purple background.

Celebrating National Hispanic Heritage Month reminds us how the wide range of perspectives and experiences among our employees makes us stronger both as a company and as a steward of the internet. In honor of this month, we are proud to recognize the stories of three of our Hispanic employees, and the positive impact they make at Verisign.

Carlos Ruesta

As Verisign’s director of information security, Carlos Ruesta draws inspiration from his father’s community commitment as an agricultural engineer in Peru, working to bring safe food and water to isolated communities. His father’s experiences inform Carlos’ belief in Verisign’s mission of enabling the world to connect online with reliability and confidence, anytime, anywhere and motivates his work as part of a team that ensures trust.

As a leader in our security compliance division, Carlos ensures that his team maintains a robust governance, risk, and compliance framework, translating applicable laws and regulations into security control requirements. “Being part of a team that emphasizes trust, motivates me,” he said. “Management trusts me to make decisions affecting large-scale projects that protect our company. This allows me to use my problem-solving skills and leadership abilities.”

Carlos commends Verisign’s respectful and encouraging environment, which he considers vital in cultivating successful career paths for newcomers navigating the cybersecurity field. He says by recognizing individual contributions and supporting each other’s professional growth, Hispanic employees at Verisign feel a sense of belonging in the workplace and are able to excel in their career journeys.

Alejandro Gonzalez Roman

Alejandro Gonzalez Roman, a senior UX designer at Verisign, combines his artistic talent with technical expertise in his role, collaborating among various departments across Verisign. “My dad is an artist, and still one of my biggest role models,” he said. “He taught me that to be good at anything means to dedicate a lot of time to perfecting your craft. I see art as a way to inspire people to make the world a better place. In my job as a UX designer, I use art to make life a little easier for people.”

As a UX designer, Alejandro strives to make technology accessible to everyone, regardless of background or abilities. He believes that life experiences and cultural knowledge provide individuals with a unique perspective, which he considers an invaluable source of inspiration when designing. And with the Hispanic population being one of the largest minorities in the United States, cultural knowledge is crucial. Understanding how different people interact with technology and integrating cultural insights into the work is essential to good UX design.

Overall, Alejandro is motivated by the strong sense of teamwork at Verisign. “Day-to-day work with our strong team has helped me improve my work” he said. “With collaboration and encouragement, we push each other to be better UX designers. I couldn’t succeed as I have without this amazing team around me.”

Rebecca Bustamante

Rebecca Bustamante, senior manager of operations analysis, says Verisign’s “people-first” culture is part of her motivation, and she is grateful for the opportunities that allowed her to take on different roles within the company to learn and broaden her skills. “I’ve had opportunities because people believed in my potential and saw my work ethic,” she said. “These experiences have given me the understanding and skills to succeed at the job I have today.”

One of these experiences was joining the WIT@Verisign (Women in Technology) leadership team, which proved instrumental to her personal growth and led to valuable work friendships. In fact, one of her most cherished memories at Verisign includes leading a Verisign Cares team project in Virginia’s Great Falls Park, where she and her coworkers worked together to clear invasive plants and renovate walking paths.

Rebecca sees this type of camaraderie among employees as a crucial part of the people-first culture at Verisign. She particularly commends Verisign’s team leaders who value consistent communication and take the time to listen to people’s stories, which fosters an authentic understanding. This approach makes collaboration more natural and allows teamwork to develop organically. Rebecca emphasizes the significance of celebrating her culture, as it directly influences her job performance and effective communication. But she pointed out that the term “Hispanic” encompasses a wide diversity of peoples and nations. She advocates respect, practices active listening, and promotes a culture celebrating each other’s successes.

Joining the Verisign Team

These three individuals – as well as their many team members – contribute to Verisign’s efforts to enable and enhance the security, stability, and resiliency of key internet infrastructure every single day.

At Verisign, we recognize the importance of talent and culture in driving an environment that fosters high performance, inclusion, and integrity in all aspects of our work. It’s why recruiting and retaining the very best talent is our continual focus. If you would like to be part of the Verisign Team, please visit Verisign Careers.

The post Verisign Celebrates Hispanic Heritage Month appeared first on Verisign Blog.

Verisign Will Help Strengthen Security with DNSSEC Algorithm Update

By Duane Wessels
abstract blue data stream on black background

As part of Verisign’s ongoing effort to make global internet infrastructure more secure, stable, and resilient, we will soon make an important technology update to how we protect the top-level domains (TLDs) we operate. The vast majority of internet users won’t notice any difference, but the update will support enhanced security for several Verisign-operated TLDs and pave the way for broader adoption and the next era of Domain Name System (DNS) security measures.

Beginning in the next few months and continuing through the end of 2023, we will upgrade the algorithm we use to sign domain names in the .com, .net, and .edu zones with Domain Name System Security Extensions (DNSSEC).

In this blog, we’ll outline the details of the upcoming change and what members of the DNS technical community need to know.

DNSSEC Adoption

DNSSEC provides data authentication security to DNS responses. It does this by ensuring any altered data can be detected and blocked, thereby preserving the integrity of DNS data. Think of it as a chain of trust – one that helps avoid misdirection and allows users to trust that they have gotten to their intended online destination safely and securely.

Verisign has long been at the forefront of DNSSEC adoption. In 2010, a major milestone occurred when the Internet Corporation for Assigned Names and Numbers (ICANN) and Verisign signed the DNS root zone with DNSSEC. Shortly after, Verisign introduced DNSSEC to its TLDs, beginning with .edu in mid-2010, .net in late 2010, and .com in early 2011. Additional TLDs operated by Verisign were subsequently signed as well.

In the time since we signed our TLDs, we have worked continuously to help members of the internet ecosystem take advantage of DNSSEC. We do this through a wide range of activities, including publishing technical resources, leading educational sessions, and advocating for DNSSEC adoption in industry and technical forums.

Growth Over Time

Since the TLDs were first signed, we have observed two very distinct phases of growth in the number of signed second-level domains (SLDs).

The first growth phase occurred from 2012 to 2020. During that time, signed domains in the .com zone grew at about 0.1% of the base per year on average, reaching just over 1% by the end of 2020. In the .net zone, signed domains grew at about 0.1% of the base per year on average, reaching 1.2% by the end of 2020. These numbers demonstrated a slow but steady increase, which can be seen in Figure 1.

Line graph of the percent of .com and .net domain names with Delegation Signer (DS) records where the percent rises from 2010 through 2023.

Figure 1: A chart spanning 2010 through the present shows the number of .com and .net domain names with DS – or Delegation Signer – records. These records form a link in the DNSSEC chain-of-trust for signed domains, indicating an uptick in DNSSEC adoption among SLDs.

We’ve observed more pronounced growth in signed SLDs during the second growth phase, which began in 2020. This is largely due to a single registrar that enabled DNSSEC by default for their new registrations. For .com, the annual rate increased to 0.9% of the base, and for .net, it increased to 1.1% of the base. Currently, 4.2% of .com domains are signed and 5.1% of .net domains are signed. This accelerated growth is also visible in Figure 1.

As we look forward, Verisign anticipates continued growth in the number of domains signed with DNSSEC. To support continued adoption and help further secure the DNS, we’re planning to make one very important change.

Rolling the Algorithm

All Verisign TLDs are currently signed with DNSSEC algorithm 8, also known as RSA/SHA-256, as documented in our DNSSEC Practice Statements. Currently, we use a 2048-bit Key Signing Key (KSK), and 1280-bit Zone Signing Keys (ZSK). The RSA algorithm has served us (and the broader internet) well for many years, but we wanted to take the opportunity to implement more robust security measures while also making more efficient use of resources that support DNSSEC-signed domain names.

We are planning to transition to the Elliptic Curve Digital Signature Algorithm (ECDSA), specifically Curve P-256 with SHA-256, or algorithm number 13, which allows for smaller signatures and improved cryptographic strength. This smaller signature size has a secondary benefit, as well: any potential DDoS attacks will have less amplification as a result of the smaller signatures. This could help protect victims from bad actors and cybercriminals.

Support for DNSSEC signing and validation with ECDSA has been well-established by various managed DNS providers, 78 other TLDs, and nearly 10 million signed SLDs. Additionally, research performed by APNIC and NLnet Labs shows that ECDSA support in validating resolvers has increased significantly in recent years.

The Road to Algorithm 13

How did we get to this point? It took a lot of careful preparation and planning, but with internet stewardship at the forefront of our mission, we wanted to protect the DNS with the best technologies available to us. This means taking precise measures in everything we do, and this transition is no exception.

Initial Planning

Algorithm 13 was on our radar for several years before we officially kicked off the implementation process this year. As mentioned previously, the primary motivating properties were the smaller signature size, with each signature being 96 bytes smaller than our current RSA signatures (160 bytes vs. 64 bytes), and the improved cryptographic strength. This helps us plan for the future and prepare for a world where more domain names are signed with DNSSEC.

Testing

Each TLD will first implement the rollover to algorithm 13 in Verisign’s Operational Test & Evaluation (OT&E) environment prior to implementing the process in production, for a total of two rollovers per TLD. Combined, this will result in six total rollovers across the .com, .net, and .edu TLDs. Rollovers between the individual TLDs will be spaced out to avoid overlap where possible.

The algorithm rollover for each TLD will follow this sequence of events:

  1. Publish algorithm 13 ZSK signatures alongside algorithm 8 ZSK signatures
  2. Publish algorithm 13 DNSKEY records alongside algorithm 8 DNSKEY records
  3. Publish the algorithm 13 DS record in the root zone and stop publishing the algorithm 8 DS record
  4. Stop publishing algorithm 8 DNSKEY records
  5. Stop publishing algorithm 8 ZSK signatures

Only when a successful rollover has been done in OT&E will we begin the process in production.

Who is affected, and when is the change happening?

Now that we’ve given the background, we know you’re wondering: how might this affect me?

The change to a new DNSSEC-signing algorithm is expected to have no impact for the vast majority of internet users, service providers, and domain registrants. According to the aforementioned research by APNIC and NLnet Labs, most DNSSEC validators support ECDSA, and any that do not will simply ignore the signatures and still be able to resolve domains in Verisign-operated TLDs.

Regarding timing, we plan to begin to transition to ECDSA in the third and fourth quarters of this year. We will start the transition process with .edu, then .net, and then .com. We are currently aiming to have these three TLDs transitioned before the end of the fourth quarter 2023, but we will let the community know if our timeline shifts.

Conclusion

As leaders in DNSSEC adoption, this algorithm rollover demonstrates yet another critical step we are taking toward making the internet more secure, stable, and resilient. We look forward to enabling the change later this year, providing more efficient and stronger cryptographic security while optimizing resource utilization for DNSSEC-signed domain names.

The post Verisign Will Help Strengthen Security with DNSSEC Algorithm Update appeared first on Verisign Blog.

Next Steps in Preparing for Post-Quantum DNSSEC

By Burt Kaliski
binary digits on a gradient blue background

In 2021, we discussed a potential future shift from established public-key algorithms to so-called “post-quantum” algorithms, which may help protect sensitive information after the advent of quantum computers. We also shared some of our initial research on how to apply these algorithms to the Domain Name System Security Extensions, or DNSSEC. In the time since that blog post, we’ve continued to explore ways to address the potential operational impact of post-quantum algorithms on DNSSEC, while also closely tracking industry research and advances in this area.

Now, significant activities are underway that are setting the timeline for the availability and adoption of post-quantum algorithms. Since DNS participants – including registries and registrars – use public key-cryptography in a number of their systems, these systems may all eventually need to be updated to use the new post-quantum algorithms. We also announce two major contributions that Verisign has made in support of standardizing this technology: an Internet-Draft as well as a public, royalty-free license to certain intellectual property related to that Internet-Draft.

In this blog post, we review the changes that are on the horizon and what they mean for the DNS ecosystem, and one way we are proposing to ease the implementation of post-quantum signatures – Merkle Tree Ladder mode.

By taking these actions, we aim to be better prepared (while also helping others prepare) for a future where cryptanalytically relevant quantum computing and post-quantum cryptography become a reality.

Recent Developments

In July 2022, the National Institute of Standards and Technology (NIST) selected one post-quantum encryption algorithm and three post-quantum signature algorithms for standardization, with standards for these algorithms arriving as early as 2024. In line with this work, the Internet Engineering Task Force (IETF) has also started standards development activities on applying post-quantum algorithms to internet protocols in various working groups, including the newly formed Post-Quantum Use in Protocols (PQUIP) working group. And finally, the National Security Agency (NSA) recently announced that National Security Systems are expected to transition to post-quantum algorithms by 2035.

Collectively, these announcements and activities indicate that many organizations are envisioning a (post-)quantum future, across many protocols. Verisign’s main concern continues to be how post-quantum cryptography impacts the DNS, and in particular, how post-quantum signature algorithms impact DNSSEC.

DNSSEC Considerations

The standards being developed in the next few years are likely to be the ones deployed when the post-quantum transition eventually takes place, so now is the time to take operational requirements for specific protocols into account.

For DNSSEC, the operational concerns are twofold.

First, the large signature sizes of current post-quantum signatures selected by NIST would result in DNSSEC responses that exceed the size limits of the User Datagram Protocol, which is broadly deployed in the DNS ecosystem. While the Transmission Control Protocol and other transports are available, the additional overhead of having large post-quantum signatures on every response — which can be one to two orders of magnitude as long as traditional signatures —introduces operational risk to the DNS ecosystem that would be preferable to avoid.

Second, the large signatures would significantly increase memory requirements for resolvers using in-memory caches and authoritative nameservers using in-memory databases.

Bar graph of the size impact of traditional and post-quantum signature size where a zone fully signed with SPHINCS+ would be about 50 times the size of a zone fully signed with ECDSA.
Figure 1: Size impact of traditional and post-quantum signature size impact on a fully signed DNS zone. Horizontal bars show percentage of zone that would be signature for two traditional and two post-quantum algorithms; vertical bars show the percentage increase in the zone size due to signature data.

Figure 1, from Andy Fregly’s recent presentation at OARC 40, shows the impact on a fully signed DNS zone where, on average, there are 2.2 digital signatures per resource record set (covering both existence and non-existence proofs). The horizontal bars show the percentage of the zone file that would be comprised of signature data for the two prevalent current algorithms, RSA and ECDSA, and for the smallest and largest of the NIST PQC algorithms. At the low and high end of these examples, signatures with ECDSA would take up 40% of the zone and SPHINCS+ signatures would take up over 99% of the zone. The vertical bars give the percentage size increase of the zone file due to signatures. Again, comparing the low and high end, a zone fully signed with SPHINCS+ would be about 50 times the size of a zone fully signed with ECDSA.

Merkle Tree Ladder Mode: Reducing Size Impact of Post-Quantum Signatures

In his 1988 article, “The First Ten Years of Public-Key Cryptography,” Whitfield Diffie, co-discoverer of public-key cryptography, commented on the lack of progress in finding public-key encryption algorithms that were as fast as the symmetric-key algorithms of the day: “Theorems or not, it seemed silly to expect that adding a major new criterion to the requirements of a cryptographic system could fail to slow it down.”

Diffie’s counsel also appears relevant to the search for post-quantum algorithms: It would similarly be surprising if adding the “major new criterion” of post-quantum security to the requirements of a digital signature algorithm didn’t impact performance in some way. Signature size may well be the tradeoff for post-quantum security, at least for now.

With this tradeoff in mind, Verisign’s post-quantum research team has explored ways to address the size impact, particularly to DNSSEC, arriving at a construction we call a Merkle Tree Ladder (MTL), a generalization of a single-rooted Merkle tree (see Figure 2). We have also defined a technique that we call the Merkle Tree Ladder mode of operation for using the construction with an underlying signature algorithm.

Diagram showing an example of a Merkle tree ladder.
Figure 2: A Merkle Tree Ladder consists of one or more “rungs” that authenticate or “cover” the leaves of a generalized Merkle tree. In this example, rungs 19:19, 17:18, and 1:16 are the collectively the ancestors of all 19 leaves of the tree and therefore cover them. The values of the nodes are the hash of the values of their children, providing cryptographic protection. A Merkle authentication path consisting of sibling nodes authenticates a leaf node relative to the ladder e.g., leaf node 7 (corresponding to message 7 beneath) can be authenticated relative to rung 1:16 by rehashing it with the sibling nodes along the path 8, 5:6, 1:4 and 9:16. If the verifier already has a previous ladder that covers a message, the verifier can instead rehash relative to that ladder, e.g., leaf node 7 can be verified relative to rung 1:8 using sibling nodes 8, 5:6 and 1:4.

Similar to current deployments of public-key cryptography, MTL mode combines processes with complementary properties to balance performance and other criteria (see Table 1). In particular, in MTL mode, rather than signing individual messages with a post-quantum signature algorithm, ladders comprised of one or more Merkle tree nodes are signed using the post-quantum algorithm. Individual messages are then authenticated relative to the ladders using Merkle authentication paths.

Criterion to Achieve Initial Design with a Single Process Improved Design Combining Complementary Processes Benefit
Public-Key Property for Encryption – Encrypt Individual Messages with Public-Key Algorithm – Establish Symmetric Keys Using Public-Key Algorithm
– Encrypt Multiple Messages Using Each Symmetric Key
– Amortize Cost of Public-Key Operations Across Multiple Messages
Post-Quantum Property for Signatures – Sign Individual Messages with Post-Quantum Algorithm – Sign Merkle Tree Ladders using Post-Quantum Algorithm
– Authenticate Multiple Messages Relative to Each Signed Ladder
– Amortize Size of Post-Quantum Signature Across Multiple Messages
Table 1: Speed concerns for traditional public-key algorithms were addressed by combining them with symmetric-key algorithms (for instance, as outlined in early specifications for Internet Privacy-Enhanced Mail). Size concerns for emerging post-quantum signature algorithms can potentially be addressed by combining them with constructions such as Merkle Tree Ladders.

Although the signatures on the ladders might be relatively large, the ladders and their signatures are sent infrequently. In contrast, the Merkle authentication paths that are sent for each message are relatively short. The combination of the two processes maintains the post-quantum property while amortizing the size impact of the signatures across multiple messages. (Merkle tree constructions, being based on hash functions, are naturally post-quantum.)

The two-part approach for public-key algorithms has worked well in practice. In Transport Layer Security, symmetric keys are established in occasional handshake operations, which may be more expensive. The symmetric keys are then used to encrypt multiple messages within a session without further overhead for key establishment. (They can also be used to start a new session).

We expect that a two-part approach for post-quantum signatures can similarly work well in an application like DNSSEC where verifiers are interested in authenticating a subset of messages from a large, evolving message series (e.g., DNS records).

In such applications, signed Merkle Tree Ladders covering a range of messages in the evolving series can be provided to a verifier occasionally. Verifiers can then authenticate messages relative to the ladders, given just a short Merkle authentication path.

Importantly, due to a property of Merkle authentication paths called backward compatibility, all verifiers can be given the same authentication path relative to the signer’s current ladder. This also helps with deployment in applications such as DNSSEC, since the authentication path can be published in place of a traditional signature. An individual verifier may verify the authentication path as long as the verifier has a previously signed ladder covering the message of interest. If not, then the verifier just needs to get the current ladder.

As reported in our presentation on MTL mode at the RSA Conference Cryptographers’ Track in April 2023, our initial evaluation of the expected frequency of requests for MTL mode signed ladders in DNSSEC is promising, suggesting that a significant reduction in effective signature size impact can be achieved.

Verisign’s Contributions to Standardization

To facilitate more public evaluation of MTL mode, Verisign’s post-quantum research team last week published the Internet-Draft “Merkle Tree Ladder Mode (MTL) Signatures.” The draft provides the first detailed, interoperable specification for applying MTL mode to a signature scheme, with SPHINCS+ as an initial example.

We chose SPHINCS+ because it is the most conservative of the NIST PQC algorithms from a cryptographic perspective, being hash-based and stateless. It is arguably most suited to be one of the algorithms in a long-term deployment of a critical infrastructure service like DNSSEC. With this focus, the specification has a “SPHINCS+-friendly” style. Implementers familiar with SPHINCS+ will find similar notation and constructions as well as common hash function instantiations. We are open to adding other post-quantum signature schemes to the draft or other drafts in the future.

Publishing the Internet-Draft is a first step toward the goal of standardizing a mode of operation that can reduce the size impact of post-quantum signature algorithms.

In support of this goal, Verisign also announced this week a public, royalty-free license to certain intellectual property related to the Internet-Draft published last week. Similar to other intellectual property rights declarations the company has made, we have announced a “Standards Development Grant” which provides the listed intellectual property under royalty-free terms for the purpose of facilitating standardization of the Internet-Draft we published on July 10, 2023. (The IPR declaration gives the official language.)

We expect to release an open-source implementation of the Internet-Draft soon, and, later this year, to publish an Internet-Draft on using MTL mode signatures in DNSSEC.

With these contributions, we invite implementers to take part in the next step toward standardization: evaluating initial versions of MTL mode to confirm whether they indeed provide practical advantages in specific use cases.

Conclusion

DNSSEC continues to be an important part of the internet’s infrastructure, providing cryptographic verification of information associated with the unique, stable identifiers in this ubiquitous namespace. That is why preparing for an eventual transition to post-quantum algorithms for DNSSEC has been and continues to be a key research and development activity at Verisign, as evidenced by our work on MTL mode and post-quantum DNSSEC more generally.

Our goal is that with a technique like MTL mode in place, protocols like DNSSEC can preserve the security characteristics of a pre-quantum environment while minimizing the operational impact of larger signatures in a post-quantum world.

In a later blog post, we’ll share more details on some upcoming changes to DNSSEC, and how these changes will provide both security and operational benefits to DNSSEC in the near term.

Verisign plans to continue to invest in research and standards development in this area, as we help prepare for a post-quantum future.

The post Next Steps in Preparing for Post-Quantum DNSSEC appeared first on Verisign Blog.

Will Altanovo’s Maneuvering Continue to Delay .web?

By Kirk Salzmann
Verisign Logo

The launch of .web top-level domain is once again at risk of being delayed by baseless procedural maneuvering.

On May 2, the Internet Corporation for Assigned Names and Numbers (ICANN) Board of Directors posted a decision on the .web matter from its April 30 meeting, which found “that NDC (Nu Dotco LLC) did not violate the Guidebook or the Auction Rules” and directed ICANN “to continue processing NDC’s .web application,” clearing the way for the delegation of .web. ICANN later posted a preliminary report from this meeting showing that the Board vote on the .web decision was without objection.

Less than 24 hours later, however, Altanovo (formerly Afilias) – a losing bidder whose repeatedly rejected claims already have delayed the delegation of .web for more than six years – dusted off its playbook from 2018 by filing yet another ICANN Cooperative Engagement Process (CEP), beginning the cycle of another independent review of the Board’s decision, which last time cost millions of dollars and resulted in years of delay.

Under ICANN rules, a CEP is intended to be a non-binding process designed to efficiently resolve or narrow disputes before the initiation of an Independent Review Process (IRP). ICANN places further actions on hold while a CEP is pending. It’s an important and worthwhile aspect of the multistakeholder process…when used in good faith.

But that does not appear to be what is happening here. Altanovo and its backers initiated this repeat CEP despite the fact that it lost a fair, ICANN-sponsored auction; lost, in every important respect, the IRP; lost its application for reconsideration of the IRP (which it was sanctioned for filing, and which was determined to be frivolous by the IRP panel); and has now lost before the ICANN Board.

The Board’s decision expressly found that these disputes “have delayed the delegation of .web for more than six years” and already cost each of the parties, including ICANN, “millions of dollars in legal fees.”

Further delay appears to be the only goal of this second CEP – and any follow-on IRP – because no one could conclude in good faith that an IRP panel would find that the thorough process and decision on .web established in the Board’s resolutions and preliminary report violated ICANN’s bylaws. At the end of the day, all that will be accomplished by this second CEP and a second IRP is continued delay, and delay for delay’s sake amounts to an abuse of process that threatens to undermine the multistakeholder processes and the rights of NDC and Verisign.

ICANN will, no doubt, follow its processes for resolving the CEP and any further procedural maneuvers attempted by Altanovo. But, given Altanovo’s track record of losses, delays, and frivolous maneuvering since the 2016 .web auction, a point has been reached when equity demands that this abuse of process not be allowed to thwart NDC’s right, as determined by the Board, to move ahead on its .web application.

The post Will Altanovo’s Maneuvering Continue to Delay .web? appeared first on Verisign Blog.

Verisign Honors Vets in Technology For Military Appreciation Month

By Ellen Petrocci
Verisign veterans american flag

For Murray Green, working for a company that is a steward of critical internet infrastructure is a mission that he can get behind. Green, a senior engineering manager at Verisign, is a U.S. Army veteran who served during Operation Desert Storm and sees stewardship as a lifelong mission. In both roles, he has stayed focused on the success of the mission and cultivating great teamwork.

Teamwork is something that Laura Street, a software engineer and U.S. Air Force veteran, came to appreciate through her military service. It was then that she learned to appreciate how people from different backgrounds can work together on missions by finding their commonalities.

While military and civilian roles are very different, Verisign appeals to many veterans because of the mission-driven nature of the work we do.

Green and Street are two of the many veterans who have chosen to apply their military experience in a civilian career at Verisign. Both say that the work is not only rewarding to them, but to anyone who depends on Verisign’s commitment in helping to maintain the security, stability, and resiliency of the Domain Name System (DNS) and the internet.

At Verisign, we celebrate Military Appreciation Month by paying tribute to those who have served and recognizing how fortunate we are to work alongside amazing veterans whose contributions to our work provide enormous value.

Introducing Data-Powered Technology

Before joining the military, Murray Green studied electrical engineering but soon realized that his true passion was computer science. Looking for a way to pay for school and explore and excel as a Programmer Analyst, he turned to the U.S. Army.

He served more than four years at the Walter Reed Army Medical Center in Washington as the sole programmer for military personnel, using a proprietary language to maintain a reporting system that supplied data analysis. It was a role that helped him recognize the importance of data to any mission – whether for the U.S. Army or a company like Verisign.

At Walter Reed, he helped usher in the age of client-server computing, which dramatically reduced data processing time. “Around this time, personal computers connected to mini servers were just coming online so, using this new technology, I was able to unload data from the mainframe and bring it down to minicomputers running programs locally, which resulted in tasks being completed without the wait times associated with conventional mainframe computing,” he said. “I was there at the right time.”

His work led him to receive the Meritorious Service Medal, recognizing his expertise in the proprietary programming language that was used to assist in preparation for Operation Desert Storm, the first mobilization of U.S. Army personnel since Vietnam.

In the military, he also came to understand the importance of leadership – “providing purpose, direction, and motivation to accomplish the mission and improve the organization.”

Green has been at Verisign for over 20 years, starting off in the registry side of the business. In that role, he helped maintain the .com/.net top level-domain (TLD) name database, which at the time, held 5 million domain names. Today, he still oversees this database, managing a highly skilled team that has helped provide uninterrupted resolution service for .com and .net for over a quarter of a century.

