Skip Links

Cisco's internal security team fights to corral BYOD, malware and Wild West environment

Team of about 60 guards against desktop malware outbreaks, monitors for unauthorized traffic and protects corporate jewels

By , Network World
November 29, 2012 02:22 PM ET

Network World - Many organizations have a computer security incident response team (CSIRT) that swoops into action to battle malware outbreaks, other types of cyberattacks and possible insider threats, and at networking giant Cisco, that CSIRT team is made up of about 60 people trying to protect a business with about 75,000 employees.

"We're tasked with monitoring for and investigating policy violations against Cisco," says Matthew Valites, Cisco's CSIRT manager for information security investigations. That means protecting corporate IT assets used directly by employees or the business for processing purposes so that sensitive information isn't compromised. However, since Cisco has embraced a "bring your own device" (BYOD) strategy, policy enforcement matters for Cisco's CSIRT have become more complicated.

IN THE NEWS: Alcatel-Lucent to take on Cisco, VMware in crowding SDN field

"With user-owned devices, enforcement has become an issue," acknowledges Valites, in the course of discussing some of Cisco's security incident response practices. "BYOD is a real problem." In what's regarded as a cost-saving move, Cisco typically doesn't supply smartphones to any employee anymore, expecting them to use their own, unless their job falls under government regulatory restrictions where it's plainly spelled out an employee must be using a corporate-issued device. "This is a really big problem for my team," acknowledges Valites.

Above and beyond the BYOD conundrum, the Cisco CSIRT group each day faces the prospect of stopping desktop malware outbreaks, monitoring for unauthorized traffic on the network and guarding against stealthy online attacks from attackers going after key assets. There's also the inevitable spate of things like faulty log-ins but CSIRT's hard job is trying to ascertain unauthorized access.

This all has to be done within the framework for regulatory compliance. "We have a healthcare center in San Jose on premises with nurses and doctors," points out Valites, saying making healthcare professionals available on site is seen as a benefit for employees. And this means that security and privacy policies related to any data associated with it must adhere to federal HIPAA rules, he notes.

Valites says high-level executives at Cisco, not surprisingly, get special attention in terms of whatever computer or network they use since these executives are recognized as being valuable targets for cyber-espionage and the like. In comparison to other employees, "we pay more attention to their assets," says Valites.

And then there are whole groups at Cisco, such as an entire lab, that are known to all too frequently be getting into trouble, breaking with usage policies and their computers erupting with malware. "The labs are a little like the Wild West," acknowledges Valites. With repeat offenders there, Cisco CSIRT has no choice but to clamp down with additional controls, such a blackholing an entire lab on the network so they can't get online or shutting off network segments so they're restricted to an internal LAN.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News