Under Analytics

Back when network management was booming in the early 90’s, the whole idea seemed straightforward. System administrators would speak of endpoints on the network as being “under management” or conversely “unmanaged.” There seemed to be a place for everything and looking back now at those times, enterprises seemed so simple compared to today. Maybe simple is not the right term, maybe they just seemed more orderly compared to the modern network landscape.

At some point, hackers showed up and names like “under management” or “unmanaged network elements” made little difference to them. I remember security folks in the early days joking that SNMP (Simple Network Management Protocol) stood for “Security Not My Problem.” An insecure network meant that you had an insecure business! The experienced security architect knows that whether the system is under management, under someone else’s management, or completely unmanaged, if that system is part of the business, it is still their job to secure it. To put it another way, while management of systems can span certain, more specific information systems, security must always be as wide as the business.

I would like to suggest a new term and concept for our vocabulary and that is “under analytics.” I like to think of this as a conceptual means to discuss if areas of your digital business have enough visibility for continuous monitoring of its integrity. Why not just call it “under management?” Well, because more and more these days, you are NOT the one managing that area of the network. It might be the cloud service provider managing it, but it is still your problem if something gets hacked. You could even then speak of observable domains as having certain requirements that satisfy the type of analytics you would like to perform.

There are many types of observational domains to consider so let’s talk about some here. Back in the day, there was just your enterprise network. Then when folks connected to the internet, the concepts of internal and external and even the DMZ networks were referenced as observable network domains. These days, you have to deal with public cloud workloads, Kubernetes clusters, mobile devices, etc. Let’s just say that you can speak of having any amount of observable domains for which you require telemetry that will get you the visibility required to detect the most advanced threat actors in those domains.

For each of these observable domains, there will need to be telemetry. Telemetry is the data that represents changes in that domain that feeds your behavioral analytics outcomes. You could make a list of the competency questions you would want to answer from these analytical outcomes.

◉ Are there any behaviors that suggest my systems have been compromised?

◉ Are there any behaviors that suggest some credential has been compromised?

◉ Are there any behaviors to suggest there is a threat actor performing recognizance?

My suggestion is that you begin with these questions and then hold security analytics to them to see if they are competent to answer them daily, weekly, monthly, etc.

From there, you can go one step further and start to consider and look into scenarios like the following:

◉ We have a new partner network, is it “under analytics?”

◉ We have a new SaaS service, is it “under analytics?”

◉ This company has a new cloud deployment, do we know if it is “under analytics?”

◉ What part of our digital busines is not “under analytics?”

How well do you know your digital business behavior when it is 100% without compromise? How would you even go about answering this? The truth is, you really do need to get to this level because if you don’t, threat actors will. Even if parts of the business use SaaS products, while parts of the network are using Infrastructure as a Service (IaaS), you can still set the requirements that there must be a sufficient amount of telemetry and analytics that help you understand the answers to these questions above. Your business must always remain “Under analytics” and only then will you be one step ahead of your attackers.

Continue reading

Solving Security and Compliance Problems with Cisco Business Critical Services

Organizations today need to be both nimble and secure. They’re adopting Cloud, IoT, and machine learning at increasingly quickening speed as well as evolving their applications and endpoints as well as campus, data center, and WAN networking to adapt to their digital business as well as address security risks. At the same time that compliance regimes are a moving target putting increasing pressure on organizations.

In this ever changing world, many organizations struggle with maintaining good security and compliance hygiene. Year over year, IT departments attempt to manage through compliance drift as networks evolve, new systems are added, configuration changes are made, and knowledgeable individuals leave their teams. Poor audit management practices increase audit fatigue and risk even higher rates of attrition. Add requirements for risk assessments, penetration tests, privacy impact assessments, and robust processes; not to mention the pressures of being able to identify and respond to an evolving security threat landscape and the operational pressures, including OpEx spending, can be immense.

About Business Critical Services 

Business Critical Services is the next generation of subscription based advanced services. By leveraging our expert guidance, analytics, and automation solutions, we can not only address resilience, flexibility, and support concerns, but can craft ongoing services to help manage security threats and reduce compliance overhead while decreasing OpEx, allowing customers to focus on activities that most contribute to the growth of their businesses.