Sense of Teamwork Leaves a Lasting Impression

Street had been in medical school, looking for a way to pay for her continued education, when she heard about the military’s Health Professional Scholarship Program and turned to the U.S. Air Force.

“I met some terrific people in the military,” she said. “My favorite experiences involved working with people who cared about others and were able to motivate them with positivity.” But it was the sense of teamwork she encountered in the military that left a lasting impression.

“There’s a sense of accountability and concern for others,” she said. “You help one another.”

While working in the Education and Training department, she had been working with a support team to troubleshoot a video that wasn’t loading properly and was impressed with how the developers worked to fix the problem. She immediately took an interest in programming and enrolled in night classes at a local community college. After completing her service in the U.S. Air Force, she went back to school to pursue a bachelor’s degree in computer science.

She’s been at Verisign for two years and, while the job itself is rewarding because it taps into so many of her interests – from Java programming to network protection and packet analysis – it was the chemistry with the team that was most enticing about the role.

“I felt as at-ease as one can possibly feel during a technical interview,” she said. “I got the sense that these were people who I would want to work with.

Street credits the military for teaching her valuable communication and teamwork skills that she continues to apply in her role, which focuses on keeping the .com and .net top-level-domains available around the clock, around the world.

A Unique and Global Mission

Both Green and Street encourage service members to stay focused on the success of their personal missions and the teamwork they learned in the military, and to leverage those skills in the civilian world. Use your service as a selling point and understand that companies value that background more than you think, they said.

“Being proud of the service we provide to others and paying attention to details allows us at Verisign to make a global difference,” Green said. “The veterans on our team bring an incredible skillset that is highly valued here. I know that I’m a part of an incredible team at Verisign.”

Verisign is proud to create career opportunities where veterans can apply their military training. To learn more about our current openings, visit Verisign Careers.

The post Verisign Honors Vets in Technology For Military Appreciation Month appeared first on Verisign Blog.

All in for Security: Cisco Secure at Cisco Live EMEA 2023

By Tom Gillis

Cisco Live is the premier destination for Cisco customers and partners to gain knowledge and build community. Our teams work hard to deliver education and inspiration, ignite creativity, deliver practical know-how, and accelerate the connections that fuel your digital future.

The Cisco Secure team is excited to share our expertise to help power the strategies – and safety – of your organization.

If it’s connected, it’s protected

Executive Q&A Panel at Cisco Live EMEA

In 2023, the threat landscape will evolve to one that sees attacks on every surface, from criminals who are opportunistic, yet laser-focused on their goal. The attacks themselves could be email-borne, directly targeted, socially based, or a mix of all three.

Criminals will target vulnerabilities, operational deficiencies, suppliers, and business partners, as a means of accomplishing their goals. They will use the target’s own environment and take advantage of existing people and technology problems, including alert fatigue and staffing shortages.

To face this reality and address the needs of organizations both large and small, Cisco will continue to focus on education and innovation in the areas of preventing insider threats, providing consistent and informed alerts, enabling actionable intelligence, and delivering solutions to implement a zero-trust security framework.

As the organization that pioneered networking, we are driven to secure every connection, providing end-to-end protection for users and devices across multiple clouds and networks with a seamless experience.

Innovating to enable a more resilient organization

As our vision for the integrated Cisco Security Cloud evolves, we’re continuing to challenge existing models and unify security and networking, with foundational elements that execute on this vision. From verified push – which protects organizations from MFA-focused phishing attacks – to Wi-Fi Fingerprint, and Remembered Devices, the performance enhancements with Enterprise Single Sign-on and Cisco+ Secure Connect, we continue to meet our customers where they are, offering true zero trust, with frictionless experiences for the hybrid workforce.

We’re excited to celebrate the following innovations and updates announced at Cisco Live EMEA:

Risk-Based Authentication

Finding the balance between usability and security is now easier than ever. With Risk-Based Authentication, users have the access they need, secured by real-time contextual signals. Organizations can increase security efficacy by dynamically adjusting authentication ​requirements based on risk levels and by enabling safer end-user behavior. Risk-based authentication now includes wi-fi fingerprint, remembered device, and verified push features, which work together to reduce risk while preserving user experience ​by only requesting additional interaction for suspicious logins or a change in risk.

Single Sign-On

Our Enterprise Ready Single Sign-on expands Duo SSO with three new capabilities to easily connect single sign-on to modern apps and empower end users. By adding major protocol support, improved admin tooling, and SSO on demand password resets, organizations enable easier and more secure access from anywhere.

Cisco+ Secure Connect

Cisco SD-WAN customers can now enjoy all the benefits of a turnkey, single-vendor SASE solution that brings together industry-leading networking with security:​ Cisco+ Secure Connect. This new integration gives Cisco SD-WAN (powered by Viptela) customers fast, secure private application and internet access, enabling them to deliver a secure experience, anywhere work happens.

Application Security

We are also announcing the introduction of industry-first Business Risk Observability, an enhancement of our Full-Stack Observability application security solution. Available through Cisco Secure Application, which is integrated into Cisco AppDynamics, it provides a business risk scoring solution which brings together Kenna Risk Meter score distribution and Business Transactions from Cisco AppDynamics and integrates with Panoptica for API security and Talos for threat intelligence.

Cybersecurity Readiness Index report

The initial findings from our first Cybersecurity Readiness Index reveal that while technology to devices is widely adopted, more progress is needed to protect identity, networks and applications. The report assessed the preparedness of companies around the world to safeguard against cyber threats in the current environment. See our key findings and security readiness trends, with the full report launching in the coming weeks.

As we navigate 2023, we will continue to face uncertainties and challenges. We are fully committed to our customers and partners in the journey to provide security resilience, supporting a frictionless user experience, and solutions threat intelligence that work to continually minimize risk.

 


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

The Nominees for the 2023 Cybersecurity Defender of the Year Award in EMEA

By Cristina Errico

Cybersecurity professionals are often perceived as sole practitioners, plying their craft in dimly lit rooms. Nothing could be further from the truth, as one of the keys to being a successful cybersecurity professional is the ability to collaborate and, more importantly, to share knowledge as far and wide as possible.

At Cisco, we have formed the Cisco Insider Advocacy program, which consists of a global community of professionals passionate about working and spreading their knowledge with others. We celebrate these individuals’ efforts with annual awards in various disciplines and locales. In 2023, Cisco will recognize top advocates by region for the Global Advocate Awards. Our first event – highlighting Cisco customers from across the EMEA region – is around the corner. It all happens at Cisco Live in Amsterdam, in a live ceremony on February 8!

I am joined on the Advocate Awards judges’ panel by my colleagues, Cindy Valladares, Director of Brand Strategy and Customer Advocacy at Cisco Secure, Caroline Surujpaul, EMEA and European Marketing Director at Cisco Secure and Sarah Stephens, Senior Security Marketing Leader for EMEA at Cisco Secure. We are pleased to introduce the nominees for the Cybersecurity Defender of the Year Award in EMEA.

We have five distinguished nominees, and while we have yet to select a winner, you will see how each of their contributions to Cisco’s cybersecurity community raised our attention.

Nominees for 2023 EMEA Cybersecurity Defender of the Year

Alessandro Braga  – CDO, Talent Garden

Alessandro was featured in a recent successful case study about the Future of Work with Umbrella, as well as an earlier piece about simplified security using Cisco Meraki in Talent Garden.

Alessandro also authored a book about digital transformation long before it was a common buzzword. That is typical of Alessandro’s foresight, the ability to be proactive to changes before they are commonplace. He is indeed on the cutting edge.

Alessandro considers his involvement in the Advocacy community as “a very easy goal for me. First, because I’m very passionate about cybersecurity, and second because here I can find very valuable peers and professionals to share information with.” Alessandro’s abilities are borne from passion, drive, and adherence to a personal code of excellence; he learned security in a strictly hands-on style. He is also a member of Cisco’s “League of Cybersecurity Heroes.”

Christoffer Vargtass Hallstensen – Head of SOC, Norwegian University of Science and Technology

Christoffer, the newest Cisco Insider Advocacy community member, has gotten off to a brisk involvement with the group. He was recently featured in the case study “NTNU Supports a Diverse Academic and Research Community with Proactive Security,” which detailed how the Norwegian University of Science and Technology tackled the management of a dizzying 110,000 endpoints connecting to the university’s VPN.

Christoffer fully embraces the ideology of collaboration, mentioning that when he was seeking a security solution, “We didn’t want a vendor. We didn’t want a product. We wanted a partner to help us attack this large problem of cybersecurity.”  He also demonstrates a fervent dedication to sharing by authoring half a dozen works in the cybersecurity realm, ranging from scientific to academic articles. His involvement in the Insider Advocacy community has earned him a spot in Cisco’s “League of Cybersecurity Heroes.”

Mark Healey – Senior Cyber Security Engineer, South Yorkshire Police

Mark is one of the most erudite cybersecurity professionals one could meet. He has extensive educational credentials and enjoys sharing his knowledge, making him one of the Top 10 most engaged advocates of the Cybersecurity Channel within the Cisco Insider Advocates community.

Mark’s professional involvement extends beyond his local precinct, offering his knowledge of security best practices across the UK Policing community. In completing his most recent university degree, he authored a dissertation that “has led to an initiative to improve the security posture of my workplace.” Mark’s support to other Cisco customers has also led to his election as Vice-Chair of the Internet Society Cybersecurity Special Interest Group. He is also a member of Cisco’s “League of Cybersecurity Heroes.”

Luigi Vassallo – COO & CTO, Sara Assicurazioni

Luigi is a valuable member of the Insider Advocacy group and was recently featured in a video and written success story about Zero Trust and XDR.

Luigi is an agent of change who embraces the collaborative spirit of a true cybersecurity expert, as exemplified in his entire professional approach: “Since the infrastructure is now cloud-based, we had to change our mindset regarding cybersecurity as well. It was important to have the people, the process, the organisation, and the technology under the same security umbrella.”

When not working to ensure the security of the Sara Assicurazioni environment, Luigi has dedicated time to speaking at events, such as the “Experts Learning from Experts” global virtual session, a special virtual roundtable dedicated to Zero Trust and, last but not least, his presentation at Cisco Live Emea in Amsterdam about XDR and Zero Trust. His contributions to the Insider Advocacy platform reflect a tireless commitment to the cybersecurity community. Luigi is also a member of Cisco’s “League of Cybersecurity Heroes.”

Diego Zengin – Global CTO, Grupo Cosentino

Last year, Diego participated as speaker at the Tech Forum: Convergencia entre redes y seguridad. He will also be featured in a future ThreatWise TV – Cisco episode

Diego recognised early on that remote work would place his organisation outside the scope of their security and took proactive measures to meet the challenge. Part of his proactive approach is to freely communicate his ideas, leading to his involvement in the Insider Advocacy community. This has also earned him a place within Cisco’s “League of Cybersecurity Heroes.”

Diego’s view of working with Cisco’s products is summed up in a catchy phrase: “If it’s connected, it’s protected.” His involvement within the Insider Advocacy community makes us echo that sentiment by stating that he is connected, helping to keep everyone protected.

Supporting Diversity, Equity, and Inclusion

One point of note is the absence of women from the list of nominees. This was not the result of bias, as Cisco has a history of substantial diversity, equity, and inclusion.  As you can see from the activities of the current nominees, the selection was based strictly on contributions to the community. We would love to see more engagement and membership in the Insider Advocacy program, not only from women but from a broader geographic area. This would increase the choices of possible nominees and add an even wider palette of inclusion to the entire nomination process.

We know that there is an entire population of cybersecurity professionals who seek more connection with like-minded individuals, and we welcome you to join this cohesive community.

Join Cisco’s most strategic, forward-thinking customer and partner advocates so
we can feature your story of passion and commitment on our next nomination list!

Cisco Insider Advocacy

 


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Nine Top of Mind Issues for CISOs Going Into 2023

By Richard Archdeacon

As the majority of the global Covid fog finally started lifting in 2022, other events – and their associated risks – started to fill the headspace of C-level execs the world over. In my role, I regularly engage with CISOs in all kinds of sectors, representatives at industry bodies, and experts at analyst houses. This gives me an invaluable macroview not only of how the last 12 months have affected organizations and what CISOs are thinking about, but also how the upcoming year is shaping up.

Using this information, last year I wrote a blog summing up the nine top of mind issues I believed will most impact CISOs as we headed into 2022. Many of them still ring true now and will continue to do so, but some new concerns have risen up the agenda. Here are the topics that I think will be top of mind in 2023, and what CISOs can do to prepare.

  1. CISO in the firing line

One aspect that has come to the fore this year is the CISO’s position as ‘guardian of customers’ private data’ in the event of a breach, and their responsibilities over the level of disclosure they later provide. And here, we are not only talking about the legal duty to inform regulators, but the implicit moral duty to inform third parties, customers, etc. From my conversations this year, this whole area is getting CISOs thinking about their own personal liability more.

As a result of this, next year we could see CISOs tightening up the disclosure decision making process, focusing on quicker and greater clarity on breach impact, and even looking to include personal liability cover in cyber insurance contracts. CISOs will also likely be pushing more tabletop exercises with the executive leadership team to ask and answer questions around what is showed, to whom, and by whom.

  1. Increasing demands from insurers

Cyber insurance has become a newsworthy topic over the last 24 months, mainly due to the hardening of the market, as insurance products have become less profitable for underwriters and insurers’ costs have risen. But the topic will continue to be in focus as we move into 2023, with insurers demanding greater attribution – aka the science of identifying the perpetrator of a cybercrime by comparing the evidence gathered from an attack with evidence gathered from earlier attacks that have been attributed to known perpetrators to find similarities.

The need for greater attribution stems from the news that some insurers are announcing that they are not covering nation state attacks, including major marketplace for insurance and reinsurance, Lloyd’s – a topic I covered with colleague and co-author Martin Lee, in this blog earlier in the year.

Greater preparation and crystal-clear clarity of the extent to which attribution has taken place when negotiating contracts will be an essential element for CISOs going forward. For more practical advice on this topic, I also wrote a blog on some of the challenges and opportunities within the cyber liability insurance market back in June which you can read here.

  1. Getting the basics right

Being a CISO has never been more complex. With more sophisticated attacks, scarcity of resources, the challenges of communicating effectively with the board, and more demanding regulatory drivers like the recently approved NIS2 in the EU, which includes a requirement to flag incidents that cause a significant financial implication or operational disruption to the service or to others within 24 hours.

With so much to consider, it is vital that CISOs have a clear understanding of the core elements of what they protect. Questions like ‘where is the data?’, ‘who is accessing it?’, ‘what applications is the organization using?’, ‘where and what is in the cloud?’ will continue to be asked, with an overarching need to make management of the security function more flexible and simpler for the user. This visibility will also inevitably help ease quicker decision making and less of an operational overhead when it comes to regulatory compliance, so the benefits of asking these questions are clear.

  1. How Zero Trust will progress

According to Forrester, the term Zero Trust was born in 2009. Since then, it has been used liberally by different cybersecurity vendors – with various degrees of accuracy. Zero Trust implementations, while being the most secure approach a firm can take, are long journeys that take multiple years for major enterprises to carry out, so it is vital that they start as they mean to go on. But it is clear from the interactions we have had that many CISOs still don’t know where to start, as we touched on in point #3.

However, that can be easier said than done in many cases, as the principles within Zero trust fundamentally turn traditional security methods on their head, from protecting from the outside in (guarding your company’s parameter from external threats) to protecting from in the inside out (guarding individual assets from all threats, both internal and external). This is particularly challenging for large enterprises with a multitude of different silos, stakeholders and business divisions to consider.

The key to success on a zero-trust journey is to set up the right governance mode with the relevant stakeholders and communicate all changes. It is also worth taking the opportunity to update their solutions via a tech refresh which has a multitude of benefits, as explained in our most recent Security Outcomes Study (volume 2).

For more on where to start check out our eBook which explores the five phases to achieving zero trust, and if you have already embarked on the journey, read our recently published Guide to Zero Trust Maturity to help you find quick wins along the way.

  1. Ransomware and how to deal with it

As with last year, ransomware continues to be the main tactical issue and concern facing CISOs. More specifically, the uncertainty around when and how an attack could be launched against the organization is a constant threat.

Increased regulation on the payment of ransomware and declaring payments is predicted, on top of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), the Ransom Disclosure Act, but that doesn’t help alleviate ransomware worries, especially as this will again put the CISO in the firing line.

CISOs will continue to keep a focus on the core basics to prevent or limit the impact of an attack, and again have a closer look at how any ransomware payment may or may not be paid and who will authorize payment. For more on how executives can prepare for ransomware attacks, read this blog from Cisco Talos.

  1. From Security Awareness to Culture Change

Traditionally CISOs have talked about the importance of improving security awareness which has resulted in the growth of those test phishing emails we all know and love so much. Joking aside, there is increased discussion now about the limited impact of this approach, including this in depth study from the computer science department of ETH Zurich.

The study, which was the largest both in terms of scale and length at time of publishing, revealed that ‘embedded training during simulated phishing exercises, as commonly deployed in the industry today, does not make employees more resilient to phishing, but instead it can have unexpected side effects that can make employees even more susceptible to phishing’.

For the most effective security awareness, culture is key. This means that everyone should see themselves as part of the security team, like the approach that has been taken when approaching the issue of safety in many high-risk industries. In 2023, CISOs will now be keen to bring about a change to a security culture by making security inclusive, looking to create security champions within the business unit, and finding new methods to communicate the security message.

  1. Resignations, recruitment and retention

Last year, we talked about preparing for the ‘great resignation’ and how to prevent staff leaving as WFH became a norm rather than an exception. In the past year, the conversations I have had have altered to focus on how to ensure recruitment and retention of key staff within the business by ensuring they work in an environment that supports their role.

Overly restrictive security practices, burdensome security with too many friction points, and limitations around what resources and tools can be used may deter the best talent from joining – or indeed staying – with an organization. And CISOs don’t need that extra worry of being the reason behind that kind of ‘brain drain’. So, security will need to focus on supporting the introduction of flexibility and the ease of user experience, such as passwordless or risk-based authentication.

  1. Don’t sleep on the impact of MFA Fatigue

Just when we thought it was safe to go back into the organization with MFA protecting us, along came methods of attack that rely on push-based authentication vulnerabilities including:

  • Push Harassment – Multiple successive push notifications to bother a user into accepting a push for a fraudulent login attempt;
  • Push Fatigue – Constant MFA means users pay less attention to the details of their login, causing a user to accept a push login without thinking.

There has been a lot written about this kind of technique and how it works (including guidance from Duo) due to some recent high-profile cases. So, in the forthcoming year CISOs will look to update their solutions and introduce new ways to authenticate, along with increased communications to users on the topic.

  1. Third party dependency

This issue was highlighted again this year driven by regulations in different sectors such as the UK Telecoms (Security) Act which went live in the UK in November 2022 and the new EU regulation on digital operational resilience for financial services firms (DORA), which the European Parliament voted to adopt, also in November 2022. Both prompt greater focus on compliance, more reporting and understanding the dependency and interaction organizations have with the supply chain and other third parties.

CISOs will focus on obtaining reassurance from third parties as to their posture and will receive a lot of requests from others about where their organization stands, so it is crucial more robust insight into third parties is gained, documented, and communicated.

When writing this blog, and comparing it to last year’s, the 2023 top nine topics fit into three categories. Some themes make a reappearance, seem to repeat themselves such as the need to improve security’s interaction with users and the need to keep up to date with digital change. Others appear as almost incremental changes to current capabilities such as an adjusted approach to MFA to cope with push fatigue. But, perhaps one of the most striking differences to previous years is the new focus on the role of the CISO in the firing line and the personal impact that may have. We will of course continue to monitor all changes over the year and lend our viewpoint to give guidance. We wish you a secure and prosperous new year!


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Secure Email Threat Defense: Providing critical insight into business risk

By Kevin Potts

Attackers specifically craft business email compromise (BEC) and phishing emails using a combination of malicious techniques, expertly selected from an ever-evolving bag of tricks. They’ll use these techniques to impersonate a person or business that’s well-known to the targeted recipient and hide their true intentions, while attempting to avoid detection by security controls.

As a result of the requisite expertise needed to combat these complex attacks, email security has traditionally been siloed away in disparate teams and security controls. Practitioners are buried under an ever-growing pile of RFCs, requiring extensive domain-specific knowledge, unending vigilance, and meticulous manual interventions, such as tweaking trust levels and cultivating allow/block lists with IPs, domains, senders, and vendors.

Cisco Secure Email Threat Defense is leading the industry forward with a major shift, elevating email security into a new era; where administration will consist of merely associating specific business risks with the appropriate due diligence response required to remediate against them.

Email Threat Defense has introduced a new Threat Profile that provides the customer with deep insights into the specific business risks of individual email threats and the confidence to act quickly. This new visualization is powered by a new patent-pending threat detection engine. This engine leverages intelligence distilled from Talos global-scale threat research across a massive volume of email traffic into machine learning, behavioral modeling, and natural language understanding.

The detection engine granularly identifies specific underlying threat techniques utilized in the message by the attacker. The identified techniques provide the full context of the threat message as the supporting foundation for the engine to determine threat categorization and the specific risk to the business. These malicious Techniques, together with the threat category and specific business risk, are used to populate the Threat Profile.

Each message’s Threat Profile is identified in real-time, automatically remediated per policy, and surfaced directly to the operator in the message detail views, providing deep contextual insights into the attacker’s intent and the associated risks to the business. As part of a larger Extended Detection and Response (XDR) strategy, the actionable intelligence in Email Threat Defense is integrated with the wider enterprise orchestration of security controls via SecureX, easing the operational burden by decreasing your mean time to remediation (MTTR).

Email Threat Defense delivers a distinct understanding of malicious messages, the most vulnerable targets within the organization, and the most effective means of protecting them from phishing, scams, and BEC attacks. With a clean design and core focus on simplifying administration, Email Threat Defense deploys in minutes to strengthen protection of your existing Microsoft 365 Exchange Online platform against the most advanced email threats.

For more information, visit the Cisco Secure Email product pages, read the Email Threat Defense data sheet, and view the demo video below.

 


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Cisco Secure Cloud Analytics – What’s New

By Claudio Lener

Nowadays, “cybersecurity” is the buzzword du jour, infiltrating every organization, invited or not. Furthermore, this is the case around the world, where an increasing proportion of all services now have an online presence, prompting businesses to reconsider the security of their systems. This, however, is not news to Cisco, as we anticipated it and were prepared to serve and assist clients worldwide.

Secure Cloud Analytics, part of the Cisco Threat, Detection, and Response (TD&R) portfolio, is an industry-leading tool for tackling core Network Detection and Response (NDR) use cases. These workflows focus primarily on threat detection and how security teams may recognize the most critical issues around hunting and forensic investigations to improve their mean-time-to-respond.

Over the last year, the product team worked tirelessly to strengthen the NDR offering. New telemetry sources, more advanced detections, and observations supplement the context of essential infrastructure aspects as well as usability and interoperability improvements. Additionally, the long-awaited solution Cisco Telemetry Broker is now available, providing a richer SecOps experience across the product.

MITRE ATT&CK framework alerting capabilities

As part of our innovation story on alerting capabilities, Secure Cloud Analytics now features new detections tied to the MITRE ATT&CK framework such as Worm Propagation, Suspicious User Agent, and Azure OAuth Bypass.

Additionally, various new roles and observations were added to the Secure Cloud Analytics to improve and change user alerts, that are foundational pieces of our detections. Alerts now include a direct link to AWS’ assets and their VPC, as well as direct access to Azure Security Groups, enabling further investigation capabilities through simplified workflows. In addition, the Public Cloud Providers are now included in coverage reports that provide a gap analysis to determine which accounts are covered. Alert Details offers new device information, such as host names, subnets, and role metrics that emphasize detection techniques. To better configure alerts, we are adding telemetry to gain contextual reference on their priority. Furthermore, the ingest process has grown more robust due to data from the Talos intelligence feed and ISE.

NDR: A Force Multiplier to Cisco XDR Strategy

The highly anticipated SecureX integration is now available in a single click, with no API credentials required and smooth interaction between the two platforms. Most importantly, Secure Cloud Analytics alerts may now be configured to automatically publish as incidents to the SecureX Incident Manager. The Talos Intelligence Watchlist Hits Alert is on by default due to its prominence among the many alert types.

Among other enhancements to graphs and visualizations, the Encrypted Traffic widget allows for an hourly breakdown of data. Simultaneously, the Device Report contains traffic data for a specific timestamp, which may be downloaded as a CSV. Furthermore, the Event Viewer now displays bi-directional session traffic to provide even more context to Secure Cloud Analytics flows, as well as additional columns to help with telemetry log comprehension: Cloud Account, Cloud Region, Cloud VPC, Sensor and Exporter.

New Sensor Data to Quickly Detect and Hunt Threats

On-premises sensors now provide additional telemetry on the overview page and a dedicated page where users can look further into the telemetry flowing through them in Sensor Health. To optimize the Secure Cloud Analytics deployment and improve the user experience, sensors may now be deleted from the interface.

Regarding telemetry, Cisco Telemetry Broker can now serve as a sensor in Secure Cloud Analytics, so users can identify and respond to threats faster with additional context sent to Secure Cloud Analytics. In addition, there will soon be support for other telemetry types besides IPFIX and NetFlow.

As we can see from the vast number of new additions to Secure Cloud Analytics, the product team has been working hard to understand the latest market trends, listen to the customers’ requests, and build one of the finest SaaS products in the NDR industry segment. The efforts strongly underline how Secure Cloud Analytics can solve some of the most important challenges in the NDR space around visibility, fidelity of alerts and deployment complexity by providing a cloud hosted platform that can offer insights on-premise and on cloud environments simultaneously from the same dashboard. Learn more about new features that allow Secure Cloud Analytics to detect, analyze, and respond to the most critical dangers to their company much more quickly.


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Unscrambling Cybersecurity Acronyms – The ABCs of MDR and XDR Security

By Nirav Shah

In the second part of this blog series on Unscrambling Cybersecurity Acronyms, we covered Endpoint Detection and Response (EDR) and Managed Endpoint Detection and Response (MEDR) solutions, which included an overview of the evolution of endpoint security solutions. In this blog, we’ll go over Managed Detection and Response (MDR) and Extended Detection and Response (XDR) solutions in more depth.

What are Managed Detection and Response (MDR) solutions? 

MDR solutions are a security technology stack delivered as a managed service to customers by third-parties such as cybersecurity vendors or Managed Service Providers (MSPs). They’re similar to Managed Endpoint Detection and Response (MEDR) solutions since both solutions are managed cybersecurity services that use Security Operations Center (SOC) experts to monitor, detect, and respond to threats targeting your organization. However, the main difference between these two offerings is that MEDR solutions monitor only your endpoints while MDR solutions monitor a broader environment.

While MDR security solutions don’t have an exact definition for the types of infrastructure they monitor and the underlying security stack that powers them, they often monitor your endpoint, network, and cloud environments via a ‘follow the sun’ approach that uses multiple security teams distributed around the world to continually defend your environment. These security analysts monitor your environment 24/7 for threats, analyze and prioritize threats, investigate potential incidents, and offer guided remediation of attacks. This enables you to quickly detect advanced threats, effectively contain attacks, and rapidly respond to incidents.

More importantly, MDR security solutions allow you to augment or outsource your security to cybersecurity experts. While nearly every organization must defend their environment from cyberattacks, not every organization has the time, expertise, or personnel to run their own security solution. These organizations can benefit from outsourcing their security to MDR services, which enable them to focus on their core business while getting the security expertise they need. In addition, some organizations don’t have the budget or resources to monitor their environment 24/7 or they may have a small security team that struggles to investigate every threat. MDR security services can also help these organizations by giving them always-on security operations while enabling them to address every threat to their organization.

One drawback to deploying an MDR security service is that you become dependent on a third-party for your security needs. While many organizations don’t have any issues with this, some organizations may be hesitant to hand over control of their cybersecurity to a third-party vendor. In addition, organizations such as larger, more-risk averse companies may not desire an MDR service because they’ve already made cybersecurity investments such as developing their own SOC. Finally, MDR security solutions don’t have truly unified detection and response capabilities since they’re typically powered by heterogenous security technology stacks that lack consolidated telemetry, correlated detections, and holistic incident response. This is where XDR solutions shine.

What are Extended Detection and Response (XDR) solutions? 

XDR solutions unify threat monitoring, detection, and response across your entire environment by centralizing visibility, delivering contextual insights, and coordinating response. While ‘XDR’ means different things to different people because it’s a fairly nascent technology, XDR solutions usually consolidate security telemetry from multiple security products into a single solution. Moreover, XDR security solutions provide enriched context by correlating alerts from different security solutions. Finally, comprehensive XDR solutions can simplify incident response by allowing you to automate and orchestrate threat response across your environment.

These solutions speed up threat detection and response by providing a single pane of glass for gaining visibility into threats as well as detecting and responding to attacks. Furthermore, XDR security solutions reduce alert fatigue and false positives with actionable, contextual insights from higher-fidelity detections that mean you spend less time sifting through endless alerts and can focus on the most critical threats. Finally, XDR solutions enable you to streamline your security operations with improved efficiency from automated, orchestrated response across your entire security stack from one unified console.

A major downside to XDR security solutions is that you typically have to deploy and manage these solutions yourself versus having a third-party vendor run them for you. While Managed XDR (MXDR) services are growing, these solutions are still very much in their infancy. In addition, not every organization will want or need a full-fledged XDR solution. For instance, organizations with a higher risk threshold may be satisfied with using an EDR solution and/or an MDR service to defend their organization from threats.

Choosing the Right Cybersecurity Solution  

As I mentioned in the first and second parts of this blog series, you shouldn’t take a ‘one-size-fits-all’ approach to cybersecurity since every organization has different needs, goals, risk appetites, staffing levels, and more. This logic holds true for MDR and XDR solutions, with these solutions working well for certain organizations and not so well for other organizations. Regardless, there are a few aspects to consider when evaluating MDR and XDR security solutions.

One factor to keep in mind is if you already have or are planning on building out your own SOC. This is important to think about because developing and operating a SOC can require large investments in cybersecurity, which includes having the right expertise on your security teams. Organizations unwilling to make these commitments usually end up choosing managed security services such as MDR solutions, which allows them to protect their organization without considerable upfront investments.

Other critical factors to consider are your existing security maturity and overall goals. For instance, organizations who have already made significant commitments to cybersecurity often think about ways to improve the operational efficiency of their security teams. These organizations frequently turn to XDR tools since these solutions reduce threat detection and response times, provide better visibility and context while decreasing alert fatigue. Moreover, organizations with substantial security investments should consider open and extensible XDR solutions that integrate with their existing tools to avoid having to ‘rip and replace’ security tools, which can be costly and cumbersome.

I hope this blog series on the different threat detection and response solutions help you make sense of the different cybersecurity acronyms while guiding you in your decision on the right security solution for your organization. For more information on MDR solutions, read about how Cisco Secure Managed Detection and Response (MDR) rapidly detects and contains threats with an elite team of security experts. For more information on XDR solutions, learn how the Cisco XDR offering finds and remediates threats faster with increased visibility and critical context to automate threat response.


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Secure Your Hybrid Workforce Using These SOC Best Practices

By Pat Correia

Hybrid Workforce is here to stay

Just a few years ago when the topic of supporting offsite workers arose, some of the key conversation topics were related to purchase, logistics, deployment, maintenance and similar issues. The discussions back then were more like “special cases” vs. today’s environment where supporting workers offsite (now known as the hybrid workforce) has become a critical mainstream topic.

Figure 1: Security challenges in supporting the hybrid workforce

Now with the bulk of many organization’s workers off-premise, the topic of security and the ability of a security vendor to help support an organization’s hybrid workers has risen to the top of the selection criteria.  In a soon to be released Cisco endpoint survey, it’s not surprising that the ability of a security vendor to make supporting the hybrid workforce easier and more efficient was the key motivating factor when organizations choose security solutions.

Figure 2: Results from recent Cisco Survey

Best Practices complement your security tools

Today, when prospects and existing customers look at Cisco’s ability to support hybrid workers with our advanced security solution set and open platform, it’s quite clear that we can deliver on that promise. But, yes, good tools make it easier and more efficient, but the reality is that running a SOC or any security group, large or small, still takes a lot of work. Most organizations not only rely on advanced security tools but utilize a set of best practices to provide clarity of roles, efficiency of operation, and for the more prepared, have tested these best practices to prove to themselves that they are prepared for what’s next.

Give this a listen!

Knowing that not all organizations have this degree of security maturity and preparedness, we gathered a couple of subject matter experts together to discuss 5 areas of time-tested best practices that, besides the advanced tools offered by Cisco and others, can help your SOC (or small security team) yield actionable insights and guide you faster, and with more confidence, toward the outcomes you want.

In this webinar you will hear practical advice from Cisco technical marketing and a representative from our award winning Talos Threat Intelligence group, the same group who have created and are maintaining breach defense in partnership with Fortune 500 Security Operating Centers (SOC) around the globe.

Figure 3: Webinar Speakers

You can expect to hear our 5 Best Practices recommendations on the following topics;

  1. Establishing Consistency – know your roles and responsibilities without hesitation.
  2. Incident Response Plan – document it, share it and test it with your stakeholders.
  3. Threat Hunting – find out what you don’t know and minimize the threat.
  4. Retro Learning – learn from the past and be better prepared.
  5. Unifying stakeholders – don’t go it alone.

Access this On-Demand Webinar now!

Check out our webinar to find out how you can become more security resilient and be better prepared for what’s next.


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

How can I help protect my company from phishing attacks?

By Greg Barnes

I’m sure you’ve seen them — emails or messages that sound alarming and ask you to act quickly. We live in a digital world that produces hundreds of messages and alerts every day. It’s often hard to determine the validity of a suspicious message or phishing email. Whether you are an administrator, or an end-user, it can be overwhelming to accurately identify a malicious message. When in doubt, here are some questions you should ask yourself:

Is the message from a legitimate sender?

Do I normally receive messages from this person?

If there’s a link, can I tell where it’s sending me?

Attackers continue to evolve their methods, and they’re highly educated on the defenses they come up against in the wild. They’ll craft messages that do not involve any traditional indicators of compromise, such as domains, IP address, or URL links. They’ll also start their attacks by sending messages as an initial lure to establish trust, before sending an email with altered invoice or one claiming to be a helpless employee attempting to get their payroll fixed.

Phishing is a socially-based attack type, one where the threat actors focus on human behavior. When these attacks target organizations, there are multiple levels of attack at play. One that focuses on behavioral patterns and workflow, and the other centers on the victim’s emotional boundaries, such as targeting their desire to help others. You see this pattern frequently in Business Email Compromise (BEC) attacks.

Below, we’ve placed an example of a lure, which will test the victim to see if there is a means to quickly establish trust. Here, the threat actor is pretending to be the Chief Financial Officer (CFO) of the victim’s organization. If the lure is successful, then the threat actor will progress the attack, and often request sensitive records or wire transfers. Notice that in the email headers, the person pretending to be the CFO is using a Gmail account, one that was likely created just for this attack. The message is brief, stresses importance and urgency, and requests assistance, playing on the victim’s workflow and desire to help an executive or someone with authority.

The example below is a simplified one, to be sure, but the elements are legitimate. Daily, emails like this hit the inboxes of organizations globally, and the attackers only need to locate a single victim to make their efforts payout.

Figure 1: An example of an Initial lure to establish trust

In the FBI / IC3 2021 Internet Crime Report, there were nearly 20,000 Business Email Compromise complaints filed, with an adjusted loss of nearly 2.4 billion dollars.  While spoofing the identity of an executive is certainly one way to conduct a BEC attack, the FBI says that threat actors have started leveraging the normality of hybrid-work to target meeting platforms to establish trust and conduct their crimes. When successful, the funds from the fraudulent wire transfers are moved to crypto wallets and the funds dispersed, making recovery harder.

So as an end user what can you do to protect your organization? Be mindful anytime you receive an urgent call to action, especially when the subject involves money. If your workflow means that you regularly receive these types of requests from the specific individual, verify their identity and the validity of the request using another channel of communication, such as in person or via phone. If you do validate their identity via the phone, take care to avoid calling any numbers listed in the email.

Cisco Secure Email helps stop these types of attacks by tracking user relationships and threat techniques. These techniques often include account takeover, spoofing and many more. Using an intent-based approach allows Secure Email to detect and classify business email compromises and other attacks, so administrators are empowered to take a risk-based approach to stopping these threats.

Find out more about how Cisco Secure Email can help keep your organization safe from phishing.


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Introducing “NEXT” by Cisco Secure

By Tazin Khan

Inspiring discussions around innovative tech  

Technology has typically had a reputation for being exciting and inventive. Unfortunately, this hasn’t always been the case for security. But times have changed. We are now recognizing the crucial role security plays in any groundbreaking technology. Without strong defenses, even the most visionary app is likely to crash and burn. So it’s imperative that big security players like Cisco stay on top of what’s next.

I am thrilled to announce that in November, we will be launching our new video series, “NEXT” by Cisco Secure. In the series, my esteemed co-host TK Keanini and I will interview some of the brightest new minds in tech to find out more about the future of the industry and how we can best secure it. Watch the series preview below!

“NEXT” by Cisco Secure

Bringing cyber pioneers to the forefront  

As the CTO of Cisco Secure, TK has over 25 years of networking and security expertise, as well as a penchant for driving technical innovation. As for me, I’m a cybersecurity specialist of 10 years with an obsession for communication and empathy. Together, TK and I will bring new cyber pioneers to the forefront and highlight the criticality of digital protection and privacy for everyone.

Whether we’re discussing Web3, the metaverse, or next-generation healthcare, we’ll learn and laugh a lot. Through simple conversations about complex topics, we’re building a bridge between leading-edge tech and how Cisco is helping to safeguard what’s on the horizon.

Expanding security awareness 

And what better time to preview this series than during Cybersecurity Awareness Month? A time when we focus on the reality that security belongs to everyone — not just the threat hunter, or the product engineer, or the incident responder — but everyone.

We all have a responsibility to protect the world’s data and infrastructure, and should all have a seat at the table for important security conversations. We hope you’ll join us as we dive into what’s making waves out there, and how we can keep it safe.

Be a part of what’s next  

Follow our Cisco Secure social channels to catch our first episode in November, when we will speak with Michael Ebel, CEO of Atmosfy. Atmosfy is revolutionizing restaurant reviews by incorporating engaging live video that inspires others and supports local businesses. TK and I will chat with Michael about the origin of Atmosfy, and how the company keeps its content authentic and organization resilient.

In the meantime, explore our other Cybersecurity Awareness Month resources.

Who do you want to hear from next? Tell us your ideas for future guests in the comments.  

 


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Cybersecurity Re-Launchers: Pivoting into Cybersecurity as a Mid-Career Professional

By Gergana Karadzhova

It is never too late to start a career in cybersecurity — this may sound cliché, but it holds a lot of truth. If you are passionate about the topic and are ready to put in the work to acquire the skills and knowledge needed, anyone, regardless of educational background, can break into cybersecurity.

At the age of 26, I started a four-year bachelor’s degree in digital forensics. I got introduced to the field by chance after working in data analytics for a few years and taking a college class on criminology. The program that I signed up for was mostly remote, with 80% independent preparation and bi-monthly on-site weekends at the university. I quickly realized that this model of education works great for me — I could read the materials provided by the program at my own pace and use as much external materials to supplement my understanding as needed. While the program was designed for working professionals and classes were spread out over four years, instead of the usual three years for a bachelor’s degree in Germany, it required a lot of discipline to complete the coursework while having a full-time job. Along the way, I learned several things about combining the responsibilities of adult life and achieving the study goals I had set for myself.

Below, I will outline a few recommendations to follow if you would like to break into the security field as an adult learner.

Recommendation No. 1: It is never too late     

  • Depending on the country that you live in, you are facing a retirement age of at least 61 or more. Investing in your education now, regardless of how many more years you must work, is going to pay off in increased employability, greater job satisfaction and in the case of cybersecurity – increased job security.

Recommendation No. 2: Get the important people in your life on board          

  • As an adult, you have plenty of other obligations in addition to navigating your career. You have friends and family who matter to you and often depend on you for financial and moral support. Getting their buy in before you sign up for a bigger study project is essential as it will ensure that you have a long-term support network for your undertaking.
  • Take the time at the beginning of your endeavor to share your motivation and plan around making it all work. Also, clearly communicate the repercussions of your decision, such as having less time for social activities or a tighter budget for a period. This will earn you a powerful ally, and someone to enjoy celebrating successes with.

Use visual support to communicate your goals and timeline to others. This makes it easy for them to understand where you stand and why you might pass on the dinner invitation for next weekend.

Recommendation No. 3: Put skin in the game  

  • The programs that I completed are the ones I paid for. From online classes to on-site lectures, I have found that the best predictor for the completion of any program that I have started in the past ten years is not the instructors, delivery model, length, or language, but the monetary investment I made at the start of it. Based on your current budget, set aside a certain percentage to invest in your professional development and hold yourself responsible for making the most out of it.

Recommendation No. 4: Remind yourself why you started       

  • At some point, the going gets hard and you ask yourself whether it is worth it. It is good if you are prepared to face such a low point. Something that works for me every time is writing down the questions that are bothering me and reading out the answers aloud. For example, when I was preparing for CISSP (Certified Information Systems Security Professional), which was a six-month project for me, I wrote on a sheet of paper “10 reasons why I believe this certification is good use of my time and money” and then read out the answers every time I wanted to give up

Small reminders like the one above can help you stay motivated and focused.

Recommendation No. 5: Meet people from the field early on   

  • If you are pursuing a longer study program while you are still working in another field, you can easily get bogged down by the theory or dryness of the material, especially if you do not have a live instructor or a group of people to exchange with. One way to keep up your enthusiasm is to start attending events, such as meet-ups or smaller conferences, on the topic that you are studying. Even if you are still working on gaining the subject knowledge, connecting with professionals from the field will give you access to other people who share your interest and bring life to the topics that you are studying.
  • Moreover, I was pleasantly surprised by the openness with which more experienced information security professionals at such events answered my questions and shared learning resources that they had used in the past. That is one of my favorite things about the cybersecurity community – its egalitarian spirit and willingness to grow talent.

One of the first events that I attended as a student was an information day by the German research institute Fraunhofer Institute for Secure Information Technology (SIT). Public institutions like this one tend to offer more affordable events and discount rates for students.

Recommendation No. 6: Acknowledge that Rome was not built in a day

  • Changing career as an adult is difficult. It is uncomfortable to leave an area where you feel proficient and secure and head in a direction where you feel like you will aways be at a disadvantage because you started later. Yet, you will be surprised how often cybersecurity professionals with a decade of experience suffer from imposter syndrome and question their skills. There is always more to learn and the earlier you get comfortable with this concept, the better. Try to steer away from negative thoughts and invest your energy in actions that bring you closer to your goals.

Appreciate the small steps forward and be gentle to your mental health.


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

When It Comes to M&A, Security Is a Journey

By Shiva Persaud

Shiva Persaud is the director of security engineering for Cisco. His team is responsible for the Cisco Secure Development Lifecycle (CSDL), a set of practices based on a “secure-by-design” philosophy developed to ensure that security and compliance are top-of-mind in every step of a solution’s lifecycle. This blog is the third in a series focused on M&A cybersecurity, following Jason Button’s post on Demonstrating Trust and Transparency in Mergers and Acquisitions.


One of the most important considerations when Cisco acquires a company, is ensuring that the security posture of the acquisition’s solutions and infrastructure meets the enterprise’s security standards. That can be a tricky proposition and certainly doesn’t happen overnight. In fact, at Cisco, it only comes about thanks to the efforts of a multitude of people working hard behind the scenes.

“The consistent message is that no matter where a product is in its security journey, from inception to end-of-life activities, there’s still a lot of work that can happen to lead to a better security outcome,” says Persaud.

While Persaud and his team work within Cisco on all the company’s products and solutions, they also play a critical role in maintaining security standards in Cisco’s mergers and acquisitions (M&A) work.

Identifying Risks Takes the Mindset of a Hacker

Simply put, Persaud’s team is tasked with identifying the security risks posed by an acquisition’s technology and helping teams mitigate those risks.

“It starts with a risk assessment where we ask ourselves what an attacker would do to compromise this specific technology,” says Persaud. “What are the industry best practices for securing this type of technology? What do our customers expect this technology to provide from a security perspective? And once we have those risks enumerated, we prioritize them to decide which is the most important to take care of first.”

To anticipate where a hacker might find vulnerabilities and the actions they might take, the CSDL team must put themselves in that attack mindset. Fortunately for Persaud, his interest in computer security started as early as middle school. “It just kind of grew from there,” he says. “For many folks I’ve worked with and hired over the years, it’s a similar situation.”

That lifelong interest and experience work to the team’s advantage. They take a risk-based approach to security, in which they identify all the issues that need to be fixed and then rate them based on the likelihood of occurrence and seriousness of the results of an attack. Those ratings inform their decisions on which issues to fix first.

“We come up with ways to go mitigate those risks and co-author a plan called the Security Readiness Plan, or SRP,” Persaud says. “Then we partner with teams to take that plan and execute it over time.”

Not One-and-Done: Ensuring Security Is a Continual Priority

In alignment with CSDL’s continuous approach to security throughout a solution’s lifecycle, Persaud says that “security is a journey, so the workflow to finish the secure development lifecycle never ends.”

While initial onboarding of an acquired company—including completion of the initial risk assessment and the SRP—typically ends within several months of the acquisition. Persaud adds, “The work continues as the technology is integrated into a larger tech stack or as it’s modified and sold as a standalone offering to our customers.” As the solution or technology evolves and begins to include new features and functionalities, the CSDL work continues to make sure those features are secure as well.

That work can have its obstacles. Persaud says that one of the primary challenges his team deals with is cutting through the flurry of activity and bids for the acquisition’s attention that come pouring in from all sides. It’s a crazy time for both Cisco and the acquisition, with many important tasks at the top of everyone’s to-do lists. “Not just in the security realm,” says Persaud,” but in many other areas, too. So being able to get the acquisition to focus on security in a meaningful way in the context of everything else that’s happening is a major challenge.”

Another challenge is dealing with acquisitions that might not have much security expertise on their original team. That means they’re not able to give Persaud’s team much help in determining where security risks lie and how serious they are—so Cisco’s engineers have a lot more investigative work to do.

3 Ways to Make Security Simpler in M&A

When asked what advice he would give to organizations that want to maintain a good security posture when acquiring another company, Persaud names three key factors.

Top-down support for and commitment to security

To succeed in M&A security, it’s critical that the organization’s board of directors, CEO, and all subsequent levels of management support and be committed to meeting a high level of security standards and outcomes. The remaining management of the acquisition also needs to be on board with the security commitment, and both organizations should make sure that all employees recognize that commitment and support. If management support is not there, the work ultimately won’t get done. It can be difficult and time-consuming and without companywide recognition of its key importance, it won’t get prioritized, and it will get lost in the myriad of other things that all the teams have to do.

Align to industry standards and best practices

The issue of security can get really complicated, very quickly. Persaud says it’s smart to find industry standards and best practices that already exist and are available to everyone, “so you’re not reinventing the wheel—or more concerning, reinventing the wheel poorly.”

Where to look for those industry standards will vary, depending on the technology stack that needs to be secured. “If you are interested in securing a web application,” says Persaud, “then starting with the OWASP Top Ten list is a good place to start. If you are selling a cloud offer or cloud service, then look at the Cloud Security Alliance’s Cloud Controls Matrix (CCM) or the Cisco Cloud Controls Framework.”

One way to think of it, Persaud says, is that there are a variety of security frameworks certain customers will need a company to adhere to before they can use their solutions. Think frameworks like FedRAMP, SOC-2, Common Criteria, or FIPS.

“You can align your product security work to those frameworks as a baseline and then build on top of them to make technology more resilient.” It’s a great place to start.

Decide on very focused outcomes that facilitate improvement over time

It’s essential that an organization be very clear on what it wants to accomplish when it comes to ensuring security of an acquisition’s solutions and infrastructure. This will help it avoid “trying to boil the whole ocean,” says Persaud.

Persaud and his team talk about working up to security fitness the way a runner would start with a 5K and work up to an Ironman competition. “You take progressive steps towards improving,” he says. “You’re very explicit about what milestones of improvement you’ll encounter on your journey of good security.”

3 Ways Cisco Can Help

Persaud says Cisco is uniquely positioned to help organizations maintain security standards when acquiring other companies. He points to three critical differentiators.

Companywide commitment to security

“The level of visibility and support that we have for security at Cisco, starts with our board of directors and our CEO, and then throughout the organization,” says Persaud.  “This is a very special and unique situation that allows us to do a lot of impactful work from a security perspective,”

Cisco has long been adamant about security that’s built in from the ground up and not bolted on as an afterthought. It’s the reason the CSDL exists, as well as the Cisco Security & Trust Organization and the many, many teams that work every day to infuse security and privacy awareness into every product, service, and solution—including the technology and infrastructure of newly acquired companies.

Robust set of building blocks to enable secure outcomes

Once Persaud’s team has identified and assessed the security risks of an acquisition, his and other teams go about helping the acquisition address and mitigate those risks. Cisco provides a set of common building blocks or tools that teams can use to improve the security posture of an acquisition.

“We have secure libraries that teams can integrate into their code base to help them do certain things securely, so that the individual teams don’t have to implement that security functionality from scratch,” says Persaud. “And Cisco produces certain pieces of hardware that can be leveraged across our product lines, such as secure boot and secure storage.”

“Cisco’s operations stack also has various services acquisitions can use,” says Persaud. “An example of this comes from our Security Vulnerability and Incident Command team (SVIC). They provide logging capabilities that cloud offers at Cisco can leverage to do centralized logging, and then monitor those logs. SVIC also offers a security vulnerability scanning service so individual teams don’t have to do it independently.”

Another critical building block is Persaud’s team and their expertise. They act as a valuable resource that teams can consult when they want to build a new feature securely or improve the security of an existing feature.

Strong security community intent on providing solutions

Persaud concludes, “Cisco has an extremely strong and active security community where teams can ask questions, gain insights, give guidance, troubleshoot issues, share ideas and technology, and discuss emerging security topics. The community is committed to helping others instead of competing against each other. Members have the mindset of enriching the overall approach to security at Cisco and learning from any source they can to make things continually better.

Related Blogs

Managing Cybersecurity Risk in M&A

Demonstrating Trust and Transparency in Mergers and Acquisitions

 


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

The Upcoming UK Telecoms (Security) Act Part One: What, Why, Who, When and How

By Richard Archdeacon

In November 2020, the Telecommunications (Security) Bill was formally introduced to the UK’s House of Commons by the department for Digital, Culture, Media & Sport. Now, after several readings, debates, committee hearings, and periods of consultation, the Telecommunications (Security) Act is quickly becoming reality for providers of public telecoms networks and services in the UK, going live on 1 October 2022. Here, we outline what exactly the requirements mean for these firms, and what they can do to prepare.

What is the Telecommunications (Security) Act?

The Act outlines new legal duties on telecoms firms to increase the security of the entire UK network and introduces new regulatory powers to the UK Telecoms regulator OFCOM to regulate Public Telecommunications Providers in the area of cyber security. It place obligations on operators to put in place more measures around the security of their supply chains, which includes the security of the products they procure. The Act grants powers to the Secretary of State to introduce a so-called Code of Practice. It is this Code of Practice which contains the bulk of the technical requirements that operators must comply with. Those not in compliance face large fines (up to 10% of company turnover for one year).

Why has the Telecommunications (Security) Act been introduced?

Following the UK Telecoms Supply Chain review in 2018, the government identified three areas of concern that needed addressing:

  1. Existing industry practices may have achieved good commercial outcomes but did not incentivise effective cyber security risk management.
  2. Policy and regulation in enforcing telecoms cyber security needed to be significantly strengthened to address these concerns.
  3. The lack of diversity across the telecoms supply chain creates the possibility of national dependence on single suppliers, which poses a range of risks to the security and resilience of UK telecoms networks.

Following the review, little did we know a major resilience test for the telecoms industry was about to face significant challenges brought on by the Covid-19 pandemic. Data released by Openreach – the UK’s largest broadband network, used by customers of BT, Plusnet, Sky, TalkTalk, Vodafone and Zen – showed that broadband usage more than doubled in 2020 with 50,000 Petabytes (PB) of data being consumed across the country, compared to around 22,000 in 2019.

There is no question the security resilience of the UK telecoms sector is becoming ever more crucial — especially as the government intends to bring gigabit capable broadband to every home and business across the UK by 2025. As outlined in the National Cyber Security Centre’s Security analysis for the UK telecoms sector, ‘As technologies grow and evolve, we must have a security framework that is fit for purpose and ensures the UK’s Critical National Telecoms Infrastructure remains online and secure both now and in the future’.

Who does the Telecommunications (Security) Act affect?

The legislation will apply to public telecoms providers (including large companies such as BT and Vodafone and smaller companies that offer telecoms networks or services to the public). More specifically to quote the Act itself:

  • Tier 1: This applies to the largest organisations with an annual turnover of over £1bn providing public networks and services for which a security compromise would have the most widespread impact on network and service availability, and the most damaging economic or social effects.
  • Tier 2 providers would be those medium-sized companies with an annual turnover of more than £50m, providing networks and services for which security compromises would have an impact on critical national infrastructure (CNI) or regional availability with potentially significant security, economic or social effects.
  • Tier 3 providers would be the smallest companies with an annual turnover of less than £50m in the market that are not micro-entities. While security compromises to their networks or services could affect their customers, if those networks and services do not support CNI such compromises would not significantly affect national or regional availability.

When do companies need to start adhering to the Telecommunications (Security) Act?