Solving Compliance Problems with Business Critical Services

Business Critical Services includes a wealth of offers, or deliverables, which help customers reduce compliance drift, decrease operational churn, and drive increased compliance fidelity regardless of the compliance requirement. From automated compliance hygiene to Privacy Impact Analysis, Business Critical Services enables customers to right size a solution that meets most compliance requirements they face. For example, a customer that must be compliant to the Payment Card Industry – Data Security Standard (PCI-DSS) may choose to take advantage of the following Business Critical Services:

◈ Automated Software Compliance and Remediation, Configuration Compliance and Remediation, and Regulatory Compliance & Remediation form the core of our compliance offerings. These services automate the tasks of identifying and remediating compliance drift by validating that software versions are up to date, vulnerabilities are identified and remediated, and configurations are compliant to both regulatory requirements as well as defined gold standards.  All of this is central to several PCI-DSS requirements.  These services alone provide much needed operational relief from maintaining compliance and provide evidence for your auditors to review.

◈ Security Compliance Assessment augments our automated capabilities using Cisco compliance experts to validate policy, processes, and technical requirements where assessment cannot be automated. When combined with our automated compliance capabilities, this provides a comprehensive view of audit readiness and both tactical and strategic remediation requirements. For PCI-DSS, we review the complete set of requirements, enabling customers to make audit outcomes more predictable and eliminate last minute remediation scrambles.
Network and Application Penetration Testing within Business Critical Services can be used to meet the PCI-DSS requirements to perform these tasks regularly.

◈ Enterprise Security Advisor provides a strategic resource to help drive security and compliance. The best use of this service for Compliance is to engage Cisco as a program manager to collect, collate, and present evidence to your auditor while managing your IT compliance processes, reducing audit fatigue on your staff and freeing up individuals to focus on business growth and digital transformation.

Solving Security Problems with Business Critical Services

In addition, Business Critical Services, can be used to solve operational and ongoing security issues, helping reduce the attack surface of our customers while identifying and helping to remediate vulnerabilities, ensuring the upkeep of security infrastructure, planning and accelerating security architecture transformation, and managing to security threats and incidents. This includes:

◈ An Incident Response Retainer providing both proactive and reactive threat management activities to our customers. We offer one of the most robust and flexible retainers in the business.

◈ Our automated compliance offerings also support good security hygiene, evaluating and remediating configuration and software exposures that expose up attack surface

◈ Health checks and optimization services to facilitate proper maintenance and management of security systems, protecting and enhancing the return on investment for Cisco security architecture.

◈ A Technical Knowledge Library including guides and best practices for security infrastructure to help customer staff manage their security controls

◈ Network Device Security Assessment to analyze security device configurations and firewall rules to identify gaps and recommend remediation

◈ Collaboration Security Assessment to protect against threats to Cisco Unified Communications, video collaboration, and contact center solutions.

◈ Security Metrics Program support to design and manage KPIs to communicate control effectiveness and levels of risk to management

◈ Cyber Range Workshops to provide security operations training to SOC staff

◈ A robust set of security assessments to identify and recommend remediation to security vulnerabilities including Network, Wireless, Application, Social Engineering, and Physical

◈ Penetration Tests as well as Security Risk Assessment, Network Architecture Assessment, and third party risk management program support.

◈ Security Program Assessment and Security Strategy Planning Support to help support not just your strategic security initiatives, but also help review and improve your critical security practices and establish an enterprise security strategic roadmap

◈ Cloud Security Strategy support to help recommend security operations and technology improvements to support Cloud transformation

◈ Security Segmentation Architecture Design to help develop a roadmap to accelerate and transform the network security at our customers organization

◈ Finally, a flexible Enterprise Security Advisor service to provide program management, expert advice, and otherwise support security evolution as well as an Architecture Management Office to help drive technical change throughout customer organizations

Taken together, this robust set of subscription based offers within Business Critical Services can help customers address both the most mundane and repetitive, but critical, security tasks, drive security improvement through assessments and training, and both set and help execute strategic security direction at our customers. I can’t think of any other security company on the planet that can match this comprehensive set of security and threat management services and deliver them under an annual subscription besides Cisco.

Continue reading

Bridging the gap between IT and Business through Big Data Analytics

The role of IT and networking specifically as we know it, is changing in the eyes of many Cisco stakeholders, primarily: (1) IT Experts and (2) Business Leaders. This combined with the changing expectations of the millennial generation will have a huge impact on the next market transition. Simplistically, network’s power to influence business outcomes cannot be underestimated. By combining network data with secondary sources of business critical information: cost, service management, user and compliance data and device diagnostics, companies like Cisco can empower businesses to optimize operations, profitability and decision-making. Concisely, using telemetry we can improve the productivity at any level of the organization.

Continue reading