As the requirements are long and varied and so the timelines to comply have been broken down to help organisations comply. The current Code of Practice expects Tier 1 providers to implement ‘the most straightforward and least resource intensive measures’ by 31 March 2024, and the more complex and resource intensive measures by 31 March 2025.

Tier 2 firms have been given an extra two years on top of the dates outlined above to reflect the relative sizes of providers. Tier 3 providers aren’t in scope of the regulatory changes currently but are strongly encouraged to use the Code of Practice as best practice. The Code of Practice also expects that these firms ‘must continue to take appropriate and proportionate measures to comply with their new duties under the Act and the regulations’.

How can firms prepare for the Telecommunications (Security) Act?

The TSA introduces a range of new requirements for those in the telecoms industry to understand and follow. These will require a multi-year programme for affected organisations.  An area of high focus for example will be on Third Party controls and managing the relationship with them.

However there are more common security requirements as well.  From our work with many companies across many different industries, we know that establishing that users accessing corporate systems, data and applications are who they say they are is  a key aspect of reducing risk by limiting the possibility of attacks coming in through the front door. This is a very real risk highlighted in Verizon’s 2022 Data Breaches Investigations Report, which states that around 82% of data breaches involved a human element, including incidents in which employees expose information directly or making a mistake that enables cyber criminals to access the organisation’s systems.

Therefore, one area to start to try and protect the organisation and take a step on the way to compliance is to build up authentication and secure access to systems, data and applications. However even this can take time to implement over large complex environments. It means gaining an understanding of all devices and ensuring there is a solid profile around them, so they can be reported on, attacks can be blocked and prevented, and access to applications can be controlled as needed.

Where can you find more insight on Telecommunications (Security) Act?

We will be creating more information around the Act as we move closer to the deadlines, including part two of this blog where we will take a deeper dive into themes introduced by the bill, how it compare with other industries’ and jurisdictions’ cyber security initiatives, and explore what else the telecoms industry can do to improve its security posture.

We are also running an event in London on 13 October: ‘Are you ready for TSA?’ which will include peer discussions where participation is welcome on the TSA. If you are interested in attending, please register here.

Register to attend the discussion on the new Telecom Security Act:

Are you ready for TSA?

 


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Demonstrating Trust and Transparency in Mergers and Acquisitions

By Jason Button

Jason Button is a director at Cisco and leads the company’s Security and Trust Mergers and Acquisitions (M&A) team. He was formerly the director of IT at Duo Security, a company Cisco acquired in 2018, making him uniquely positioned to lend his expertise to the M&A process. This blog is the second in a series focused on M&A cybersecurity, following Jacob Bolotin’s post on Managing Cybersecurity Risk in M&A.

Demonstrating Trust and Transparency in Mergers and Acquisitions 

All good relationships are built on trust. Add in transparency, and the union becomes even more substantial. “Trust and transparency underpin everything we do,” says Button, “Cisco takes security, trust, and transparency very seriously, and it’s part of our team’s fabric.”

When Cisco acquires a company, the Security and Trust M&A team looks at not only what they can offer in the way of security but also what unique qualities the acquired company brings to Cisco. These qualities might be related to security, but they’re also found in the acquired company’s culture, technical knowledge, and processes.

In all acquisitions, the M&A team needs to move fast. In fact, the Cisco team is committed to pushing even faster as long as they never compromise on security. Around 2020, Button and his team began taking stock of how it does things. They evaluated everything from the ground up, willing to tease out what is working and toss out what isn’t.

The team is also on a trajectory of identifying how it can digitize and automate security.

“If we were going to do things differently, we needed to be bold about it,” says Mohammad Iqbal, information security architect in the Security and Trust M&A team. One of the changes Iqbal proposed to his colleagues is to ensure that an acquired company is integrated into Cisco’s critical security controls within three months after the acquisition deal closes.

Focus on Non-Integrated Risks

To successfully meet the three-month target, the M&A team works closely with the acquired company to identify and address all non-integrated risks (NIRs) that Cisco inherits from an acquisition and encompass:

  • Visibility to get the acquired company integrated into the governance process; includes risk assessments and familiarity with all the players involved in the acquisition
  • Vulnerability management to identify and remediate vulnerabilities. Where do the acquisition’s crown jewels reside? What does the external attack surface look like? Has it been patched?
  • Security operations to determine such functions as identity, administrative access, multifactor authentication, and basic monitoring.

NIRs are a subset of eight security domains, or operating norms, that align with Cisco’s security and trust objectives and top priorities of the larger security community (Figure 1). The M&A team’s focus on NIRs steers the due diligence conversation away from identifying the acquisition’s security deficiencies and towards understanding the inherent risks associated with the acquisition and measuring the security liability.

“Acquisitions are coming in with these risks, and so we must address NIRs early when we’re signing non-disclosure agreements. In doing so, we help put these companies in a position to integrate successfully with all the security domains. And this integration should be done in the shortest time possible within a year of close,” Iqbal says.

Figure 1. Cisco’s Eight Security Domains

Building trust and being transparent early on is critical so the acquired company knows what’s expected of them and is ready to accomplish its three-month and first-year goals.

“I wish this type of conversation was offered to me when Cisco acquired Duo,” Button says. “Being on the Duo side of that deal, I would’ve been able to say with confidence, ‘OK, I get it. I know what’s expected of me. I know where to go. I know what I need to do with my team.’”

“We have a limited time window to make sure an acquisition company is heading down the right route. We want to get in there early and quickly and make it easy,” adds Button.

Time Is of the Essence

Reducing the manual intervention required by the acquired company is integral to helping the acquisition meet the three-month goal. Here’s where automation can play a significant role and the M&A team is looking toward innovation.

“We’re working on bringing in automated processes to lessen the burden on the acquired company,” says Iqbal. The M&A team realizes that much of the automation can be applied in instrumenting the security controls and associated APIs to help the team move beyond what they have already assessed at acquisition day 0 and gain the visibility they need to get the acquired company to its three-month goal. For example, they can automate getting the acquired company on Cisco’s vulnerability scans, using internal tools, or attaining administrative access privileges.

So, Iqbal, Button, and the rest of the team are working on automating processes—developing the appropriate architecture pipeline and workflows—that help acquired companies integrate critical security controls. While the ability to automate integration with security controls is not novel, the innovation that the M&A team brings to the table is the ability to position an acquired target to integrate with security controls in the most expedited way possible.

Automation in Discovery

As with due diligence, the M&A team strives to complete the discovery phase before the acquisition deal close. Here’s another step where digitization and automation can simplify and shorten processes. Take the acquisition company questionnaire, for instance.

“Instead of asking dozens of questions, we could give the company an audit script to run in their environment,” Iqbal says. “Then, all they have to do is give us the results.”

Also, the questionnaire can be dynamically rendered through a dashboard, improving the user experience, and shortening completion time. For example, the number of questions about containers could automatically retract if the acquired company uses Azure Kubernetes Service.

After the Close

Many teams within Cisco compete for an acquired company’s time before and after an acquisition deal closes. The acquired company is pulled in several different directions. That’s why the Security and Trust M&A team doesn’t stop looking for ways to digitize and automate security processes after the close—to continue to help make the acquired company’s transition more manageable.

“If we can make processes simple, people will use them and see the value in them within days, not weeks or quarters,” says Button.

“The majority of companies we acquire are smaller,” Button says. “They don’t have large security teams. We want them to tap our plethora of security experts. We want to enable an acquired company to apply Cisco’s ability to scale security at their company. Again, we want things to be simple for them.”

The M&A team helps facilitate simplicity by telling a consistent story (maintaining consistent messaging unique to the acquired company) to all the groups at Cisco involved in the acquisition, including M&A’s extended Security and Trust partners such as corporate security, IT, and supply chain. Because each group deals with different security aspects of the integration plan, it’s essential that everyone is on the same page and understands the changes, improvements, and benefits of the acquisition that are relevant to them. Maintaining a consistent message can go a long way toward reducing complexity.

It’s All About Balance

The human element can easily get overlooked throughout an acquisition’s myriad business, technical, and administrative facets. Balancing the human aspect with business goals and priorities is essential to Button and the entire Security and Trust M&A team. They want to bring the human connection to the table. In this way, trust and transparency are on their side.

“Emotions can run the gamut in an acquisition. Some people will be happy. Others will be scared. If you don’t make a human connection, you’ll lose so much value in the acquisition,” Button says. “You can lose people, skillsets, efforts. If we don’t make that human connection, then we lose that balance, and we won’t be off to a great start.”

One way the M&A team helps maintain that balance is by embracing the things that make the acquired company unique. “It’s vital to identify those things early on so we can protect and nurture them,” says Button.

He also wants to remind companies that they don’t have to be experts at everything asked of them during acquisition. “Cisco has been here for a while. We have entire teams within M&A that are dedicated to doing one thing. We can help acquired companies find out where they’re struggling. We can handle the things they don’t want to deal with.”

“M&A is complex, but complexity is off the chart when you talk about M&A and security. Our team won’t be successful if we can’t find a way to make things easier for the acquired company. They need to understand where they’re headed and why,” Button says. “It’s up to us to motivate them towards a successful outcome.”

Related Blogs

Managing Cybersecurity Risk in M&A

 


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Managing Cybersecurity Risk in M&A

By Jacob Bolotin

As Technology Audit Director at Cisco, Jacob Bolotin focuses on assessing Cisco’s technology, business, and strategic risk. Providing assurance that residual risk posture falls within business risk tolerance is critical to Cisco’s Audit Committee and executive leadership team, especially during the mergers and acquisitions (M&A) process. 

Bolotin champions the continued advancement of the technology audit profession and received a master’s degree in cybersecurity from the University of California Berkeley. After completing the program in 2020, he spearheaded a grant from Cisco to fund research conducted by the university’s Center for Long-Term Cybersecurity, which included identifying best practices around cybersecurity risk and risk management in the M&A process, captured in this co-authored report.

Risk Management and Formula One

When asked about his approach to evaluating risk management, Bolotin likens the corporate dynamics to a Formula One racing team, whose success depends on the effective collaboration of experts to meet the challenges of the most demanding racecourses. In Bolotin’s analogy, a corporation (say, Cisco) is the Formula One vehicle, and the business (i.e., executive and functional leaders) races the car on the track. In the pit, you have IT and technology support, which maintains operations and optimizes efficiencies to ensure the vehicle’s peak performance. Meanwhile, InfoSec is the designer and implementor of risk management capabilities (for instance, ensuring the latest technology is deployed and within expected specifications). These groups converge to help keep the business running and help ensure the vehicle is race-day-worthy.

An M&A deal is a significant business opportunity and represents the transition to a new Formula One race car. In this scenario, the business cannot physically get behind the wheel and test drive it. Frequently, the car cannot be inspected, and critical data is not available for review before the deal. The competitive balance and sensitive nature of M&A deals require the business to trust that the car will perform as expected. “Laser-focused due diligence enables you to understand where the paved roads [the most efficient paths to data security, for example] may lie. This is where the Cisco Security and Trust M&A team plays an integral role,” says Bolotin. “They can look down those paved roads and determine, from a cybersecurity perspective, which capabilities Cisco should own, and which ones are better for the acquired business to manage. This team understands what to validate, so the audit committee and key stakeholders can be confident that the business will be able to drive the new Formula One car successfully and win the race.”

Risk management, assessment, and assurance are vital to establishing this confidence. The technology audit team conducts risk assessments across all of Cisco, including M&As, for key technology risk areas, including product build and operation. In addition to risk management oversight, Bolotin and the technology audit team are responsible for assuring the Audit Committee that the acquired entity can be operationalized within Cisco’s capabilities without undermining the asset’s valuation.

“We don’t want to run duplicate processes and systems, especially when we have bigger economies of scale to leverage,” Bolotin says. “We must operationalize the acquisition. That is table stakes. And we must do it while maintaining the integrity and security of the entity we are acquiring.”

Working It Out in a Working Group

In 2019, Bolotin resurrected a working group of technology audit director peers from companies, including Apple, Google, Microsoft, ServiceNow, and VMware, called the “Silicon Valley IT Audit Director Working Group”. The directors meet regularly to share insights and explore issues around technology risk, risk management, and business risk tolerance. “I wanted to get with my peers and understand how they do their job,” he says.  “We collaborate on defining ‘what good looks like,’ as we co-develop audit and risk management programs to help move the industry forward”.

Bolotin, along with a few other members of the working group, was selected to participate in a separate research study conducted by the Center for Long-Term Cybersecurity, aimed at developing a generalized framework for improving cybersecurity risk management and oversight within M&A. Among the research questions, the working group members were asked to identify their key cybersecurity risks and where those risks sit in the M&A process.

“In my opinion, the biggest cybersecurity risks today are cloud security posture and third-party software inventory and bill of materials, or SBOM,” says Bolotin. “These risks impact not only product acquisitions but our ability to secure and operationalize business capabilities within Cisco. Whether we transition capabilities to run within Cisco or leave them for the acquired company to operate, we must have a thorough understanding of any third-party risks that may exist in IT, in the technologies and systems used by the acquired company, or anywhere else.  Especially those that may impact the broader Cisco enterprise as the new entity is integrated.”

Cybersecurity risk is attached to talent management and moral hazards as well. “It’s not uncommon to lose talent in acquisition deals,” Bolotin says, “and these days, much of this talent is cybersecurity focused. This potential loss is a huge risk for us and can sometimes be due to cultural differences between Cisco and the acquired entity. People who would rather be on a swift and elegant sailboat do not readily choose to be a passenger on a massive cruise ship, no matter how grand or impressive.”

Moral hazards are always a concern in M&A. Red flags can include ongoing data breaches and either downplaying or providing misleading information about a security incident. The Cisco Security and Trust M&A team does a tremendous amount of due diligence around these hazards, sometimes augmented by investigative techniques from a Cisco security partner, such as trolling the dark web. Companies can protect themselves against the risk of moral hazards through clauses inserted in the acquisition contract.

Concerning contracts, Bolotin advises companies to ensure the risk management commitments they set down are realistic. “Companies need to be very sure they have received the right inputs to enable them to manage every relevant cybersecurity vulnerability, whether it is a misconfiguration on the acquisition’s security firewall, within their network, their product in the cloud, or any other significant vulnerability, based on contractual obligations. You need to be sure you can commit to privacy investigation and breach event readiness, and notification process the acquired entity needs and have a clear sense of how fast you can meet these requirements.”

Risk Management Requires Collective Ownership

Bolotin ardently reminds companies that risk management in cybersecurity is not owned by a solitary group. Managing risk is a collective effort that transcends different organizations, each of which should understand its role in helping to mitigate the risks.

“Risk management begins in the production environment, with the engineers building code and downloading software to help them create new products and capabilities,” says Bolotin. “It’s essential that everyone understands how to identify and properly manage cybersecurity risks in their everyday work, including the tools and services used to enable the business, and work to mitigate applicable risks, especially in these critical areas.”


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

The Case for Multi-Vendor Security Integrations

By Brian Gonsalves

Just like the myriad expanding galaxies seen in the latest images from the James Webb space telescope, the cybersecurity landscape consists of a growing number of security technology vendors, each with the goal of addressing the continually evolving threats faced by customers today. In order to be effective, cybersecurity tools have to be collaborative—be it sharing relevant threat intelligence, device & user insights, acting on detection and remediation workflows, and more.

We at Cisco Secure have embraced this concept for a while now with our continually growing ecosystem of multi-vendor technology integrations. At the RSA Conference 2022 earlier this year, Jeetu Patel, Cisco’s Executive Vice President and General Manager of Security and Collaboration, spoke of how the ‘cybersecurity poverty line’ is widening and how malicious actors are taking advantage of this gaping hole to unleash persistent attacks. It is imperative that cybersecurity vendors interact with and collaborate with each other to lower this gap. To do this, security vendors must adopt open ecosystems of APIs to easily integrate with each other to provide effective ways for mutual customers to defend and react to cybersecurity attacks.

Like in prior years, this fiscal year 2022 saw us growing to include new ecosystem partners and integrations. With 22 new partners and 51 new integrations in our ecosystem, Cisco Secure Technical Alliance (CSTA) now boasts over 450 integrations, including technical integrations with Cisco Duo and Cisco Kenna. This allows our mutual customers the freedom to implement the cybersecurity tools of their choice with the knowledge that these tools can integrate with each other if they need to, thus realizing a better return on investment in their cybersecurity spending and improving cybersecurity posture.

In this annual round-up of our ecosystem, we congratulate our new partners in CSTA and existing partners as well, who have either created new integrations across our portfolio or augmented existing ones. For more details on each partner integration in this announcement, please read through the individual partner highlights below.

Happy integrating!

 


New Cisco Secure Endpoint Integrations

AT&T Cybersecurity

Logo for AT&T Cybersecurity

The AlienApp for Cisco Secure Endpoint enables you to automate threat detection and response activities between USM Anywhere and Cisco Secure Endpoint. It also enhances the threat response capabilities of USM Anywhere by providing orchestration and response actions to isolate or un-isolate hosts based on risks identified in USM Anywhere. In addition, it allows you to collect hourly events from Cisco Secure Endpoint through the USM Anywhere Job Scheduler. Read more here.

AttackIQ

AttackIQ LogoAttackIQ automates the evaluation of Cisco Secure Endpoint against the tactic categories as outlined by MITRE ATT&CK™. The AttackIQ and Cisco partnership and technical integration enables organizations to validate that the Cisco Secure Endpoint is deployed correctly and configured optimally, ensuring protection for your endpoints against the latest threats. Read more here.

Certego

Certego logoWith Certego Tactical Response for Cisco Secure Endpoint, monitored endpoints are monitored by the Certego PanOptikon SOAR platform. When Certego IRT detects malicious activities on a specific host in the customer’s network, it can isolate compromised hosts to block the attack, even without requiring the user to access the Cisco Secure Endpoint Console. Read more about the Certego here.

ServiceNow

ServiceNow logoCisco Secure Endpoint is now certified for the ServiceNow ITSM San Diego release. The Cisco Secure Endpoint App on ServiceNow provides users with the ability to integrate event data from the Cisco Secure Endpoint into ServiceNow by creating ITSM incidents. The app automates the collection of events from Cisco Secure Endpoint and groups them into single incidents. Read more here.

New Cisco Security Connector for iOS Integrations

FAMOC

FAMOC manage from Techstep, a Gartner-recognized MMS provider, is an MDM designed to give IT a complete view and absolute control over mobile devices used by the workforce, so that people can work more effectively and securely. With the Cisco Security Connector for iOS integration, FAMOC MDM extends its enterprise mobility management with an extra layer of network security and traffic analysis tool, giving IT admins tools to make actionable decisions and design access control policies. Read more here.

New Cisco Cloud Security Integrations

Elastic Security

Elastic Security now supports event ingestion from Cisco Umbrella, providing visibility into user activity and attempts to access potentially malicious domains. This new integration supports Umbrella proxy, cloud firewall, IP, and DNS logs. This integration enables security analysts to detect threats and visualize Cisco Umbrella data, and also correlate Umbrella events with other data sources including endpoint, cloud, and network. This integration expands on Elastic’s on-going expansion of Cisco integrations including ASA, Nexus, Meraki, Duo and Secure Firewall Threat Defense. Read more here.

Fortinet

FortiSIEM brings together visibility, correlation, automated response, and remediation in a single, scalable solution. It reduces the complexity of managing network and security operations to effectively free resources, improve breach detection, and even prevent breaches. Read more here.

Hunters

Hunters ingests Cisco Umbrella log and alert information into our SOC Platform; the Platform then correlates that information with all of the other (vendor agnostic) customer security telemetry, including EDR, Identity and Cloud/Network log data, in the customer’s infrastructure to synthesize and detect incidents with a higher fidelity than any single tool alone can produce. Read more here.

LearnSafe

LearnSafe equips school leaders (K-12) with evidence-based information to better understand which students are exhibiting behavioral issues and in need of help based on what they are using, saying, and doing on the school-owned computer. With Cisco Umbrella, LearnSafe administrators are able to block access to domains their students should not be accessing. Read more here.

Microsoft

The Cisco Umbrella solution for Microsoft Azure Sentinel is now live!  This integration enables your customers to ingest Cisco Umbrella events stored in Amazon S3 into Microsoft Sentinel using the Amazon S3 REST API.  Read more here.

Sumo Logic

Sumo Logic’s cloud-native collector supports automatic ingestion of logs from Cisco Umbrella’s hosted AWS S3 buckets. Data collected from Umbrella can then be routed to Sumo’s Cloud SIEM, where it is then automatically normalized and applied to our rule’s engine. Several built-in rules for Umbrella have been created that, when triggered, will generate security signals in the platform. These and other security signals are then clustered together based on related entities (IP, email, domain name, URL, etc.) to create insights for review by the SOC. Read more here.

New Cisco Firepower Next-Gen Firewall Integrations

Alkira

The Secure Firewall team and Alkira have validated Secure Firewall (Virtual) Version 7.1 to run on Alkira’s cloud network as-a-service (CNaaS) platform. The solution offers on-demand hybrid and multi-cloud connectivity, integrated network and security services, end-to-end visibility, controls and governance. Read more here.

Cyware

The Secure Firewall team has validated Cyware’s STIX 1.2 threat intelligence feed for interoperability with Secure Firewall’s Threat Intelligence Director. Customers can quickly operationalize the inbound data to protect the network from the latest threats. Read more here.

Dragos

Dragos protects critical infrastructure and has joined the CSTA program. Dragos inventories assets, determines risk and vulnerabilities and generates firewall policy objects that administrators can apply to their Cisco Secure Firewall deployment through its REST API. Read more here.

Equinix

The Secure Firewall team and Equinix have validated Secure Firewall (Virtual) to run on Equinix’s Network Edge as a Service platform. Equinix Fabric allows you to connect digital infrastructure and services on demand via secure, software-defined interconnection (Ecosystem). Read more here.

Fastvue

Fastvue has joined the CSTA program. The Fastvue Site Clean engine intelligently interprets Cisco Secure Firewall log data so that non-technical employees can easily see what people are actually doing online. The data use to keep companies compliant with workplace and school policies. Read more here.

New Cisco ISE Ecosystem Integrations

Alef Nula

Alef Nula has developed a new integration with ISE. The Alef Nula Identity Bridge consumes identity updates published by pxGrid and serves them to ASA firewalls using the CDA/Radius protocol. Using pxGrid v2.0, it replaces unsupported Cisco CDA and allows ASA firewalls to become an identity consumer of ISE context. It can read the full identity database and can update registered ASA firewalls in Full Download mode. Read more here.

Forescout

Forescout’s pxGrid Plugin integrates with existing Cisco ISE deployments so that you can benefit from Forescout visibility and assessment for policy decisions, while continuing to use ISE as an enforcement point. The pxGrid Plugin enables Forescout platform policies to detect ISE-related properties on endpoints, and to apply Cisco ISE ANC policies, including policies that assign Security Groups to devices. Read more here.

Fortinet

FortiManager provides automation-driven centralized management of Fortinet devices from a single console, enabling full administration and visibility of your network devices through streamlined provisioning and innovative automation tools. FortiManager dynamically collects updates from Cisco ISE with pxGrid and forwards them to FortiGate using the Fortinet Single Sign On (FSSO) protocol. This enables the use of session information collected by Cisco ISE to be leveraged in FortiOS security policies. Read more here.

Radiflow

Radiflow provides OT ICS policy creation and enforcement with the Radiflow iSID IDS. They recently completed a new integration with ISE leveraging pxGrid. With this integration Cisco ISE receives enriched data of OT devices from Radiflow iSID and will process it according to the profiles and policies which have been configured. Enriching ISE with OT specific insights available with iSID’s DPI engine enables better decision making within ISE by providing additional context to categorize devices by their type/function within the OT environment. Read more here.

XTENDISE

XTENDISE is a simple web application connected to Cisco ISE. It is designed for administrators, helpdesk, operators or anyone who needs to work with ISE and helps them with everyday routine tasks related to 802.1X without the need to train them in Cisco ISE. XTENDISE saves administrators’ time, prevents errors and increases network security. Read more here.

New Secure Malware Analytics (Threat Grid) Integrations

Splunk

The Cisco Secure Malware Analytics Add-On for Splunk leverages the Threat Grid API to enrich events within Splunk. The add-on is now updated for Splunk 8 and is available on Splunkbase. Read more here.

New SecureX Threat Response Integrations

Censys

Censys now has an integration with SecureX threat response, which returns Sightings of IP and IPv6 Observables (IOCs) in an investigation. Read more about the Censys relay module here.

Exabeam

The new Exabeam integration empowers users to investigate an observable and determine if it is contained in a log message stored in Exabeam Fusion SIEM Data Lake. It provides users with the date and time the observable was seen in the log, the forwarder that sent the log, and the raw log messages. When you pivot into Exabeam and search for an observable in all the log messages, the results of the search are displayed in the Exabeam UI. This integration allows you to query IPv4, IPv6, SHA-1, SHA-256, MD5, domain, URL, file path, user and email data types and it returns sightings of an observable from each log message. Read more here.

LogRhythm

The LogRhythm integration empowers users to investigate an observable and determine if it is contained in an event stored in LogRhythm. It provides users with the date and time the observable was seen in the event and the raw event data. This integration allows you to query IPv4 and IPv6 data types and it returns sightings of an observable from each event. Read more here.

NetWitness

A proof-of-concept integration with RSA NetWitness SIEM was built for the RSAC SOC and Black Hat NOCs. The SecureX Concrete Relay implementation using NetWitness as a third-party Cyber Threat Intelligence service provider. The Relay itself is just a simple application written in Python that can be easily packaged and deployed. Read more here.

ServiceNow

Cisco SecureX threat response integration with SecOps is now certified for the ServiceNow San Diego release. The module allows ServiceNow SecOps to leverage the Verdicts, Refer and Response capabilities provided by SecureX threat response to assist the security analyst in their investigation workflow. Read more here.

Sumo Logic

The Sumo Logic Cloud SIEM integration provides security analysts with enhanced visibility across the enterprise to thoroughly understand the impact and context of an attack. Streamlined workflows automatically triage alerts to maximize security analyst efficiency and focus. This integration indicates to users that the observable in an investigation is contained in an insight and/or signal within Sumo Logic Cloud SIEM. It allows you to query IPv4, IPv6, SHA-1, SHA-256, MD5, domain, and URL data types. It also returns sightings and indicators of an observable from each insight and signal retrieved from Sumo Logic Cloud SIEM. Read more here.

New SecureX Orchestration Integrations

APIVoid

APIVoid provides JSON APIs useful for cyber threat analysis, threat detection and threat prevention. The following APIVoid atomic actions for SecureX Orchestration Workflows are now available: Get Domain Reputation, Get IP Reputation, Get URL Reputation, Get URL Status. Access the workflows here.

Censys

Censys is a company that allows users to discover the devices, networks, and infrastructure on the Internet and monitor how it changes over time. SecureX orchestration atomic actions for Censys is now available and includes: Basic Search. Access the workflows here.

Cohesity

This integration radically reduces the time and resources enterprises spend to detect, investigate, and remediate ransomware threats to data. It empowers SecOps, ITOps and NetOps with visibility and automation to collaborate in countering ransomware — regardless of whether data resides on-premises or in the cloud — delivering enterprise-wide confidence in deterring, detecting, and recovering fast from cyberattacks. Cohesity’s next-gen data management enhances Cisco SecureX by adding visibility and context to data, complementing Cisco’s existing capabilities for networks, endpoints, clouds, and apps. Read more here.

Farsight Security

SecureX orchestration atomic actions for workflows are now available for Farsight Security DNSDB. They include various items like DKIM key inspections, DNS Resource Records and more. Access the workflows here.

Fortinet

SecureX orchestration workflows for Fortinet FortiGate are now available: Block URL, IP and Domain Threat Containment. Access the workflows here.

Jamf Pro

SecureX orchestration workflows for Jamf Pro include: Lock Computer, Lock Mobile Device. Access the workflows here.

Palo Alto Networks

SecureX orchestration workflows for Palo Alto Networks Panorama are now available: Block URL, IP, Domain Threat Containment. Access the workflows here.

ServiceNow

A new Orchestration action provides top MacOS IR Indicators to ServiceNow This workflow runs multiple Orbital queries on the endpoint provided to look for top incident response indicators of compromise. The results are then posted to a ServiceNow incident. Supported observables: ip, mac_address, amp_computer_guid, hostname. Access the workflow here.

Shodan

Shodan is a database of billions of publicly available IP addresses, and it’s used by security experts to analyze network security. SecureX orchestration atomic actions for Shodan include: Basic Search. Access the workflows here.

New SecureX Device Insights Integrations

Earlier this year we announced SecureX Device Insights which provides comprehensive endpoint inventory in a single unified view. Endpoint searching and reporting allows you to assess device security configuration on employee-owned, contractor-owned, company owned, and IoT/OT devices—without risking business disruption. With Device Insights you can

  • Gain a holistic view of your device data to help you simplify and automate security investigations.
  • Identify gaps in control coverage, build custom policies, and create playbook driven automation options

Device insights supports the following third-party sources in its initial release: Jamf Pro, Microsoft Intune, Ivanti MobileIron and VMware Workspace ONE (formerly AirWatch).

New Cisco Secure Access by Duo Integrations

Bitglass

Bitglass’ Next-Gen CASB provides data protection, threat protection, access management, and visibility, while Duo offers identity verification options like SSO and MFA. The Duo and Bitglass integration provide a synergistic solution that funnels traffic through Duo’s SSO and verifies users via its MFA so Bitglass can deliver real-time data loss prevention and granular adaptive access control. Because of Bitglass’ agentless architecture, the joint solution can secure any app, any device, anywhere. Read more about the integration here. A joint solution brief is also available here.

Cmd

Cmd helps companies authenticate and manage user security in Linux production environments without slowing down teams — you don’t need to individually configure identities and devices. Cmd integrates with Duo to put 2FA checkpoints into Linux-based data centers and cloud infrastructure. The combination of Cmd and Duo enables development teams to run at the modern, agile pace they are accustomed to without any security-induced slowdowns. Read more here.

Darktrace

Darktrace is an AI-native platform that delivers self-learning cyber defense and AI investigations and seamlessly integrates with other tools via an open and extensible architecture. Darktrace’s Security Module for Duo provides coverage over access, user sessions and platform administration within the Duo platform. Read more here.

Dashlane

Dashlane is a password manager that now supports Duo using Duo SSO. The integration lets IT Administrators easily deploy Duo + Dashlane and set up access policies. End users can easily access Dashlane and their passwords with SSO from Duo. Read more here.

HashiCorp

HashiCorp Vault is an identity-based secrets and encryption management system. A secret is anything that you want to tightly control access to, such as API encryption keys, passwords, and certificates. Add another layer of protection and protect access to secrets within HashiCorp Vault with Duo Security MFA. Read more here. A recording of the Cisco Duo + HashiCorp webinar is available to view here.

Oort

Oort discovers vulnerabilities across an entire user population (or a segment of it). Trigger notifications related to behavioral anomalies or best practices, or policies not being followed. Oort integrates with Duo for identity analytics and threat detection to provide a complete picture of the user behavior and highlight any anomalous activity or identify risks. Read more here.

Perimeter 81

Perimeter 81 simplifies cyber and network security for the hybrid workforce, ensuring secure access to local networks, applications, and cloud infrastructure. Their integration with Duo provides protection for administrators and end-users who need to log in to Perimeter 81. Read more here.

Specops Software

Specops Software, a leading provider of password management and authentication solutions, protects businesses by securing user authentication across high-risk tasks including account unlocks and password recovery via self-service or the IT service desk. Organizations can extend Duo authentication to secure user verification across these use cases. Read about the integration here.  A blog on the integration is also available here.

Sectona

Sectona is a Privileged Access Management company that delivers integrated privilege management components for securing dynamic remote workforce access across on-premises or cloud workloads, endpoints, and machine-to-machine communication. Duo’s secure access multi-factor authentication can be used to ensure that each user authenticates using multiple methods (factors) while accessing Sectona Privileged Access Management. Read more here.


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Our Responsible Approach to Governing Artificial Intelligence

By Anurag Dhingra

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.


Chief Information Officers and other technology decision makers continuously seek new and better ways to evaluate and manage their investments in innovation – especially the technologies that may create consequential decisions that impact human rights. As Artificial Intelligence (AI) becomes more prominent in vendor offerings, there is an increasing need to identify, manage, and mitigate the unique risks that AI-based technologies may bring.

Cisco is committed to maintaining a responsible, fair, and reflective approach to the governance, implementation, and use of AI technologies in our solutions. The Cisco Responsible AI initiative maximizes the potential benefits of AI while mitigating bias or inappropriate use of these technologies.

Gartner® Research recently published “Innovation Insight for Bias Detection/Mitigation, Explainable AI and Interpretable AI,” offering guidance on the best ways to incorporate AI-based solutions that facilitates “understanding, trust and performance accountability required by stakeholders.” This newsletter describes Cisco’s approach to Responsible AI governance and features this Gartner report.

Gartner - Introducing Cisco Responsible AI - August 2022

At Cisco, we are committed to managing AI development in a way that augments our focus on security, privacy, and human rights. The Cisco Responsible AI initiative and framework governs the application of responsible AI controls in our product development lifecycle, how we manage incidents that arise, engage externally, and its use across Cisco’s solutions, services, and enterprise operations.

Our Responsible AI framework comprises:

  • Guidance and Oversight by a committee of senior executives across Cisco businesses, engineering, and operations to drive adoption and guide leaders and developers on issues, technologies, processes, and practices related to AI
  • Lightweight Controls implemented within Cisco’s Secure Development Lifecycle compliance framework, including unique AI requirements
  • Incident Management that extends Cisco’s existing Incident Response system with a small team that reviews, responds, and works with engineering to resolve AI-related incidents
  • Industry Leadership to proactively engage, monitor, and influence industry associations and related bodies for emerging Responsible AI standards
  • External Engagement with governments to understand global perspectives on AI’s benefits and risks, and monitor, analyze, and influence legislation, emerging policy, and regulations affecting AI in all Cisco markets.

We base our Responsible AI initiative on principles consistent with Cisco’s operating practices and directly applicable to the governance of AI innovation. These principles—Transparency, Fairness, Accountability, Privacy, Security, and Reliability—are used to upskill our development teams to map to controls in the Cisco Secure Development Lifecycle and embed Security by Design, Privacy by Design, and Human Rights by Design in our solutions. And our principle-based approach empowers customers to take part in a continuous feedback cycle that informs our development process.

We strive to meet the highest standards of these principles when developing, deploying, and operating AI-based solutions to respect human rights, encourage innovation, and serve Cisco’s purpose to power an inclusive future for all.

Check out Gartner recommendations for integrating AI into an organization’s data systems in this Newsletter and learn more about Cisco’s approach to Responsible Innovation by reading our introduction “Transparency Is Key: Introducing Cisco Responsible AI.”


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Advocating for Passion, Kindness and Women in STEM

By Mary Kate Schmermund

Over her 25-year-plus career, Saleema Syed has seen the information security industry from a variety of vantage points, all while championing women in technology. Syed worked as director of business systems and data management for Duo Security before rising to vice president of information technology. Later, after Duo was acquired by Cisco, she transitioned to new roles within the larger organization and now heads up operations for Webex Marketing. In this position Syed brings structure across different functions of marketing including brand, events and technology while also serving as chief operating officer for Chief Marketing Officer Aruna Ravichandran.

“I fell in love with the culture, the kindness, the heart of this company,” Syed said.

Recently, she shared her passion for problem solving and inclusion with the Duo Blog, along with the advice she gives mentees navigating their own career paths.

Not Staying Comfortable, But Always Staying Kind

What about your work energizes you?

Saleema Syed: I like chaos and I love putting a method to the madness. With marketing we have to react to the market, react to the business, react internally. What energizes me is there’s never a dull day and there is always this ability to bring some overall end to end process.

I love running towards a burning car and figuring out how to put it out. I love change. I know change is the only constant and rather than running away from it, I thrive in it. I like to look at it and ask, “What can we do to break it down and figure out what we need to do?”

My brain works in terms of boxes and flows and charts and spreadsheets so when I look at something I’m like, “Okay, what is a box? What is a process? How do I untangle it?” I like sitting in the discomfort and understanding what to do to get out of it.

What drives your career decisions in terms of transitioning from different roles and parts of an organization?

Saleema Syed: There are three things I always keep in mind when I look at what I’m doing and where I want to be. One is, at the core of it, does it fill my cup of empathy and allow me to be true to who I am in how I treat people or how I build a team?

The second thing is, will I have the opportunity to influence and impact the people on the team or my family? How do I show myself to my daughter who is growing and seeing how to become who she is as a career person?

The third thing is, is it something new and am I learning something? Continuous learning is a huge part of who I am, so that drives me to get out of my comfort zone constantly.

When I’m changing jobs people usually say, “You’ve set up this team, you’re so comfortable. Now all you have to do is sit back and execute.” And my answer is, “That’s exactly why I am moving.”

If I am comfortable I’m not learning, and I don’t know if I’m adding any more value than I’ve set up. That means it’s time for me to move on and elevate somebody. What I’m doing is sending the elevator down to somebody on the team to grow.

That’s why I’ve had people who work for me for many years follow me through multiple organizations, which as a leader has been my pinnacle of what I call my success. Success is not my role; it is how many people I have impacted and influenced.

How do you determine the types of problems you want to solve and challenges you want to approach professionally?

Saleema Syed: I keep going back to Duo because working at that organization and meeting those people defined me as a human being. One of the strategic pillars of that organization is to be kinder than necessary.

However complicated the work challenges are, those around me must be aligned with what my integral values are and who I am. They have to have empathy and kindness in their heart. If that is not there, no matter how much I love solving challenges and know I can solve them, I’m not going to go for it. I’ve been extremely lucky at Duo, Cisco and Webex that I’ve been around those kinds of people.

If you look at Webex, I love the core of what we are, the journey we are on, the inclusivity. We are not just selling Webex messaging or other products. At the heart of it we are looking at how we are influencing people and things around us by making sure that there is inclusivity in the collaboration tools that we are launching.

Leading Through Inclusivity + Advocating for Women in Technology

What is your leadership style?

Saleema Syed: My leadership style is pretty simple: nobody works for me; people work with me. I lead with making sure that people know this is the problem you’re trying to solve, here is the context of what we are trying to do. Now, let’s figure out how we solve it. That is something that has helped my team be part of the problem solving that I love to do.

When I interview people my first questions are, “What does the job bring to you? How would this job fill your cup?” That throws people off every time. You can teach any technology, you can teach any skill set, but if you don’t have the basic passion, the attitude to be able to do this job, then everything else can just go out the door.

As a leader who is a woman of color, what particular challenges, triumphs or learning have you experienced?

Saleema Syed: I have a very diverse background. I am an Indian by birth and grew up in the Middle East. When I went into engineering, finished my education and started my career, one of the things I realized was that as a woman of color, I always wanted to apply for positions that I was fully qualified for. I wanted to make sure I knew everything about the job because a very big fear was being asked a question in the interview I didn’t know. LinkedIn’s Gender Insights Report found that women apply for 20% fewer jobs than men despite similar job search behaviors. That has been a very challenging mental barrier for me to break.

Trey Boynton, who was at Duo and now she’s leading Cisco in a beautiful journey of diversity as the senior director of inclusion and collaboration strategy always said, “We have to have that bicycle lane on the road, whether it is for females, whether it is for people of color or any LGBTQIA+ community members. That is how we get people to bring that confidence in to learn, grow and then they can merge easily.”

“Passion is a part of who I am and is contributing to my growth.” – Saleema Syed

Whatever I faced as I was growing up, whether it was my dark skin, whether it was my accent, whether it was, “Oh, you’re way too passionate” has been some of the feedback that I’ve gotten. In my career if I’m told I’m way too passionate I turn that around and say, “Passion is a part of who I am and is contributing to my growth.”

How else do you advocate?

Saleema Syed: Within Webex, within Cisco, I try to be part of anything that I can do in terms of giving back to the community. I’m definitely a big proponent of women in technology. In the local Dallas area I run a program by myself and go into schools and advocate for girls in STEM. Cisco is amazing in how it gives us time to volunteer. I love that educating kids is part of my journey of giving back. That’s the generation you can influence.

How do we enable children and women to be more open to technology and being part of the technology field? Let’s look at the percentage of diversity in the technology field and be aware of it. It’s not only about the diversity numbers, but are we bringing in candidates at the leadership level and giving them not just a seat at the table but a voice at the table, too?

You also have to talk about what you do and with passion and energy because if you don’t, people get intimidated. If you can influence one person who comes from an underrepresented community, imagine what you are doing, not just for that person, but for his household, for his family, for his extended community. I have a lot more to do, but as I get into the next decade of my life and my career, that is something that is a huge focus for me.

What advice do you have for people navigating their careers and wanting to enter tech and cybersecurity?

Saleema Syed: First and foremost it’s very important to spend time and understand the business and the products in whatever industry you’re going into. It is key to your growth. Especially if it’s a security industry, take time to understand the products, the technology or the function that you’re trying to get into. Contextual understanding and product understanding are extremely important.

The second piece is to keep learning. Cisco is amazing in trying to help you learn and support you financially to be able to do it. I went back and got my executive MBA four years ago. Give yourself a goal of learning a new something, whether it is a new function, new technology or new leadership skill.

The third piece is to create a spreadsheet of where you want to be in two years. Put that out there and then work back just like you would do a project plan. Work back month by month, quarter by quarter. What are the skill sets you need to learn to get there?

The last part is: Do the job you want versus the job you are in. Of course, you have to do the job you are in, but do the job you want to get to. Don’t wait for a title, don’t wait for a promotion to act. No. What do you want to be? Show that to your leaders and yourself. The title will come, money will come, everything will come, but am I doing the job that I want and enjoy and I want to get to?

Join Us

To learn more about Webex, Cisco and Duo Security and how you can apply your passion, advocacy and problem solving to make a difference in cybersecurity, browse our open roles.


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

More than a VPN: Announcing Cisco Secure Client (formerly AnyConnect)

By Jay Bethea

We’re excited to announce Cisco Secure Client, formerly AnyConnect, as the new version of one of the most widely deployed security agents. As the unified security agent for Cisco Secure, it addresses common operational use cases applicable to Cisco Secure endpoint agents. Those who install Secure Client’s next-generation software will benefit from a shared user interface for tighter and simplified management of Cisco agents for endpoint security.

Screengrab of the new Cisco Secure Client UI

 

Go Beyond Traditional Secure Access

Swift Endpoint Detection & Response and Improved Remote Access

Now, with Secure Client, you gain improved secure remote access, a suite of modular security services, and a path for enabling Zero Trust Network Access (ZTNA) across the distributed network. The newest capability is in Secure Endpoint as a new module within the unified endpoint agent framework. Now you can harness Endpoint Detection & Response (EDR) from within Secure Client. You no longer need to deploy and manage Secure Client and Secure Endpoint as separate agents, making management more effortless on the backend.

Increased Visibility and Simplified Endpoint Security Agents

Within Device Insights, Secure Client lets you deploy, update, and manage your agents from a new cloud management system inside SecureX. If you choose to use cloud management, Secure Client policy and deployment configuration are done in the Insights section of Cisco SecureX. Powerful visibility capabilities in SecureX Device Insights show which endpoints have Secure Client installed in addition to what module versions and profiles they are using.

Screengrab of the Securex Threat Response tool, showing new Secure Client features.

The emphasis on interoperability of endpoint security agents helps provide the much-needed visibility and simplification across multiple Cisco security solutions while simultaneously reducing the complexity of managing multiple endpoints and agents. Application and data visibility is one of the top ways Secure Client can be an important part of an effective security resilience strategy.

View of the SecureX Device Insights UI with new Secure Client features.

 

Visit our homepage to see how Secure Client can help your organization today.

 


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

 

Securing Cloud is Everyone’s Responsibility

By Morgan Mann

Cisco and AWS demonstrate shared responsibility that identifies Security “of” the Cloud versus Security “in” the Cloud.

Shared responsibility remains central to every cloud initiative and defines how cloud providers and customers work together to achieve maximum security across all aspects of the cloud. While shared responsibility is a common term, surprisingly few people understand the model and fewer still have implemented it correctly. The lack of consistent security controls across cloud services does not go unnoticed by attackers, as they probe for vulnerabilities and slip undetected through unsecured cracks.

What is the right approach?

Security teams should start by understanding the security controls provided by their cloud service providers to help them highlight areas that are susceptible to threats and attacks. Matrices, such as the following from Amazon Web Services (AWS), give a clear view of the shared responsibility model to guide an organization’s approach:

Source: AWS Shared Responsibility Model

Once Security teams understand the areas they’re responsible for securing, they can begin to construct a security model that includes the right set solutions to serve their needs.

Is there a good model for finding the right solutions?

The most effective security model is built around centralized policy and distributed enforcement, allowing security policy to be applied consistently across operating systems, applications and data using multiple security solutions. Security teams should look for ideal solutions that seamlessly integrate into their unified policy. A good first step is to ask the cloud provider for their recommendations and visit cloud marketplaces, such as the AWS Marketplace, to find and try solutions. Customers can also utilize relationships with their security vendors to obtain best practices.

What are best practices?

As Mark Twain once said, “History doesn’t repeat itself, but it often rhymes.” There are fundamental differences between on-premise and cloud security practices and controls. However, the way in which security teams discover best practices has not changed. New playbooks from trusted vendors and cloud providers are available to help security teams implement layered approaches to securing their organizations. Security teams should examine these concepts and build on them to protect their specific cloud services without needing to reinvent new models on their own. A good place to start is Cisco’s Cloud Security page.

What should security teams do next?

Watch the recent AWS and Cisco webinar to hear industry analysts, head CISO advisors, and AWS experts discuss shared responsibility, industry challenges and the ways in which other security teams are addressing the problem, and then visit the AWS Marketplace to see the latest Cisco Secure offerings. Purchasing Cisco Secure on AWS Marketplace has the additional benefit of meeting the AWS Enterprise Discount Program commitments.

What is your experience with shared responsibility? We invite you to share your thoughts.

More Cisco and AWS blogs:


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Cisco Salutes the League of Cybersecurity Heroes

By Cristina Errico

We have entered a world where uncertainty has become the normal operating mode for everyone. Within this new frontier, cybersecurity has become even more challenging. However, some cybersecurity professionals have stood out, using their unique skills and resourcefulness to protect the integrity of their businesses, and to withstand unpredictable and dynamically changing threats. In the end, they, and their businesses have emerged even stronger.

These accomplishments have lead them to be selected from over more than 700 Cisco Cybersecurity Advocates – who are also members of Cisco Insider Advocates – to join the League of Cybersecurity Heroes.

Cisco Insider Advocates is a peer networking community developed several years ago for Cisco customers around the globe. Currently, over 14,000 customers are using it to share technology insights, feedback, and best practices, and also to make meaningful connections with others in the industry. We at Cisco believe that when we connect, anything is possible, and the Insider Advocacy program is a great example of the great things that can happen when people come together.

Let’s meet our League of Cybersecurity Heroes

Roberto Alunda

As the global CISO of Mediapro, Roberto has deployed Cisco SecureX together with Umbrella, Secure Endpoint, Secure Firewall, ISE, NGIP, Threat Response, AnyConnect, and Web security. With this partnership, Mediapro has reduced its threat detection time by 90%. In addition, they have seen no false positives in their threat detection alerts. It is rare to boast of a 100% success rate, but they can boldly make that pronouncement. All of this has also benefitted Mediapro financially by incurring zero fines for any compliance issues

Blair Anderson

What do music, cybersecurity, and teaching all have in common? They all culminate in a readiness to perform. Equally, they all require collaboration, comfort with the unexpected, and a passion for the job. Blair exemplifies the best of these traits, and in doing so, he provides inspiration and excellence to all with whom he interacts. Watching Blair at work makes one wonder if there are more hours granted to him during a day than the average person. He is a time-maximizer, spending most of that time in the service of others.

Kevin Brown

Too often, cybersecurity certifications are treated derisively by some of the very professionals who need them most. This is not the case with Kevin, who can list the many benefits of attaining certifications. Kevin’s desire to improve his knowledge doesn’t stop with technology and cybersecurity. He is an avid reader of anything that can raise him up to be better than he was the day before. With a career that started in the US Marine Corps, Kevin continues to learn and grow, all the while remaining as masterful at a computer keyboard as he is his with his traditional 55-gallon-barrel BBQ smoker and grill.

Steve Cruse

Steve is a Senior Cybersecurity and Network Architect at Lake Trust Credit Union. Like most organizations, Lake Trust has had to transition to a completely remote workforce quickly, and thanks to Secure Network Analytics, they were able to transition the employees to work remotely while maintaining the same high level of visibility and protection in place. Steve was the subject of a case study about the benefits that Cisco products have brought to Lake Trust Credit Unions’ customers. He is currently collaborating to update that information to share more of his knowledge.

Enric Cuixeres

Being the Head of Information Technology is never an easy job. However, when food manufacturer, Leng-d’Or, was faced with a challenge during the pandemic that could have interrupted its production line, quick thinking, skilled leadership, and a close partnership with Cisco all lead to positive outcomes, and helped them to pull through stronger than before. Part of this success comes from Enric’s distinct understanding of the threats, solutions, and processes needed to bring security to a higher level for the Leng-d’Or organization. Enric also shares his success story very freely, adding immeasurable benefits to the security community.

Tony Dous

Cybersecurity is truly a global discipline. Tony Dous proves this by practicing his craft as a Senior Network Security Engineer in Cairo, Egypt. Tony’s involvement with the Cisco community shows how no distance is too far for a motivated cybersecurity professional.

John Patrick Duro

When John Patrick is on the job, there is no longer any feeling that the criminals are one-step ahead of the good guys. He adopted Umbrella together with Meraki to develop a proactive security approach inside his organization. John Patrick created a more unified network from a patchwork of disparate entities. In doing so, he reduced the complexity within the environment. Complexity is so often responsible for security gaps, and John Patrick’s work not only corrected those gaps, but he brought people together in the process. He and his team received great feedback from the employees, who enjoyed a consistent network experience.

Amit Gumber

We often hear stories about teenagers who become enamored with technology, leading to the fulfillment of a dream. Amit Gumber became interested in cybersecurity at an early age, pursued his passion and has worked in the field ever since. His sense of advocacy is best described in his own words: “I’m quite passionate about sharing knowledge and ideas with peers and participating in collaborative activities.” Amit’s use of Cisco technologies has helped HCL Technologies to stabilize and secure their environment.

Mark Healey

One of the most important factors for success is insatiable curiosity. Mark Healey is a continuous learner, and he is an example of someone who enthusiastically shares his knowledge. Whether it is on a personal level, or through his high engagement as part of the Cisco Insider Advocates community, or as an active member of the Internet Society, Mark is an evangelist and a positive voice for cybersecurity.

Wouter Hindriks

Wouter holds a special designation, not only as a member of the League of Cybersecurity Heroes, but also as the recipient of the “Cybersecurity Defender of the Year” award. Wouter is an active participant in the cybersecurity community, working with an almost evangelical zeal towards sharing the importance of holistic cybersecurity. His contributions stand out towards making the cyber realm a safer place.

Bahruz Ibrahimov

It is often said that the job of a cybersecurity professional in an educational facility is especially challenging. When that facility happens to be the largest in an entire country, with over 4,000 schools and universities, the job of protecting it can seem insurmountable. At AzEduNet, in Azerbaijan, Bahruz and his team is tasked with securing the network for its 1.5 Million students. With Cisco Secure, the security team reduced security incidents by 80%. This not only ensures access for the students, but also keeps the data safe.

Walther Noel Meraz Olivarria

Many people want to enter the cybersecurity profession, but few have the dedication and perseverance to fully embrace the skillset required to meet that goal. Walther Noel not only had the desire to refocus his career, but he proved it by earning the CyberOps Associate Certification. His accomplishment is a prime example of how one can step outside of their comfort zone to grow and thrive.

Pascual Sevilla

Pascual demonstrates how important it is to make the most of the learning opportunities in Cisco Insiders Advocates. While already a successful NOC engineer, he sought to advance his professional development by studying cybersecurity. He passed the CCNA CyberOps 200-201 exam, moving him closer to propelling his career to even higher achievements.

Inderdeep Singh

One of the noblest expressions of knowledge is the desire to freely share that information. Inderdeep lives up to this ideal, offering his expertise to all with no expectations of reciprocity. His charitable spirit has not gone unnoticed, as he has been a previous award winner for Cisco IT Blogs, as well as a designation on the Feedspot top 100 Networking Blog.

Luigi Vassallo

Being the first to try a new technology can be a risky proposition. However, as a COO, risk calculations are in one’s blood. Luigi, along with the Sara Assicurazioni organization, hails as the first company in Italy to embrace cloud technology. As a company with more than one million customers, this was a bold initiative that required careful planning, keen insight, and above all, collaboration. In the end, this has resulted not only in a digital transformation, but a business transformation.

Whether it is a technical achievement, a personal triumph, or a spirit of helping others, each member of our League of Cybersecurity Heroes proves how technology and humanity can work together to accomplish the impossible. Congratulations to all of them!

Want to learn more about how Cisco can help you succeed?

Join the Cisco Insider Advocacy community

 


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

 

Security Resilience in APJC

By Cindy Valladares

As the world continues to face formidable challenges, one of the many things impacted is cybersecurity. While recent challenges have been varied, they have all contributed to great uncertainty. How can organizations stay strong and protect their environments amidst so much volatility?

Lately we’ve been talking a lot about security resilience, and how companies can embrace it to stay the course no matter what happens. By building a resilient security strategy, organizations can more effectively address unexpected disruptions and emerge stronger.

Through our Security Outcomes Study, Volume 2, we were able to benchmark how companies around the world are doing when it comes to cyber resilience. Recent blog posts have taken a look at security resilience in the EMEA and Americas regions, and this post assesses resilience in Asia Pacific, Japan and China (APJC).

While the Security Outcomes Study focuses on a dozen outcomes that contribute to overall security program success, for this analysis, we focused on four specific outcomes that are most critical for security resilience. These include: keeping up with the demands of the business, avoiding major cyber incidents, maintaining business continuity, and retaining talented personnel.

Security performance across the region

The following chart shows the proportion of organizations in each market within APJC that reported “excelling” in these four outcomes:

Market-level comparison of reported success levels for security resilience outcomes

There is a lot of movement in this chart, but if you take a closer look, you will see that many of the percentage differences between markets are quite small. For example, 44.9% of organizations in the Philippines reported that they are proficient at keeping up with the business, with Mainland China closely following at 44.4%.

The biggest difference we see between the top spot and the bottom spot is around retaining security talent—42.4% of organizations in Australia reported that they were successful in that area, while only 18.3% of organizations in Hong Kong reported the same.

Next, we looked at the mean resilience score for each market in the region:

Market-level comparison of mean security resilience score

When we look at this, we can see the differences between the top six and bottom seven markets a bit more clearly. However, as the previous chart also showed, the differences are very slight. (When we take into account the gray error bars, they become even more slight.)

There are many factors that could contribute to these small differences when it comes to security resilience. But the most important thing to be gleaned from this data is how each market can improve its respective resilience level.

Improving resilience in APJC

The Security Outcomes Study revealed the top five practices—what we refer to as “The Fab Five”—that make the most impact when it comes to enhancing security. The following chart outlines the Fab Five, and demonstrates how each market in the APJC region ranked its own strength across these practices.

Market-level comparison of reported success levels for Fab Five security practices

If we look at Thailand, for example, 69.1% of organizations say they are adept at accurate threat detection, while only 28% of organizations in Taiwan say the same. Like in the previous charts, there is a lot of movement between how various markets reported their performance against these practices. However, it’s interesting to note that Taiwan remained consistent.

So does implementing the Fab Five improve resilience across organizations in APJC? Looking at the chart below, it’s safe to say that, yes, implementing the Fab Five does improve resilience. Organizations in APJC that did not implement any of the Fab Five practices ranked in the bottom 30% for resilience, whereas those that reported strength in all five rose to the top 30%.

Effect of implementing five leading security practices on overall resilience score

Boost your organization’s cyber resilience

While building resilience can sometimes seem like an elusive concept, we hope this data provides some concrete benchmarks to strive for in today’s security programs.

For additional insight, check out our resilience web page and the full

Security Outcomes Study

 


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

 

Ransomware attacks can and will shut you down

By Truman Coburn

No, ransomware attacks are not random. From extortion to data breaches, ransomware is always evolving, and is becoming very lucrative with ransomware-as-a-service kit making it easier to target organizations. The days of just a single bad actor searching for vulnerabilities in your security stack are over.  Security Operations Centers (SOCs) and the security analyst community are dealing with a sophisticated global network of adversaries who can do irreversible damage. The conversation must shift from how we can prevent a breach to how do we prepare for the inevitable breach.

What happened

Recently I found out that the small private college I attended right out of high school closed their doors permanently, falling victim to a targeted ransomware attack. This institution not only provided an education but also contributed to the local economy in this rural town for over 150 years.

The cyberattack occurred during the pandemic when most educational institutions had suddenly shifted to remote learning. Adversaries knew that the shift to remote learning would expose the college’s lack of acceptable tools for monitoring and managing applications, frequently from unsecure locations.

Unfortunately, the hackers were able to halt all admission activities, locked the administrators out from accessing critical data pertaining to the upcoming school year and ultimately, forced the school to close their doors – even after they paid the hackers the ransom.

And this is not an isolated case – Comparitech published a story ‘Ransomware attacks on US schools and colleges cost $3.56bn in 2021’ and outlined how threat actors have evolved with their ransomware attacks on schools and colleges. This is particularly concerning as many of these institutions do not have the skillsets or resources to protect their students or organization from these attacks. Below you can review their findings from a study done between 2018 – 2022:

Map: Comparitech  Get the data  Created with Datawrapper

Key findings 

In 2021: 

  • 67 individual ransomware attacks on schools and colleges–a 19 percent decrease from 2020 (83) 
  • 954 separate schools and colleges were potentially affected–a 46 percent decrease from 2020 (1,753) 
  • 950,129 individual students could have been impacted–a 31 percent decrease from 2020 
  • Ransomware amounts varied from $100,000 to a whopping $40 million 
  • Downtime varied from minimal disruption (thanks to frequent data backups) to months upon months of recovery time 
  • On average, schools lose over four days to downtime and spend almost a month (30 days) recovering from the attack 
  • Hackers demanded up to $52.3 million across just six attacks and received payment in two out of 18 cases where the school/college disclosed whether or not it paid the ransom (however, they are more likely to disclose that they haven’t paid the ransom than if they have). In one case, hackers received $547,000 
  • The overall cost of these attacks is estimated at around $3.56 billion 

Protect yourself from Cyber criminals 

Just having a firewall alone will not stop all of the attacks, it’s just a matter of time before you experience a breach.  Once the breach happens, you need a security system that will quickly detect and remediate the threat .

Resiliency must be a critical outcome for any security solution and Cisco Secure Endpoint is built to stop hackers at the point of entry. Our cloud native solution allows your security operations team to quickly detect and respond to threats minutes after a breach occurs.

Securing vectors threat actors have to your network has to be the goal 

Small to medium size businesses, hospitals, and educational institutions internal network will rely on cyber insurance in-lieu of a fully staffed, skilled cyber-security team. In today’s climate of ever-increasing sophisticated cyber threats this won’t cut it. You will need an agent that quickly detects, responds, and has visibility across your different security solutions.

With Cisco Secure Endpoint Pro we are equipped to assist with the responsibility of monitoring your endpoints for cyberattacks.  With 24/7/365 monitoring capabilities, our SOC will quickly detect and remediate any threats that targets your organization. Secure endpoint pro provides flexibility and the option of letting our SOC team do the heavy lifting while you focus on your core business.

Tangible outcomes provided by Secure Endpoint and Secure Endpoint Pro:

  • Stop threats before you’re compromised
  • Remediate faster and more completely
  • Maximize your security operations – Focus on the most important threats and gain always on security with managed EDR

Limit the amount of time threat actors have to your network

An effective managed endpoint detection and response solution frees up time for your SOC team along with accelerating detection and response time.  Cisco Secure Endpoint can reduce incident response time by as much as 97%, which limits the damage threat actors can cause after you have been breached.

Cisco Security has launched a solution geared towards protecting your school’s network by blocking malicious threats before they enter the endpoint and compromising your data. The secure endpoint agent is deployed, sits on the school endpoint freeing up time from a stretched thin IT department.

Don’t know where to get started? Check out how our EDR solution got you covered below and how to contact us to learn more.

 

Sign up for a Secure Endpoint 30-day free trial

and test drive a demo account

 

Did You Know: Cisco has a grant and funding option available for schools?

Interested? Reach out to grantsquestions@cisco.com to learn about public funding options available in your state.

 


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Security Resilience in the Americas

By Cindy Valladares

The past couple of years have brought security resilience to the forefront. How can organizations around the world build resilience when uncertainty is the new normal? How can we be better prepared for whatever is next on the threat horizon? When threats are unpredictable, resilient security strategies are crucial to endure change when we least expect it.

In a previous blog post, we assessed security resilience in Europe, Middle East, and Africa (EMEA). Now, we take a look at organizations in the Americas to find out how they fare across four security outcomes that are critical for building resilience, based on findings from Cisco’s latest Security Outcomes Study. These outcomes include:

  1. Keeping up with the demands of the business
  2. Avoiding major security incidents
  3. Maintaining business continuity
  4. Retaining talented personnel

Country-level security performance

Based on the following chart, clear differences emerge when we examine these outcomes at the country level. The chart shows the proportion of organizations in each country that are reportedly “excelling” in the four outcomes contributing to security resilience.

What we see is that 52.7% of organizations in Colombia, for example, say their security programs are excelling at keeping up with the business, while only 35.3% report that they are excelling at avoiding major incidents. You can follow each country’s path through the four outcomes to see how they view their respective performance in certain areas.

Country-level comparison of reported success levels for security resilience outcomes

What’s really at the crux of these differences in security resilience among countries? Is Colombia that much more resilient than Mexico? Do organizations in different countries have varying definitions of what resilience is, and how they perceive their success? Reasons behind these country-level differences can be attributed to a variety of things, including security maturity, cultural factors and other organizational parameters.

Find out how our customers in the Americas

are staying cyber resilient with Cisco

How to improve resilience

Knowing what we know about how organizations across the Americas view their resilience, how can they improve it? The Security Outcomes Study, Volume 2, sheds some light here. In the study, we uncovered five practices proven to boost overall success in security programs, dubbed as the Fab Five:

  1. A proactive tech refresh strategy
  2. Well-integrated tech
  3. Timely incident response
  4. Prompt disaster recovery
  5. Accurate threat detection

So, how did countries in the Americas rank their implementation of these Fab Five practices? If we look at Colombia, for example, 64% of organizations say their capabilities for accurate threat detection are strong, while only 48.1% of Canadian organizations say the same. There is a lot of movement around the top three countries: Colombia, Mexico and Brazil. The U.S. ranks fourth consistently across the board.

Country-level comparison of reported success levels for five leading security practices

You may be wondering if implementing these five security practices improved resilience across organizations in the Americas. Our study found that organizations in the Americas that do not implement any of these five practices rank in the bottom 25% for resilience, whereas those that reported strength in all five practices rose to the top 25%.

Effect of implementing five leading security practices on overall resilience score

Staying strong in the face of change

Resilience is a cornerstone of cybersecurity. The ability to quickly pivot while maintaining business continuity and robust defenses is increasingly important in today’s world. If you would like more insight on how to build a cyber resilient organization, please check out our resilience web page and the full Security Outcomes Study

Watch video: What is security resilience?


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Top of Mind Security Insights from In-Person Interactions

By Shailaja Shankar

The past few months have been chockfull of conversations with security customers, partners, and industry leaders. After two years of virtual engagements, in-person events like our CISO Forum and Cisco Live as well as the industry’s RSA Conference underscore the power of face-to-face interactions. It’s a reminder of just how enriching conversations are and how incredibly interconnected the world is. And it’s only made closer by the security experiences that impact us all.  

I had the pleasure of engaging with some of the industry’s best and brightest, sharing ideas, insights, and what keeps us up at night. The conversations offered more than an opportunity to reconnect and put faces with names. It was a chance to discuss some of the most critical cybersecurity issues and implications that are top of mind for organizations.  

The collective sentiments are clear. The need for better security has never been so strong. Securing the future is good business. Disruptions are happening faster than ever before, making our interconnected world more unpredictable.  Hybrid work is here to stay, hybrid and complex architectures will continue to be a reality for most organizations and that has dramatically expanded the threat surface. More and more businesses are operating as ecosystems—attacks have profound ripple effects across value chains. Attacks are becoming more bespoke, government-sponsored threat actors and ransomware as a service, continue to unravel challenging businesses to minimize the time from initial breach to complete compromise, in the event of a compromise.  

Digital transformation and Zero Trust 

Regardless of where organizations are on their digital transformations, they are progressively embarking upon journeys to unify networking and secure connectivity needs. Mobility, BYOD (bring your own device), cloud, increased collaboration, and the consumerization of IT have necessitated a new type of access control security–zero trust security. Supporting a modern enterprise across a distributed network and infrastructure involves the ability to validate user IDs, continuously verify authentication and device trust, and protect every application— 

without compromising user experience. Zero trust offers organizations a simpler approach to securing access for everyone, from any device, anywhere—all the while, making it harder for attackers.  

Seeking a simpler, smarter ecosystem 

Simplicity continues to be a hot topic, and in the context of its functionality. In addition to a frictionless user experience, the real value to customers is improving operational challenges. Security practitioners want an easier way to secure the edge, access, and operations—including threat intelligence and response. Key to this simplified experience is connecting and managing business-critical control points and vulnerabilities, exchanging data, and contextualizing threat intelligence. And it requires a smarter ecosystem that brings together capabilities, unifying admin, policy, visibility, and control. Simplicity that works hard and smart—and enhances their security posture. The ultimate simplicity is improved efficacy for the organization. 

Everyone is an insider  

Insider cyber-attacks are among the fastest growing threats in the modern security network, an increasingly common cause of data breaches. Using their authorized access, employees are intentionally or inadvertently causing harm by stealing, exposing, or destroying sensitive company data. Regardless, the consequences are the same—costing companies big bucks and massive disruption. It’s also one of the reasons why “identity as the new perimeter” is trending, as the primary objective of all advanced attacks is to gain privileged credentials. Insider attack attempts are not slowing down. However, advanced telemetry, threat detection and protection, and continuous trusted access all help decelerate the trend. Organizations are better able to expose suspicious or malicious activities caused by insider threats. Innovations are enabling business to analyze all network traffic and historical patterns of employee access and determine whether to let an employee continue uninterrupted or prompt to authenticate again.  

The interconnection conundrum and the ransomware ruse   

Supply chain attacks have become one of the biggest security worries for businesses. Not only are disruptions debilitating, but no one knew the impacts or perceived outcomes. Attackers are highly aware that supply chains are comprised of larger entities often tightly connected to a broad array of smaller and less cyber-savvy organizations. Lured by lucrative payouts, attackers seek the weakest supply chain link for a successful breach. In fact, two of the four biggest cyber-attacks that the Cisco Talos team saw in the field last year were supply chain attacks that deployed ransomware on their targets’ networks: SolarWinds and REvil’s attack exploiting the Kaseya managed service provider. While there’s no perfect way to absolutely protect from ransomware, businesses are taking steps to bolster their defenses and protect against disaster. 

Data privacy is getting personal 

Security incidents targeting personal information are on the rise. In fact, 86 percent of global consumers were victims of identity theft, credit/debit card fraud, or a data breach in 2020. In a recent engagement discovered by the Cisco Talos team, the API on a customer’s website could have been exploited by an attacker to steal sensitive personal information. The good news is governments and businesses alike are leaning into Data Privacy and Protection, adhering to global regulations​ that enforce high standards for collecting, using, disclosing, storing, securing, accessing, transferring, and processing personal data.​ Within the past year, the U.S. government implemented new rules to ensure companies and federal agencies follow required cybersecurity standards. As long as cyber criminals continue seeking to breach our privacy and data, these rules help hold us accountable.  

Through all the insightful discussions with customers, partners, and industry leaders, a theme emerged. When it comes to cybersecurity, preparation is key and the cost of being wrong is extraordinary. By acknowledging there will continue to be disruptions, business can prepare for whatever comes next. And when it comes, they’ll not only weather the storm, but they will also come out of it stronger. And the good news is that Cisco Security Business Group is already on the journey actively addressing these headlines, and empowering our customers to reach their full potential, securely. 


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

What do customers really want (and need) from security?

By Neville Letzerich

Insights from the RSA Conference and Cisco Live

What is it that customers truly want from their security? Is it simplicity? Robust protection? Agility and flexibility? Yes! In today’s uncertain world where new challenges are being thrown at IT teams each day, security must meet many diverse needs. At the end of the day, it’s about keeping the entire business resilient despite the chaos of the cyber world.  

As hybrid work, the move to the cloud, and increasingly insidious threats all converge to create layers of complexity, security teams must be extra vigilant and ready for what’s next. They need a comprehensive, integrated security system whose various components share information and work together to pinpoint attacks and minimize organizational impact — without introducing undue friction.

With businesses, networks, clouds and devices becoming so interconnected, delivering next-level security to match the future of work is a formidable undertaking — one that few vendors are positioned to tackle. But thanks to our nearly 40-year heritage of providing and protecting a vast amount of the world’s networking infrastructure, Cisco is up for the challenge.

“At a moment’s notice, we were able to transition 80 percent of our workforce to be remote — and our company was never remote before. Because of our Cisco solutions, we were able to deploy everything and have people work well remotely with very minimal issues.”

— Joseph Rodriguez, Assistant Director of IT, Allied Beverage Group  

How Cisco secures your resilience  

Delivering security that is simple, powerful and resilient is something we’ve been executing on for years, yet it’s never been more critical than it is at this very moment. The month of June has afforded us the perfect opportunity to showcase exactly how we plan to keep our customers cyber resilient both now and in the future.

Read about the five dimensions of security resilience.

During the RSA Conference and Cisco Live, we announced our strategic plan for the Cisco Security Cloud, a global, cloud-delivered, integrated platform that secures and connects organizations of any shape and size. As we continue to move towards the Cisco Security Cloud vision, we recently unveiled several advancements in our portfolio across SASE, XDR and zero trust.

You can read our news announcement to learn more about security resilience and how we’re delivering it. But more important than the ‘how’ is the ‘why.’ Why Cisco? What makes us uniquely positioned to secure your resilience?

Why Cisco?  

As I mentioned, our customers have trusted us with their networks for nearly four decades. Currently, 80 percent of the world’s internet traffic travels through Cisco infrastructure — so we have a pretty good handle on what’s going on out there. From a security standpoint alone, we have over 300,000 customers around the globe, including 100% of the Fortune 100.

As a leader in both networking and security, the breadth and depth of our solutions is unmatched. While other vendors are just beginning to join networking with security, we’ve been doing it for years. And yet, we’re continually finding ways to simplify our robust solutions for a streamlined user experience — no matter the size of your organization, where your employees work, or whether your applications are on-premises, in the cloud, or both.

Learn more about security resilience for the hybrid work era.

In addition to unparalleled infrastructure and expertise, our open, cloud-native architecture allows you to integrate with a wide range of third-party security and technology solutions for more seamless threat defense. This includes the major cloud vendors, enabling you to secure a multi-cloud environment without getting locked in with just one public cloud provider.

Additionally, all of our solutions are backed by Cisco Talos, one of the largest commercial threat intelligence teams in the world. Combined with in-depth visibility from our Cisco Secure technologies, Talos’ extensive insight into the threat landscape leads to rapid, highly effective detection and response.

Customer insights into the “new normal”  

Even more crucial than what we have to say is what we have heard from our customers surrounding the “new normal” for security. “I think what the security industry could use right now is a real business outcome-oriented viewpoint,” said Tom Doughty, vice president and CISO at Prudential Financial. “Meaning, what are the strategic business outcomes you’re trying to enable? Cisco can help security teams be more aligned to our business and more resilient by allowing us to see at a granular level what’s happening in our environment, especially in an extended network.”

For the law firm of George Sink, P.A., the demands of supporting hybrid work accelerated the company’s move to the cloud. The firm is now using Cisco’s new, turnkey SASE solution to securely serve its clients under any circumstance — be it a pandemic or a hurricane. According to the firm’s CIO, Timothy Mullen, “The ability to…re-establish connectivity in another region almost immediately, with my small IT team, is unheard of and a game-changing experience.”

From financial to legal transactions, and much more, we can secure it all with our open, integrated protection platform and unwavering focus on resilience. We even had the honor of securing the Super Bowl earlier this year, helping to safeguard mission-critical gameday operations. 

“The Super Bowl and events of that magnitude require a humongous orchestration of interconnectedness, not only from a technology perspective but also a people standpoint,” said NFL Chief Information Security Officer, Tomás Maldonado. “What we’re trying to do is slow down the bad actors and make it more difficult for them to attack us and impact what’s happening on the field. But at the same time, we also have to look beyond the field and think about all the various parts of our business that could be affected by an attack — recognizing that our risk factors are always changing.”

Safeguard your future with Cisco  

To learn more about how to keep your business strong in the face of adversity, visit our resilience web page and check out the blog from Cisco’s Jeetu Patel, “Security Resilience for a Hybrid, Multi-Cloud Future.”

Watch video: Voice of the Customer – Security Resilience


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Security Resilience for a Hybrid, Multi-Cloud Future

By Jeetu Patel

Eighty-one percent of organizations told Gartner they have a multi-cloud strategy. As more organizations subscribe to cloud offerings for everything from hosted data centers to enterprise applications, the topology of the typical IT environment grows increasingly complex.

Now add the proliferation of hybrid work environments, the rapid ascendance of Internet of Things (IoT) devices, and an increasingly sophisticated and malicious cyber threat landscape, and it becomes immediately clear that protecting the integrity of your IT ecosystem is now a next-level problem.

In an unpredictable world, organizations everywhere are investing in initiatives that will infuse resilience into every aspect of their business, from finance to supply chains. To protect those investments, we believe they also need to invest in security resilience — the ability to protect your business against threats and disruption, and to respond to changes confidently so you can emerge even stronger.

This requires a next-level solution.

That’s why we’re building the Cisco Security Cloud — a global, cloud-delivered, integrated platform that secures and connects organizations of any shape and size. This cloud-native service is aimed at helping you protect users, devices and applications across your entire ecosystem. It will be a comprehensive, integrated set of services designed to scale with your business.

An open security platform that eliminates vendor lock-in

The Cisco Security Cloud will directly address these challenges by bringing together the depth and breadth of the Cisco security portfolio, and is:

  • Cloud-native and multi-cloud – Securely connecting users, devices, and IoT to systems, apps, and data – across hybrid environments, optimizing performance and providing a frictionless experience by placing security closer to users, their data, and their applications. 
  • Unified – Bringing together core capabilities including policy management, management consoles, and dashboards for better end-to-end security efficacy. 
  • Simplified – Reducing friction for users and IT by consolidating endpoint agents and having a relentless focus on user experience.
  • AI/ML-driven – Leveraging massive volumes of telemetry across our portfolio, from the devices and networks we protect, enabling better detection, altering, and automation to improve the efficacy of the platform. 
  • Open and extensible – Providing APIs for integration and to support a rich developer ecosystem and marketplace.

Join our innovative security journey

We have been on this journey for years. We at Cisco Secure have been delivering key components of this security cloud, and those solutions already protect 840,000 networks, 67 million mailboxes and 87 million endpoints for customers the world over.

And today at the RSA Conference, we’re taking the next step by announcing our latest innovations addressing four key areas:

The move to hybrid, multi-cloud environments

Today we are announcing Cisco’s turnkey Secure Access Service Edge (SASE) offering, Cisco+ Secure Connect Now, to simplify how organizations connect and protect users, devices, data, and applications, anywhere. Built on the Meraki platform, and available as a subscription, it unifies security and networking operations, as well as client connectivity and visibility into a single cloud-native solution, that can be set up in minutes.

The move to hybrid work

Cisco is continuing to build out continuous trusted access solutions that that constantly verify user and device identity, device posture, vulnerabilities, and indicators of compromise.  To evaluate risk after authentication, location information is critical, but we think GPS data is too intrusive. So today we are introducing a new patent-pending Wi-Fi Fingerprint capability (available in Public Preview this summer) to understand user location without compromising location privacy. We are also announcing new Session Trust Analysis capabilities to evaluate risk after login by using open standards for shared signals and events. We will unveil the first integration of this technology with a demo of Duo MFA and Box this week. 

Addressing advanced threats

As organizations become more interconnected as ecosystems, and attacks become more sophisticated and personalized, it is no longer adequate to evaluate risk and threats generically across the industry. Organizations need deeper levels of advice and expertise.  We are excited to launch the new Talos Intelligence On-Demand service, available now, offering custom research on the threat landscape unique to each organization. Talos Intelligence on Demand can assist with custom research, and brief our customers on the unique risks, threats, and mitigation strategies for their organizations.

The need for simplification

Simplification is critical to driving better security efficacy. To that end, we are excited to announce the new Cisco Secure Client (available this summer), combining AnyConnect, Secure Endpoint, and Umbrella, to simplify how administrators and users manage endpoints. This follows the launch of the new cloud-delivered Secure Firewall Management Center, which unifies management for both cloud and on-premise firewalls.

There is more work to be done, of course, and today’s announcements at the RSA Conference are the latest advances in support of this vision. We will continue working on all aspects of the Security Cloud to improve our customers’ security resilience in the face of unprecedented change and increasing threats. Because next-level problems deserve next-level solutions. 

 


 

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

More Mysterious DNS Root Query Traffic from a Large Cloud/DNS Operator

By Duane Wessels
Mysterious DNS Root Query Traffic from a Large Cloud/DNS Operator

This blog was also published by APNIC.

With so much traffic on the global internet day after day, it’s not always easy to spot the occasional irregularity. After all, there are numerous layers of complexity that go into the serving of webpages, with multiple companies, agencies and organizations each playing a role.

That’s why when something does catch our attention, it’s important that the various entities work together to explore the cause and, more importantly, try to identify whether it’s a malicious actor at work, a glitch in the process or maybe even something entirely intentional.

That’s what occurred last year when Internet Corporation for Assigned Names and Numbers staff and contractors were analyzing names in Domain Name System queries seen at the ICANN Managed Root Server, and the analysis program ran out of memory for one of their data files. After some investigating, they found the cause to be a very large number of mysterious queries for unique names such as f863zvv1xy2qf.surgery, bp639i-3nirf.hiphop, qo35jjk419gfm.net and yyif0aijr21gn.com.

While these were queries for names in existing top-level domains, the first label consisted of 12 or 13 random-looking characters. After ICANN shared their discovery with the other root server operators, Verisign took a closer look to help understand the situation.

Exploring the Mystery

One of the first things we noticed was that all of these mysterious queries were of type NS and came from one autonomous system network, AS 15169, assigned to Google LLC. Additionally, we confirmed that it was occurring consistently for numerous TLDs. (See Fig. 1)

Distribution of second-level label lengths in NS queries from AS 15169
Figure 1: Distribution of second-level label lengths in queries to root name servers, comparing AS 15169 to others, for several different TLDs.

Although this phenomenon was newly uncovered, analysis of historical data showed these traffic patterns actually began in late 2019. (See Fig. 2)

Daily count of NS Queries from AS 15169
Figure 2: Historical data shows the mysterious queries began in late 2019.

Perhaps the most interesting discovery, however, was that these specific query names were not also seen at the .com and .net name servers operated by Verisign. The data in Figure 3 shows the fraction of queried names that appear at A-root and J-root and also appear on the .com and .net name servers. For second-level labels of 12 and 13 characters, this fraction is essentially zero. The graphs also show that there appears to be queries for names with second-level label lengths of 10 and 11 characters, which are also absent from the TLD data.

Fraction of SLDs seen at A/J-root also seen at TLD (AS 15169 queries)
Figure 3: Fraction of queries from AS 15169 appearing on A-root and J-root that also appear on .com and .net name servers, by the length of the second-level label.

The final mysterious aspect to this traffic is that it deviated from our normal expectation of caching. Remember that these are queries to a root name server, which returns a referral to the delegated name servers for a TLD. For example, when a root name server receives a query for yyif0aijr21gn.com, the response is a list of the name servers that are authoritative for the .com zone. The records in this response have a time to live of two days, meaning that the recursive name server can cache and reuse this data for that amount of time.

However, in this traffic we see queries for .com domain names from AS 15169 at the rate of about 30 million per day. (See Fig. 4) It is well known that Google Public DNS has thousands of backend servers and limits TTLs to a maximum of six hours. Assuming 4,000 backend servers each cached a .com referral for six hours, we might expect about 16,000 queries over a 24-hour period. The observed count is about 2,000 times higher by this back-of-the-envelope calculation.

Queries per day from AS 15169 to A/J-root for names with second-level label length equal to 12 or 13 (July 6, 2021)
Figure 4: Queries per day from AS 15169, for names with second-level label length equal to 12 or 13, over a 24-hour period.

From our initial analysis, it was unclear if these queries represented legitimate end-user activity, though we were confident that source IP address spoofing was not involved. However, since the query names shared some similarities to those used by botnets, we could not rule out malicious activity.

The Missing Piece

These findings were presented last year at the DNS-OARC 35a virtual meeting. In the conference chat room after the talk, the missing piece of this puzzle was mentioned by a conference participant. There is a Google webpage describing its public DNS service that talks about prepending nonce (i.e., random) labels for cache misses to increase entropy. In what came to be known as “the Kaminsky Attack,” an attacker can cause a recursive name server to emit queries for names chosen by the attacker. Prepending a nonce label adds unpredictability to the queries, making it very difficult to spoof a response. Note, however, that nonce prepending only works for queries where the reply is a referral.

In addition, Google DNS has implemented a form of query name minimization (see RFC 7816 and RFC 9156). As such, if a user requests the IP address of www.example.com and Google DNS decides this warrants a query to a root name server, it takes the name, strips all labels except for the TLD and then prepends a nonce string, resulting in something like u5vmt7xanb6rf.com. A root server’s response to that query is identical to one using the original query name.

The Mystery Explained

Now, we are able to explain nearly all of the mysterious aspects of this query traffic from Google. We see random second-level labels because of the nonce strings that are designed to prevent spoofing. The 12- and 13-character-long labels are most likely the result of converting a 64-bit random value into an unpadded ASCII label with encoding similar to Base32. We don’t observe the same queries at TLD name servers because of both the nonce prepending and query name minimization. The query type is always NS because of query name minimization.

With that said, there’s still one aspect that eludes explanation: the high query rate (2000x for .com) and apparent lack of caching. And so, this aspect of the mystery continues.

Wrapping Up

Even though we haven’t fully closed the books on this case, one thing is certain: without the community’s teamwork to put the pieces of the puzzle together, explanations for this strange traffic may have remained unknown today. The case of the mysterious DNS root query traffic is a perfect example of the collaboration that’s required to navigate today’s ever-changing cyber environment. We’re grateful and humbled to be part of such a dedicated community that is intent on ensuring the security, stability and resiliency of the internet, and we look forward to more productive teamwork in the future.

The post More Mysterious DNS Root Query Traffic from a Large Cloud/DNS Operator appeared first on Verisign Blog.

How Cisco Duo Is Simplifying Secure Access for Organizations Around the World

By Jackie Castelli

At Cisco Duo, we continually strive to enhance our products to make it easy for security practitioners to apply access policies based on the principles of zero trust. This blog highlights how Duo is achieving that goal by simplifying user and administrator experience and supporting data sovereignty requirements for customers around the world. Read on to get an overview of what we have been delivering to our customers in those areas in the past few months.

Simplifying Administrator and End-User Experience for Secure Access 

Duo strives to make secure access frictionless for employees while reducing the administrative burden on IT (Information Technology) and helpdesk teams. This is made possible thanks to the strong relationship between our customers and our user research team. The insights we gained helped us implement some exciting enhancements to Duo Single Sign-On (SSO) and Device Trust capabilities.

Duo SSO unifies identities across systems and reduces the number of credentials a user must remember and enter to gain access to resources. Active Directory (AD) is the most popular authentication source connected to Duo SSO, accounting for almost 80% of all setups. To make Duo’s integration with AD even easier to implement, we have introduced Duo SSO support for multiple Active Directory forests for organizations that have users in multiple domains. Additionally, we added the Expired Password Resets feature in Duo SSO. It provides an easy experience for users to quickly reset their expired Active Directory password, log into their application, and carry on with their day. Continuing the theme of self service, we introduced a hosted device management portal – a highly requested feature from customers. Now administrators no longer need to host and manage the portal, and end users can login with Duo SSO to manage their authentication devices (e.g.: TouchID, security keys, mobile phone etc.) without needing to open IT helpdesk tickets.

We are also simplifying the administrator experience. We have made it easy for administrators to configure Duo SSO with Microsoft 365 using an out of the box integration. Duo SSO layers Duo’s strong authentication and flexible policy engine on top of Microsoft 365 logins. Further, we have heard from many customers that they want to deliver a seamless on-brand login experience for their workforce. To support this, we have made custom branding so simple that administrators can quickly customize their end-user authentication experience from the settings page in the Duo Admin Panel.

Device Trust is a critical capability required to enable secure access for the modern workforce from any location. We have made it easy for organizations to adopt device trust and distinguish between managed and unmanaged devices. Organizations can enforce a Trusted Endpoint policy to allow access only from managed devices for critical applications. We have eliminated the requirement to deploy and manage device certificates to enforce this policy. Device Health application now checks the managed status of a device. This lowers administrative overhead while enabling organizations to achieve a better balance between security and usability. We have also added out-of-box integrations with unified endpoint management solutions such as Active Directory domain-joined devices, Microsoft Intune, Jamf Pro and VMware Workspace ONE. For organizations that have deployed a solution that is not listed above, Duo provides a Device API that works with any enterprise device management system.

 Supporting Global Data Sovereignty Requirements 

To support our growing customer base around the world, Duo expanded its data center presence to  Australia, Singapore, and Japan in September last year. And now Duo is thrilled to announce the launch of the two new data centers in the UK and India. Both the new and existing data centers will allow customers to meet all local requirements, all while maintaining ISO27001 and SOC2 compliance and a 99.999% service availability goal.

The launch of the new data centers is the backbone of Duo’s international expansion strategy. In the last two years, Duo has met key international growth milestones and completed the C5 attestation (Germany), AgID certification (Italy) and IRAP assessment (Australia) – all of which demonstrate that Duo meets the mandatory baseline standards for use by the public sector in the countries listed above. Check out this Privacy Data Sheet to learn more about Cisco Duo’s commitment to our customer’s data privacy and data sovereignty.

Cisco Duo Continues to Democratize Security 

That is a summary of what we have been up to here at Cisco Duo in the past few months. But we are not done yet! Stay tuned for more exciting announcements at RSA Conference 2022 next week. Visit us at our booth at RSAC 2022 and World of solutions at Cisco Live 2022.

In the meanwhile, check out this on-demand #CiscoChat panel discussion with real-world security practitioners on how they have implemented secure access best practices for hybrid work using Duo. And if you do not want to wait, sign-up for a 30 day trial and experience how Duo can simplify secure access for your workforce.

 


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Your employees are everywhere. Is your security?

By Neville Letzerich

Embracing security resilience for the hybrid work era

Hybrid work is here to stay. According to our survey, only 9 percent of the global workforce plans to return to the office full time. Employees have become accustomed to working from home and on-the-go, and modern organizations will need to keep up with this shift to retain much-needed talent.

While flexibility has become king, many people may also miss in-person collaboration, and will want to meet with others in the office on an ad hoc basis. Businesses will need to be ready for this future of work, and empower their employees to easily conduct their roles from the office, home, coffee shop, or anywhere in between.

While it may sound daunting, it doesn’t have to be. With the right strategies and technologies in place, hybrid work can afford an organization many opportunities. It can introduce enhanced levels of agility and resilience for better company performance. It can help businesses attract skilled professionals in a competitive market. And it can also lead to cost savings, greater operational efficiencies, and improved environmental sustainability.

Of course there will always be challenges. One such challenge is cybersecurity, and hence, security resilience. With more assets to keep track of in more places, hybrid work can lead to gaps in visibility and control, providing attackers with additional ways to get in. But while attackers work hard to get into your network, Cisco continues to innovate to keep them out, no matter where your devices or users may go.

Key security architectures for safeguarding hybrid work  

Many of the core security architectures we have been building and offering for the past several years will help to ensure a smoother transition to hybrid work, as well as greater security resilience:

  • Cisco Zero Trust delivers a comprehensive solution to secure all access across your applications and infrastructure, from any user, device, and location. Having visibility and control over who and what is accessing your environment — and what they are doing once inside — is a critical component of a successful hybrid work strategy. Unlike traditional security, the protection offered by zero trust is not based solely on location. That way, you can make sure that only the right people and devices have permissions to access specific data at specified times.
  • Cisco Secure Access Service Edge (SASE) leverages the cloud to enable seamless, secure access to applications from anywhere users work. By converging security and networking functionality into a single, cloud-delivered service, SASE improves operational efficiency and performance while also strengthening threat protection for the hybrid workforce.
  • The Cisco SecureX platform harnesses the power of integration to automate and accelerate threat detection and response for a distributed environment. SecureX provides extended detection and response (XDR) capabilities and more. It brings together technologies from both Cisco and third parties for a unified view and defense across the network, endpoints, cloud, and applications.

Just as the workplace has evolved, so has the threat landscape. To make things even easier, we have put together the Cisco Secure Hybrid Work solution to provide exactly what you need to keep your business safe in this new work environment. All of our security technologies are backed by the superior threat intelligence of Cisco Talos, so customers can quickly adapt to detect and combat the latest risks. Talos also offers robust incident response services to help companies prepare for, respond to, and rapidly recover from attacks.

Learn how Mediapro used Cisco technologies to transition to hybrid work.

New hybrid work innovations  

We continue to innovate to make sure our customers are prepared for what’s next. Most recently, we launched the Cisco Secure Firewall 3100 Series, which is specifically designed for hybrid work. The new firewall supports more remote workers with up to six times faster VPN performance, and also delivers a strong video conferencing experience. Cisco Secure Firewall enhances visibility and threat detection even in encrypted traffic, and helps strengthen your zero trust security posture. It also integrates with Cisco SecureX for rapid incident response.

Additionally, we recently unveiled the Cisco SecureX device insights feature. Device insights allows organizations to collect and correlate data from multiple sources to determine which devices are in an environment, where they are located, who is accessing them, their security status, and more. With so many new machines connecting to corporate infrastructure, this level of information is crucial for safeguarding the future of work.

Powering the future of work with Cisco  

In addition to security, Cisco’s broad hybrid work portfolio spans collaboration, networking, and IoT. With a nearly 40-year history of providing secure connectivity around the globe, we are well-equipped to empower workers to perform their best from anywhere.

“Security has always been a high priority with our extensive and intricate network but was even more critical once the pandemic began,” said Lukene Berrosteguieta, head of security operations at energy company, Repsol. “[Cisco] Business Critical Services has supported our efforts every step of the way to enhance and maintain network security across our entire infrastructure to ensure the safety of our customers and workers.”

According to Dan Turner, CIO at Per Mar Security Services, “Once COVID-19 hit the United States…we leveraged our existing infrastructure to spin up virtual workspaces for all our employees within a week so that they could work from home…. Our Cisco systems and security frameworks allowed Per Mar to move quickly and safely to support our employees.”

The way we work has forever changed, and will continue to evolve. We must enable our teams to be productive and competitive no matter what comes next. Learn how you can boost your organization’s security resilience for the years ahead.

Explore the Cisco Secure Hybrid Work Solution


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

 

Security resilience from the classroom to the cloud

By Cristina Errico

A conversation with Shawnee Heights School District  

You have likely heard us talking more about security resilience in recent weeks. Resilience has always been a key part of cybersecurity, but the last few years have really highlighted its importance.  

At Cisco, we define security resilience as: The ability to protect the integrity of every aspect of your business to withstand unpredictable threats or changes, and then emerge stronger. Depending on the business, this will look a bit different for every organization.  

For the Shawnee Heights School District in Kansas, it means empowering roughly 3,700 K-12 students with modern education technology including laptops and iPads, while still maintaining the security and integrity of the district’s data and infrastructure. Shawnee Heights has about 5,500 devices on its network every day, three-quarters of which go home with staff and students each night.  

We recently spoke with Shawnee Heights IT Director and Cisco Gateway Cybersecurity Ambassador, Blair Anderson, to hear about how the district keeps these educational devices secure as they travel back and forth to unprotected networks.  

Q: How are you able to let so many devices leave your network each day and still feel safe? 

Blair: With Cisco, we have the security in place to keep our devices secured no matter where they go. I know that when they leave, we still have visibility into what’s happening and the threats they could be bringing into our district. We can remediate the threats before they even hit our network the next day.  

Q: How have recent changes in technology impacted your security? 

Blair: Digitalization has had a huge impact on Shawnee Heights. We have moved away from textbooks and deployed devices to all our students. That’s a big change. We’ve also seen a substantial increase in the amount of documents and data going up into the cloud. That creates a need for us to make sure all this information is secure, and that our users don’t get compromised.  

Q: What exactly were you looking for in a security solution? 

Blair: Several years ago, we did not have the security in place to keep these devices protected. They were coming back into the district with all kinds of threats, and we had to constantly reimage them. When we started looking at a security architecture, we wanted something that was in the cloud and that could keep our staff and students safe 24/7, 365 days a year. 

We also wanted something that would run in the background. We didn’t want security pop-ups and alerts impacting our users and their day-to-day routine. At the same time, it was crucial for our IT staff to have in-depth visibility into what was happening on each device to easily detect, track, and mitigate attacks.  

Q: How does Cisco help you safeguard the transition to digital learning? 

Blair: Through a combination of technologies including Cisco Secure Endpoint and Cisco Umbrella, we can see and block attacks from multiple vectors including the internet and email whether a device is on or off the network. Most importantly, it’s all integrated through the Cisco SecureX platform, so we get a unified view into our systems and potential risks, and can also automate and accelerate our response. Cisco Talos is the brains behind it all. We learn so much from Cisco and the resources they make available to us. 

Q: How has Cisco helped you become more cyber resilient? 

Blair: Before Cisco, we didn’t know whether malware was on our devices until staff and students brought it to our attention. We didn’t have the insight to be proactive and prevent significant damage. Our staff and students were bogged down with continual security disruptions, and it was very stressful because it took away from what they needed to get done in the classroom. 

Now, we know exactly when threats hit our district, and can keep our staff and students safe before they even notice something has happened. Since integrating Cisco security products, we haven’t had any major threats affect our staff and students.  

In security, you always have to be thinking about what’s next. Cisco frees up time for our IT staff to focus on higher-level projects that will move us forward from a technology standpoint. 

Q: In addition to deploying the right technology, what else can organizations do to be more security resilient?  

Blair: Everyone has a role to play in security. My colleagues and I often communicate with staff and students about what we’re seeing and the security we have in place. It’s critical that everyone knows what we’re doing and why, so they can work alongside us to protect themselves, each other, and the district from cyberattacks.  

I am always learning too. Being involved in the Cisco Gateway community has allowed me to gain valuable knowledge to help keep Shawnee Heights cyber resilient while also sharing my experience with others.

Watch the new video for more security insights from Shawnee Heights:

Visit our security resilience page to discover how to defend your business against current and future disruptions.  

 


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Security Resilience in EMEA

By Cindy Valladares

What makes a successful cybersecurity program and how can organizations improve their resilience in a world that seems increasingly unpredictable? How do we know what actually works and what doesn’t in order to maximize success?

These are the types of burning questions guiding Cisco’s Security Outcomes Study series. In the second edition of the study, Cisco conducted an independent, double-blind survey of over 5,100 IT professionals in 27 countries. This article highlights data from the latest volume to focus on security resilience in the region spanning Europe, Middle East and Africa (EMEA).

The study focuses on a dozen outcomes that contribute to overall security program success. Four of them in particular are crucial for building resilience:

  • Keeping up with the business (Security should enable, not impede)
  • Avoiding major incidents (…And their business impacts)
  • Maintaining business continuity (…Even when disaster strikes)
  • Retaining talented personnel (You can’t stay on top when top staff won’t stay)

Assessing Security Resilience in EMEA

We calculated an overall resilience score for each surveyed organization based on their ratings for the outcomes listed above. The chart below compares that score across the three global regions. Organizations in the Americas scored a scant 1.7% better than the global average, while EMEA organizations landed about 2% below that mark. And the width of the gray error bars further diminishes those differences. Overall, we simply don’t see huge discrepancies in security resilience at the regional level.

Regional comparison of mean security resilience score

When examining resilience at the country level, however, differences begin to emerge. The next chart shows the proportion of organizations in each country reportedly “excelling” in each of the four outcomes related to security resilience. In other words, about 48% of firms in Saudi Arabia say their security program is doing a great job keeping up with the business. About 37% excel at maintaining business continuity, and so on. So, pick your country of interest and trace its success level across each outcome.

Country-level comparison of reported success levels for security resilience outcomes

Interested in comparing countries in the EMEA region across all 12 security outcomes beyond those shown here for resilience? Download the EMEA spinoff of the Security Outcomes Study, Volume 1.


Perhaps the most interesting aspect of this chart is the comparison it provides among countries. The reported success rates by security professionals in the countries at the top are roughly twice that of those on the bottom. And for the most part, each country maintains its relative position across all outcomes.

The obvious question here is what lies behind these apparent differences in security resilience among countries? Is Saudi Arabia really that much more resilient than Germany? Might German organizations have a more realistic grasp of what it means to be resilient and know there’s a lot of work left to do? Perhaps it’s somewhere between those possibilities or something else altogether.

Whatever the reason, the key takeaway here is that success rates for all countries indicate that organizations aren’t as successful as they’d like to be in the area of security resilience.

Improving Security Resilience in EMEA

How can organizations in the EMEA region improve those outcomes, thereby making their firms more resilient? That’s an excellent question and one we were eager to explore in the Security Outcomes Study. The study revealed five security practices—affectionately referred to as the Fab Five—that boost security program success more than any others. If you’d like a lot more information about the Fab Five and how to maximize their effectiveness, the latest edition of the Security Outcomes Study is the place to go.

The Fab Five: Highly effective practices for achieving security program outcomes

Before we examine how these practices improve resilience, let’s first check how well each country has implemented each of the Fab Five. The chart below mimics the one above for outcomes and is interpreted similarly. Once again, we see Saudi Arabia reporting the strongest implementation of these practices and Germany reporting the lowest. Countries shift around quite a bit beyond that.

Country-level comparison of reported success levels for five leading security practices

As with the outcomes chart, reasons behind these country-level differences are difficult to pinpoint. We suspect there’s a mix of maturity, cultural, and organizational factors at play. But hey, if you have thoughts, we’d love to hear them. Use #SecurityOutcomes on LinkedIn or Twitter to get our attention.

Remember that security resilience score we shared above for the regions? Great, because it’s coming back into play in this next chart. We wanted to test whether practicing the Fab Five actually improved resilience among EMEA organizations participating in our study. As seen in the chart below, that’s a definitive “Yes!”

Organizations that don’t do any of these practices well ranked in the bottom 25% for resilience, whereas those strong in all five reversed that standing and rose into the top 25%!

emea
Effect of implementing five leading security practices on overall resilience score

Resilience has always been critical for cybersecurity. However, the last several years have really driven home the point that organizational defenders must be ready for anything. We hope this analysis demonstrates two things: 1) Organizations in the EMEA region have room for improving security resilience, and 2) It is actually possible to do so.

If you’d like more data-driven insights and tips on how to build a more resilient organization in EMEA or anywhere else in the world, please check out the Security Outcomes Study today or join us on April 26th when we will be discussing the highlights of the study and what they mean for successful hybrid work strategies. Register today.


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Verisign Q4 2021 The Domain Name Industry Brief: 341.7 Million Domain Name Registrations in the Fourth Quarter of 2021

By Verisign

Today, we released the latest issue of The Domain Name Industry Brief, which shows that the fourth quarter of 2021 closed with 341.7 million domain name registrations across all top-level domains, an increase of 3.3 million domain name registrations, or 1.0%, compared to the third quarter of 2021.1,2 Domain name registrations have increased by 1.6 million, or 0.5%, year over year.1,2

Q4 2021 Domain Name Industry Brief. Graph of domain name registrations across all tlds

Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the fourth quarter of 2021, including:
Top 10 Largest TLDs by Number of Reported Domain Names
Top 10 Largest ccTLDs by Number of Reported Domain Names
ngTLDs as Percentage of Total TLDs
Geographical ngTLDs as Percentage of Total Corresponding Geographical TLDs

To see past issues of The Domain Name Industry Brief, please visit verisign.com/dnibarchives.


  1. All figure(s) exclude domain names in the .tk, .cf, .ga, .gq and .ml ccTLDs. Quarterly and year-over-year trends have been calculated relative to historical figures that have also been adjusted to exclude these five ccTLDs. For further information, please see the Editor’s Note contained in the full Domain Name Industry Brief.
  2. The generic TLD, ngTLD and ccTLD data cited in the brief: (i) includes ccTLD internationalized domain names, (ii) is an estimate as of the time this brief was developed and (iii) is subject to change as more complete data is received. Some numbers in the brief may reflect standard rounding.

The post Verisign Q4 2021 The Domain Name Industry Brief: 341.7 Million Domain Name Registrations in the Fourth Quarter of 2021 appeared first on Verisign Blog.

Secure your Endpoints and Turbocharge your Security Operations with Cisco Secure Endpoint

By Nirav Shah

Keeping up with the ever-changing threat landscape is hard, with new attacks such as ransomware, fileless malware, and other advanced threats emerging every day. Protecting your endpoints becomes even more difficult when your security environment consists of multiple, disparate solutions, making it too complex to effectively manage. Protecting your endpoints can also seem daunting when you don’t have enough security staff or resources.

Cisco Secure Endpoint helps you address these challenges by delivering outcomes that radically simplify your security, maximize your security operations, and help you achieve peace of mind by protecting you from threats. Let’s dive into each of these areas to understand how Secure Endpoint can help your organization.

Radically Simplify Your Security

To combat threats targeting endpoints, many organizations have resorted to deploying dozens of different security tools. Rather than improving protection, these point-products lead to highly complex security operations, making it harder to detect threats and putting additional strain on security and IT teams.

Cisco believes that simplicity is key to a robust security strategy, which is why we’ve unified the security stack while reducing agent fatigue by consolidating endpoint security, cloud security, and remote access agents into a single agent. We also help simplify incident response with easy search capabilities across your endpoints during investigations or threat hunting. Integrated extended detection and response (XDR) capabilities built into Secure Endpoint further streamline response with enriched context, actionable insights, and automated remediation that radically reduce response times.

Learn more about how Secure Endpoint helps you simplify your security by watching this video:

Radically Simplify Your Security

Maximize Your Security Operations

An ongoing cybersecurity talent shortage means security teams are often short on staff and resources. Additionally, many organizations have inefficient security operations because their processes don’t adapt fast enough to shifts in the environment. On top of that, a proliferation of security products means security teams are frequently overwhelmed since they have to do more with less while monitoring complex environments.

Cisco is always looking for ways to help you maximize the efficiency of your security operations. This includes integrating risk-based vulnerability management from Kenna Security into Secure Endpoint, which allows you to focus on remediating only the most important vulnerabilities to your organization. Advanced endpoint detection and response (EDR) and built-in XDR capabilities from Orbital Advanced Search and the Cisco SecureX platform reduce incident response times by up to 85% by speeding detection and response. Finally, you can uncover hidden advanced threats with SecureX Threat Hunting, an analyst-centric process that allows you to take a proactive approach to threat detection.

Learn more about how Secure Endpoint helps you maximize your security operations by watching this video:

Maximizing your Security Operations

Achieve Peace of Mind

It’s difficult to stop new and advanced threats with an evolving threat landscape that seems to become more dangerous by the day, and ransomware is continuously changing to become more advanced and tougher to detect. Ransomware-as-a-service (RaaS) kits make it cheaper, easier, and more accessible than ever for even ordinary criminals to target your organization. Moreover, adversaries are turning to fileless malware attacks that fly under the radar and leave little to no traces with ‘living off the land’ techniques that help avoid detection. It becomes even harder to keep up with the threat landscape when you go it alone, relying solely on your security staff to identify, investigate, and respond to these attacks.

Cisco helps you to achieve peace of mind and combat these threats with our security expertise, EDR and XDR capabilities, and multi-layered protection. You don’t have to go it alone anymore with Cisco Secure Endpoint Pro, a new managed service that drastically reduces the time and effort it takes to secure your endpoints, with an elite team of security experts who perform 24x7x365 endpoint monitoring, detection, and response. Advanced EDR and built-in XDR functionality such as Orbital and SecureX accelerate investigation while simplifying threat response to reduce detection and dwell times. Furthermore, multifaceted prevention techniques including machine learning, behavioral protection, and exploit prevention stop threats from compromising your endpoints.

Learn more about how Secure Endpoint helps you achieve peace of mind by watching this video:

Achieving Peace of Mind from Ransomware Attacks

Altogether, these capabilities in Cisco Secure Endpoint enable you to secure your endpoints while turbocharging your security operations. To learn more about how Secure Endpoint can help your organization, check out our Cisco Secure Endpoint Video Series.

 

 


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

 

Enabling Security Resilience in the Face of Unpredictable Change

By Shailaja Shankar

Security has never been more top of mind. Perhaps it’s exacerbated by what’s going on in Ukraine and the challenges it presents to the world, including the real fears over cyberwarfare. Of course, threats becoming advanced, the move to the cloud, and hybrid work remain among our customers’ biggest challenges. Who knew that when we all left the office more than two years ago, we would be gone to for so long—let alone hybrid work and its permanence becoming part of our work-life reality?

In this rapidly changing world, uncertainty has become the new normal, supercharging security concerns among executives who are experiencing the changes. With all the dubious improbabilities coming to life, now more than ever companies want the ability to protect the integrity of every aspect of the business and in a way that can withstand unpredictable threats or changes, then emerge stronger.

This is Security Resilience.

Operating securely in the new normal

Businesses are making massive investments across their entire enterprise to strengthen resilience. From financial resilience to operations resilience and from organizational to supply chain resilience, these initiatives are designed to help businesses operate in this newfangled reality. With security cutting through every aspect of these initiatives, security resilience is imperative to business sustainability, as well as preventing investments from falling short or introducing additional risk.

It’s security resilience that strengthens financial resilience, ensuring the integrity of financial data assets and making sure nobody accesses what they shouldn’t. It gives businesses the ability to calculate risk and return tradeoffs. It strengthens operational integrity, making sure companies understand their risk exposure. If there’s a disruption in their operations or supply chain integrity, it’s about how to limit the impact, withstand the shocks, and bounce back quickly.

Optimizing in a connected reality

Security resilience is confronting this new world where everyone and everything are connecting. Businesses are operating as integrated ecosystems with boundaries between the corporations, customers, suppliers and partners all blurring. Additionally, connections between people, devices and data are ever-expanding with billions of open, shared, and accessible touchpoints. Businesses are also adjusting to constantly shifting work patterns, including the permanence of hybrid work.

The digital transformation has made the world more connected and unleashed possibilities had once seemed impossible.  As part of the digitization journey is the multi-environment IT reality that further complicates security resilience. Not everything is in the datacenter, not everything is in the cloud. We are now in the transition to optimize for what works best, moving back and forth between traditional and modern approaches. Organizations are finding themselves shifting and refining which makes security resilience even more challenging. At the heart of this shift are The Five Dimensions of Security Resilience:

  1. See More: activate billions of signals with telemetry across your ecosystem, and active monitoring and filtering
  2. Anticipate What’s Next: embrace shared, actionable intelligence and expertise to always know when your world changes
  3. Take the Right Action: prioritize what’s most important with risk-based context analysis and continuous trust assessment of everyone and everything
  4. Close Gaps: achieve pervasive defense across an ecosystem with an open, integrated platform across campus, data center, cloud, edge so you can find it and fix it faster
  5. Get Stronger Every Day: optimize efficacy by orchestrating and automating your response so you can spring back faster

All elements work together to help customers attain security resilience and emerge stronger in the face of unpredictable change.

The crux of the issue is that when everything is open and connected and everyone is a vulnerability, security resilience requires more than what past approaches have offered. Customers are at crossroads about the best Security approach and must shift to a new security strategy: consolidated and adopting a platform approach – or they manage multiple solutions and take on the burden of stitching them all together themselves. We believe security resilience requires a unified platform for end-to-end security across hybrid multi-cloud environments. And it’s this solid foundation in security resilience that will allow companies—especially those making measurable progress to strengthen their entire organization—to weather the storm and come out of it stronger.

That’s Security Resilience. Learn more at cisco.com/go/security-resilience.


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

New in SecureX: Device Insights

By Matt Vander Horst

Since its release, Cisco SecureX has helped over 10,000 customers gain better visibility into their infrastructure. As the number of devices in many customer environments continues to increase, so does the number of products with information about those devices. Between mobile device managers (MDM), posture agents, and other security products, a wealth of data is being collected but is not necessarily being shared or, more importantly, correlated. With the new device insights feature in Cisco SecureX, now available for all SecureX customers, we’re changing that.

Introducing Device Insights

Device insights, which is now generally available, extends our open, platform approach to SecureX by allowing you to discover, normalize, and consolidate information about the devices in your environment. But this isn’t just another dashboard pulling data from multiple sources. Device insights fetches data from sources you might expect, like your mobile device manager, but also leverages the wealth of data available in your Cisco Secure products such as Cisco Secure Endpoint, Orbital, Duo, and Umbrella. Combining these sources of data allows you to discover devices that may be sneaking through gaps in your normal device management controls and gain a comprehensive view into each device’s security posture and management status. With device insights, you’ll be able to answer these all-important questions:

  • What types of devices are connected in our environment?
  • What users have been accessing those devices?
  • Where are those devices located?
  • What vulnerabilities are associated with each device?
  • Which security agents are installed?
  • Is the security software is up to date?
  • What context do we have from technologies beyond the endpoint?

Supported Data Sources

Now, you might ask: what types of data can I bring into device insights? When we created SecureX, we built a flexible architecture based on modules that anyone can create. Device insights extends this architecture by adding a new capability to our module framework. Here’s a look at what data sources will be supported at launch:

Bringing Everything Together

Once you’ve enabled your data sources, device insights will periodically retrieve data from each source and get to work. Some sources can also publish data in real time to device insights using webhooks. We normalize all of the data and then correlate it between sources so you have one view into each of your devices, not a mess of duplicate information. This results in a single, unified dashboard with easy filtering, a high level view into your environment, and a customizable table of devices (which you can export too!). To see more information about a device, just click on one and you’ll see everything device insights knows, including which source provided which data.

screenshot: SecureX device status dashboard

 

screenshot: SecureX device detail view

Getting Started

To get started with device insights, simply log into Cisco SecureX and click the new Insights tab! For more information about device insights, check out these resources:

 


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

 

The Total Economic Impact™ of Cisco Secure Firewall

By Christina Hausman

This blog has been authored by Forrester Consulting


Cisco commissioned Forrester Consulting to conduct a Total Economic Impact (TEI) study to examine the value that Secure Firewall customers could achieve by deploying Secure Firewall, Firewall Management Center, and optionally SecureX. We spoke with ten decision-makers from eight customer organizations about the benefits, costs, risks, and flexibility of their investment in these Cisco Security solutions. We used their data and profiles to build a composite organization and a financial model of their reported benefits and costs. This composite organization has roughly $5B in annual revenue and 16,000 employees, that had deployed 34 ASA-based firewalls and 68 early generation Firewall Threat Defense (FTD)-based firewalls before the investment in Cisco Secure Firewall.

The composite organization and interviewees’ organizations shared similar challenges in their network environments that drove their investments in Cisco Secure Firewall, including:

  • Limited visibility into their network security environments from a lack of integration, unified management, and policy consistency,
  • High time costs to implement and manage firewalls from the inability to push policies and updates to multiple devices at once,
  • Poor network performance evidence by repeated rebooting and packet loss at times of high network demand, and
  • Vendor management headaches from following a best-of-breed strategy.

After deploying Cisco Secure Firewall, Firewall Management Center, and SecureX, the composite and interviewees’ organizations experienced:

Firewall management efficiency from the centralized management of firewalls via a single pane of glass that enabled the deployment and updating of policies to multiple devices at once. The composite organization was able to reduce 55 hours of labor per firewall compared to deploying and creating policies for a traditional firewall. It also reduced the time to update firewalls quarterly by 90% and update firewall policies daily by 95%. When compared to early generation FTD-based firewalls, the composite saves 80% of the time previously spent deploying policies. Virtual firewall policies are also updated 80% faster.

Improvements to security workflows from consolidating firewall and threat data into one place, where indicators of compromise (IOC) and blocked intrusions can be tracked or up-leveled coherently to a SIEM. Cisco Secure Firewall and Firewall Management Center save the composite’s security teams 49% of the time previously spent on investigations and 83% of the time previously spent responding to threats. SecureX reduces these figures by an additional 77%, for a total savings of up to 90% for security workflows with all three solutions.

Reduced risk of a material breach and productivity loss from improving threat visibility across the full network environment, improving the automation of blocking functions, and the new ability to detect and block threats at the application layer. The composite was able to reduce the risk of a breach compared to ASA-based firewalls by 90% and the risk of a breach compared to early generation FTD firewalls by 15%. Employees impacted by breaches were able to recover 70% of their lost productivity. SecureX helped to reduce the risk of a material breach by an additional 23% for the composite organization and those customers with SecureX deployed.

Customer organizations were also able to boost employee productivity from better network performance and reduce their technology costs by decommissioning prior solutions, the quantification for which can be found in the full study.

After accounting for initial and recurring costs, risk-adjusting for realistic and conservative estimates, we found that and investment in Cisco Secure Firewall and Firewall Management Center could produce a 195% ROI, $12.29M net present value, and 10-month payback period over three years.

For more information on the full March 2022 case study, The Forrester Total Economic Impact of Cisco Secure Firewall, please visit https://www.cisco.com/go/firewallTEI.

 


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

New Warning from the White House Calls for Urgent Action

By Peter Romness

On Monday and based on evolving intelligence, President Biden warned of increased potential of cyberattacks on critical infrastructure in the United States and his administration renewed its calls for all organizations to bolster their cyber defenses in this Statement from the President.

We have seen similar warnings before. It’s easy to get jaded or to let down our guard because we have not seen the cyber meltdown that was predicted to coincide with the onset of a kinetic conflict involving top-tier military powers.  But according to Anne Neuberger, the White House’s Deputy National Security Adviser for Cyber and Emerging Technology, this warning is “based on evolving threat intelligence, that the Russian government is exploring options for potential cyberattacks on critical infrastructure in the United States.”

The advice given seems somewhat old-hat—use multi-factor authentication (MFA), log your systems, look at the logs, use encryption, develop emergency contingency plans, test your plans, and patch!

And yet, we are seeing these words and this advice come directly from the President of the United States. This signals two things:

  1. There is a renewed sense of urgency that the nature of the conflict could likely shift into cyber domains.
  2. Far too many systems are still not doing the basics necessary to stave off even fairly unsophisticated attacks.

People around the world are watching the conflict and wondering, “what can I do to help?” and the President’s Statement gives an answer.  It’s not asking anyone to grow victory gardens or collect tin scraps for military hardware. It’s guiding everyone to take basic steps to ensure their computers and network-connected systems are not the next vector of attack in this expanding war.  And based upon this imminent threat, the time to act is now!

Matt Olney, of Cisco Talos Intelligence Group posted this series of Tweets on January 24th that will give you some insight into the motivations of the threat advisory.  Matt and his team have been fully engaged in Ukraine for a long time as he details in his blog, Cisco stands on guard with our customers in Ukraine.

To help you as you shore up your cyber defenses, Bruce Brody originally posted this blog – “Left of Boom” Cybersecurity: Proactive Cybersecurity in a Time of Increasing Threats and Attacks on October 18, 2021.   Left of Boom refers to actions you can take to protect your organization before a cyber incident.  It includes the following advice:

  • Have visibility and control of all assets and actionable metrics to measure cyber risk
  • Understand what runs the essential business and mission operations and prioritize these high value assets (HVAs)
  • Move to the cloud. The major cloud providers are inherently more secure than almost anything that can be done internally, and they’re getting more secure all the time.
  • Implement multi-factor authentication (MFA) as soon and as efficiently as possible.
  • Put controls in place to secure the supply chain, and require a software bill of materials (SBOM) from suppliers.
  • Put controls in place to protect against insider threat.
  • Reduce the attack surface and manage the endpoints.
  • Run very good anti-malware continuously, and make sure all systems are patched and updated continuously.
  • Backup all critical data at least daily.
  • Build out a Zero Trust Architecture (ZTA), and adopt a “Zero Trust or Bust.”
  • Practice.
  • Cyber insurance is not the answer! You need the proper controls with or without it.
  • Build for Cyber resiliency – it offers the best chance for achieving mission and business goals in the face of increasing sophisticated cyber attacks.

Bruce also highlights several Frameworks that offer great guidance to make your cyber decisions. They include: The NIST Cybersecurity Framework (CSF),  MITRE ATT@CK and MITRE D3FEND, ISO 27001, and Center for Internet Security (CIS) 20 Critical Controls.

Bruce concludes his “Left of Boom” guidance by defining “Right of Boom” as the things you will do to recover after an event and how important it is to be prepared with Disaster Recovery Planning (DRP), Business Continuity Planning (BCP), and Continuity of Operations Planning (COOP).

I hope you will find these resources useful as you respond to this call for action from the President.

 


We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn

Routing Without Rumor: Securing the Internet’s Routing System

By Danny McPherson
colorful laptop

This article is based on a paper originally published as part of the Global Commission on the Stability of Cyberspace’s Cyberstability Paper Series, “New Conditions and Constellations in Cyber,” on Dec. 9, 2021.

The Domain Name System has provided the fundamental service of mapping internet names to addresses from almost the earliest days of the internet’s history. Billions of internet-connected devices use DNS continuously to look up Internet Protocol addresses of the named resources they want to connect to — for instance, a website such as blog.verisign.com. Once a device has the resource’s address, it can then communicate with the resource using the internet’s routing system.

Just as ensuring that DNS is secure, stable and resilient is a priority for Verisign, so is making sure that the routing system has these characteristics. Indeed, DNS itself depends on the internet’s routing system for its communications, so routing security is vital to DNS security too.

To better understand how these challenges can be met, it’s helpful to step back and remember what the internet is: a loosely interconnected network of networks that interact with each other at a multitude of locations, often across regions or countries.

Packets of data are transmitted within and between those networks, which utilize a collection of technical standards and rules called the IP suite. Every device that connects to the internet is uniquely identified by its IP address, which can take the form of either a 32-bit IPv4 address or a 128-bit IPv6 address. Similarly, every network that connects to the internet has an Autonomous System Number, which is used by routing protocols to identify the network within the global routing system.

The primary job of the routing system is to let networks know the available paths through the internet to specific destinations. Today, the system largely relies on a decentralized and implicit trust model — a hallmark of the internet’s design. No centralized authority dictates how or where networks interconnect globally, or which networks are authorized to assert reachability for an internet destination. Instead, networks share knowledge with each other about the available paths from devices to destination: They route “by rumor.”

The Border Gateway Protocol

Under the Border Gateway Protocol, the internet’s de-facto inter-domain routing protocol, local routing policies decide where and how internet traffic flows, but each network independently applies its own policies on what actions it takes, if any, with data that connects through its network.

BGP has scaled well over the past three decades because 1) it operates in a distributed manner, 2) it has no central point of control (nor failure), and 3) each network acts autonomously. While networks may base their routing policies on an array of pricing, performance and security characteristics, ultimately BGP can use any available path to reach a destination. Often, the choice of route may depend upon personal decisions by network administrators, as well as informal assessments of technical and even individual reliability.

Route Hijacks and Route Leaks

Two prominent types of operational and security incidents occur in the routing system today: route hijacks and route leaks. Route hijacks reroute internet traffic to an unintended destination, while route leaks propagate routing information to an unintended audience. Both types of incidents can be accidental as well as malicious.

Preventing route hijacks and route leaks requires considerable coordination in the internet community, a concept that fundamentally goes against the BGP’s design tenets of distributed action and autonomous operations. A key characteristic of BGP is that any network can potentially announce reachability for any IP addresses to the entire world. That means that any network can potentially have a detrimental effect on the global reachability of any internet destination.

Resource Public Key Infrastructure

Fortunately, there is a solution already receiving considerable deployment momentum, the Resource Public Key Infrastructure. RPKI provides an internet number resource certification infrastructure, analogous to the traditional PKI for websites. RPKI enables number resource allocation authorities and networks to specify Route Origin Authorizations that are cryptographically verifiable. ROAs can then be used by relying parties to confirm the routing information shared with them is from the authorized origin.

RPKI is standards-based and appears to be gaining traction in improving BGP security. But it also brings new challenges.

Specifically, RPKI creates new external and third-party dependencies that, as adoption continues, ultimately replace the traditionally autonomous operation of the routing system with a more centralized model. If too tightly coupled to the routing system, these dependencies may impact the robustness and resilience of the internet itself. Also, because RPKI relies on DNS and DNS depends on the routing system, network operators need to be careful not to introduce tightly coupled circular dependencies.

Regional Internet Registries, the organizations responsible for top-level number resource allocation, can potentially have direct operational implications on the routing system. Unlike DNS, the global RPKI as deployed does not have a single root of trust. Instead, it has multiple trust anchors, one operated by each of the RIRs. RPKI therefore brings significant new security, stability and resiliency requirements to RIRs, updating their traditional role of simply allocating ASNs and IP addresses with new operational requirements for ensuring the availability, confidentiality, integrity, and stability of this number resource certification infrastructure.

As part of improving BGP security and encouraging adoption of RPKI, the routing community started the Mutually Agreed Norms for Routing Security initiative in 2014. Supported by the Internet Society, MANRS aims to reduce the most common routing system vulnerabilities by creating a culture of collective responsibility towards the security, stability and resiliency of the global routing system. MANRS is continuing to gain traction, guiding internet operators on what they can do to make the routing system more reliable.

Conclusion

Routing by rumor has served the internet well, and a decade ago it may have been ideal because it avoided systemic dependencies. However, the increasingly critical role of the internet and the evolving cyberthreat landscape require a better approach for protecting routing information and preventing route leaks and route hijacks. As network operators deploy RPKI with security, stability and resiliency, the billions of internet-connected devices that use DNS to look up IP addresses can then communicate with those resources through networks that not only share routing information with one another as they’ve traditionally done, but also do something more. They’ll make sure that the routing information they share and use is secure — and route without rumor.

The post Routing Without Rumor: Securing the Internet’s Routing System appeared first on Verisign Blog.

Industry Insights: RDAP Becomes Internet Standard

By Scott Hollenbeck
Technical header image of code

This article originally appeared in The Domain Name Industry Brief (Volume 18, Issue 3)

Earlier this year, the Internet Engineering Task Force’s (IETF’s) Internet Engineering Steering Group (IESG) announced that several Proposed Standards related to the Registration Data Access Protocol (RDAP), including three that I co-authored, were being promoted to the prestigious designation of Internet Standard. Initially accepted as proposed standards six years ago, RFC 7480, RFC 7481, RFC 9082 and RFC 9083 now comprise the new Standard 95. RDAP allows users to access domain registration data and could one day replace its predecessor the WHOIS protocol. RDAP is designed to address some widely recognized deficiencies in the WHOIS protocol and can help improve the registration data chain of custody.

In the discussion that follows, I’ll look back at the registry data model, given the evolution from WHOIS to the RDAP protocol, and examine how the RDAP protocol can help improve upon the more traditional, WHOIS-based registry models.

Registration Data Directory Services Evolution, Part 1: The WHOIS Protocol

In 1998, Network Solutions was responsible for providing both consumer-facing registrar and back-end registry functions for the legacy .com, .net and .org generic top-level domains (gTLDs). Network Solutions collected information from domain name registrants, used that information to process domain name registration requests, and published both collected data and data derived from processing registration requests (such as expiration dates and status values) in a public-facing directory service known as WHOIS.

From Network Solution’s perspective as the registry, the chain of custody for domain name registration data involved only two parties: the registrant (or their agent) and Network Solutions. With the introduction of a Shared Registration System (SRS) in 1999, multiple registrars began to compete for domain name registration business by using the registry services operated by Network Solutions. The introduction of additional registrars and the separation of registry and registrar functions added parties to the chain of custody of domain name registration data. Information flowed from the registrant, to the registrar, and then to the registry, typically crossing multiple networks and jurisdictions, as depicted in Figure 1.

Flowchart of registration process. Information flowed from the registrant, to the registrar, and then to the registry.
Figure 1. Flow of information in early data registration process.

Registration Data Directory Services Evolution, Part 2: The RDAP Protocol

Over time, new gTLDs and new registries came into existence, new WHOIS services (with different output formats) were launched, and countries adopted new laws and regulations focused on protecting the personal information associated with domain name registration data. As time progressed, it became clear that WHOIS lacked several needed features, such as:

  • Standardized command structures
  • Output and error structures
  • Support for internationalization and localization
  • User identification
  • Authentication and access control

The IETF made multiple attempts to add features to WHOIS to address some of these issues, but none of them were widely adopted. A possible replacement protocol known as the Internet Registry Information Service (IRIS) was standardized in 2005, but it was not widely adopted. Something else was needed, and the IETF went back to work to produce what became known as RDAP.

RDAP was specified in a series of five IETF Proposed Standard RFC documents, including the following, all of which were published in March 2015:

  • RFC 7480, HTTP Usage in the Registration Data Access Protocol (RDAP)
  • RFC 7481, Security Services for the Registration Data Access Protocol (RDAP)
  • RFC 7482, Registration Data Access Protocol (RDAP) Query Format
  • RFC 7483, JSON Responses for the Registration Data Access Protocol (RDAP)
  • RFC 7484, Finding the Authoritative Registration Data (RDAP) Service

Only when RDAP was standardized did we start to see broad deployment of a possible WHOIS successor by domain name registries, domain name registrars and address registries.

The broad deployment of RDAP led to RFCs 7480 and 7481 becoming Internet Standard RFCs (part of Internet Standard 95) without modification in March 2021. As operators of registration data directory services implemented and deployed RDAP, they found places in the other specifications where minor corrections and clarifications were needed without changing the protocol itself. RFC 7482 was updated to become Internet Standard RFC 9082, which was published in June 2021. RFC 7483 was updated to become Internet Standard RFC 9083, which was also published in June 2021. All were added to Standard 95. As of the writing of this article, RFC 7484 is in the process of being reviewed and updated for elevation to Internet Standard status.

RDAP Advantages

Operators of registration data directory services who implemented RDAP can take advantage of key features not available in the WHOIS protocol. I’ve highlighted some of these important features in the table below.

RDAP Feature Benefit
Standard, well-understood, and widely available HTTP transport Relatively easy to implement, deploy and operate using common web service tools, infrastructure and applications.
Securable via HTTPS Helps provide confidentiality for RDAP queries and responses, reducing the amount of information that is disclosed to monitors.
Structured output in JavaScript Object Notation (JSON) JSON is well-understood and tool friendly, which makes it easier for clients to parse and format responses from all servers without the need for software that’s customized for different service providers.
Easily extensible Designed to support the addition of new features without breaking existing implementations. This makes it easier to address future function needs with less risk of implementation incompatibility.
Internationalized output, with full support for Unicode character sets Allows implementations to provide human-readable inputs and outputs that are represented in a language appropriate to the local operating environment.
Referral capability, leveraging HTTP constructs Provides information to software clients that allow the client to retrieve additional information from other RDAP servers. This can be used to hide complexity from human users.
Support of standardized authentication RDAP can take full advantage of all of the client identification, authentication and authorization methods that are available to web services. This means that RDAP can be used to provide the basic framework for differentiated access to registration data based on attributes associated with the user and the user’s query.

Verisign and RDAP

Verisign’s RDAP service, which was originally launched as an experimental implementation several years before gaining widespread adoption, allows users to look up records in the registry database for all registered .com, .net, .name, .cc and .tv domain names. It also supports Internationalized Domain Names (IDNs).

We at Verisign were pleased not only to see the IETF recognize the importance of RDAP by elevating it to an Internet Standard, but also that the protocol became a requirement for ICANN-accredited registrars and registries as of August 2019. Widespread implementation of the RDAP protocol makes registration data more secure, stable and resilient, and we are hopeful that the community will evolve the prescribed implementation of RDAP such that the full power of this rich protocol will be deployed.

You can learn more in the RDAP Help section of the Verisign website, and access helpful documents such as the RDAP technical implementation guide and the RDAP response profile.

The post Industry Insights: RDAP Becomes Internet Standard appeared first on Verisign Blog.

Websites, Branded Email Remain Key to SMB Internet Services

By Verisign

Study Commissioned by Verisign Shows Websites Can Help Add Credibility and Drive New Business

Businesses today have many options for interacting with customers online. The findings of our independent survey of online consumers suggest that websites and branded email continue to be critical components of many businesses’ online presence, essential to supporting consumer confidence and enabling effective interaction with customers.

The quantitative study, commissioned by Verisign and conducted in December 2019 and January 2020 by 451 Research, now a part of S&P Global Market Intelligence, surveyed 5,450 online consumers across key markets in North America, Latin America, Europe and Asia to help understand their sentiments on interacting with businesses online.

The survey was designed to arm service providers and registrars with an understanding of how the resources they provide to businesses can help create trust and deliver value to their customers.

Websites help add credibility

Among those surveyed, approximately two-thirds (66%) agreed that a business with its own website is more credible than one without. Likewise, a majority indicated that they would expect it to be more difficult to verify the identity of (56%), find online (55%) and contact (54%) a business that does not have its own website.

Certainly, this doesn’t suggest that businesses should abandon other online channels, such as social media and search engine efforts, to focus on a website-only approach. Instead, 64% of respondents said that a business with many points of online presence is more credible than a business with few.

Still, the study suggests that other online resources should complement, rather than replace, a small business’s own website. Respondents identified a business’s own website as being one of the most popular online methods for learning about (69%) and conducting transactions with (57%) businesses. Further, 71% of respondents reported being more likely to recommend a business with a professional website.

Taken together, these findings suggest that a website can help add credibility and drive new business.

Branded email supports customer communications

Trust is central to the relationship between a business and customers. This may be particularly true for online transactions (95% of survey respondents said they actively make purchases online), which require consumers to trust not only that the business will deliver the product or service for which they have paid, but also that it will not misuse payment or personal information.

A branded email address may be able to help, as an overwhelming number of respondents (85%) agreed that a business with a branded email address is more credible than one that uses a free email account. Respondents were more likely to have used a business’s branded email address (67%), than the telephone (56%) or social media (40%), to communicate with a business during the prior 12 months.

Key takeaway

For a small business, failing to be perceived as credible online could mean lost business not just today, but also in the future. A website and branded email address can help businesses add credibility and more effectively engage with consumers online.

Service providers offer a variety of website-building tools, email hosting solutions, and domain name registration services that can help businesses – whether just starting or well-established – to have a website and use a branded email.

Detailed survey results are available in 451 Research’s Black & White Paper Websites, Branded Email Remain Key to SMB Internet Services.


Verisign is a global wholesale provider of some of the world’s most recognized top-level domains, including .com and .net. For website building tools and email hosting solutions, contact a registrar. You can find a registrar here.

The post Websites, Branded Email Remain Key to SMB Internet Services appeared first on Verisign Blog.

Verisign Support for AAPI Communities and COVID Relief in India

By Verisign
Verisign Logo

At Verisign we have a commitment to making a positive and lasting impact on the global internet community, and on the communities in which we live and work.

This commitment guided our initial efforts to help these communities respond to and recover from the effects of the COVID-19 pandemic, over a year ago. And at the end of 2020, our sense of partnership with our local communities helped shape our efforts to alleviate COVID-related food insecurity in the areas where we have our most substantial footprint. This same sense of community is reflected in our partnership with Virginia Ready, which aims to help individuals in our home State of Virginia access training and certification to pivot to new careers in the technology sector.

We also believe that our team is one of our most important assets. We particularly value the diverse origins of our people; we have colleagues from all over the world who, in turn, are closely connected to their own communities both in the United States and elsewhere. A significant proportion of our staff are of either Asian American and Pacific Islander (AAPI) or South Asian origin, and today we are pleased to announce two charitable contributions, via our Verisign Cares program, directly related to these two communities.

First, Verisign is pleased to associate ourselves with the Stand with Asian Americans initiative, launched by AAPI business leaders in response to recent and upsetting episodes of aggression toward their community. Verisign supports this initiative and the pledge for which it stands, and has made a substantial contribution to the initiative’s partner, the Asian Pacific Fund, to help uplift the AAPI community.

Second, and after consultation with our staff, we have directed significant charitable contributions to organizations helping to fight the worsening wave of COVID-19 in India. Through Direct Relief we will be helping to provide oxygen and other medical equipment to hospitals, while through GiveIndia we will be supporting families in India impacted by COVID-19.

The ‘extended Verisign family’ of our employees, and their families and their communities, means a tremendous amount to us – it is only thanks to our talented and dedicated people that we are able to continue to fulfill our mission of enabling the world to connect online with reliability and confidence, anytime, anywhere.

Verisign expands its community support initiatives, with contributions to COVID-19 relief in India and to the Stand with Asian Americans initiative.

The post Verisign Support for AAPI Communities and COVID Relief in India appeared first on Verisign Blog.

Average CCNA salary 2020

By Susan Morrow

Introduction The CCNA (Cisco Certified Network Associate) is one of the most well-known entry-level certifications within the IT industry. Holding this credential proves your ability to install, configure, manage and support small- to medium-sized networks.  A study by CompTIA found that 47% of SMBs see the IT skills gap growing. This IT skills gap is […]

The post Average CCNA salary 2020 appeared first on Infosec Resources.


Average CCNA salary 2020 was first posted on September 30, 2020 at 9:12 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
❌