Supernova Award Category

The Problem

Organizations today must contend with a rapidly evolving cybersecurity landscape as attacks continually grow more persistent, sophisticated, damaging, and frequent. Growing interconnectedness and escalating cybersecurity challenges have compelled Cisco and other organizations to rethink their approach to security.

Defending the Cisco enterprise is a significant undertaking, involving 122,000 workers in 170 countries, 3 million IP addresses, more than 40,000 routers, approximately 26,000 remote office connections, and 75 million web transactions each day. Compounding the challenge, the number of devices connected to its network increases annually, an outgrowth of the Internet of Things and Cisco’s bring-your-own-device (BYOD) program.

As threats to data security mount, Cisco needed to keep its critical digital assets safe and compliant with international regulations, and transparently demonstrate how it is protecting data and ensuring privacy.

The Solution

With adversaries looking to exploit any weaknesses, Cisco takes a proactive approach to data protection, making it a priority to operationalize security and enable the business to continue focusing on secure innovation. The company acknowledges that visibility is key in catching threats before they can do harm. While Cisco has the foundational solutions in place to defend against incidents like DDoS attacks, spam and malware, it needed to protect against more advanced threats.

Cisco’s team reviewed its technologies, tools and processes for capturing and containing malware to ensure it addressed current attack methods, malware and network capabilities. In addition, Cisco constantly looks to mature it’s infrastructure to account for new attack methods and expanded network capabilities.

Cisco also launched its Data Protection Program to provide an enterprise-wide governance structure and identify key roles and responsibilities to effectively manage the protection of Cisco’s data.

The results

The Security an Trust Organization under John N. Stewart’s leadership is driving a security awareness culture and changing processes in the following ways:

• The IT/InfoSec parallel partnership is proving vital. As new technologies and software platforms are evaluated by IT, InfoSec helps identify weaknesses that require procedural accommodations to maintain the desired level of data protection. When InfoSec develops security policies and protocols, IT acquires compatible tools to achieve the goals that are defined in the policies. With close collaboration between the CIO and CISO, the partnership ensures that the corporate board is constantly updated about the state of Cisco’s comprehensive security posture.

Security is at the core of everything that Cisco does, from its Data Protection Program and Privacy Engineering, to its Secure Development Lifecycle and Value Chain Security.
• Cisco’s Corporate Policy Governance Processes cover lifecycle, templates and taxonomy. The company now reviews and updates its policies and standards at minimum every two years. However, it is currently updating them every 12 to 15 months as the business evolves and it improves how it aligns the Data Protection Program to industry certification requirements.

• Cisco executives share the best practices from its experience protecting its enterprise to help other organizations implement similar programs based on the lessons Cisco learned.

Metrics

Cisco’s IT/InfoSec partnership continues to find new ways to establish verifiable trust. It has introduced an auto data classification technique to distinguish sensitive data with speed and scale. As a result, the company learned that less than 4 percent of its data is actually considered “sensitive,” mandating rigorous protection – while saving $26 million by automating manual classification processes. It has also implemented a dynamic user policy to allow business to proceed while still safeguarding network access via user identity management tactics such as user differentiation and role-based restrictions.

Most significantly, Cisco incorporated ID&R to extend its threat visibility, catching threats before they can do harm. The company is inspecting 27 terabytes of traffic every, and is automatically blocking 75,000 potentially dangerous web transactions a day.

Gaining visibility into the threats targeting the company has proven critical. The company detected 86 percent more incidents than the previous year, and lowered the time it took to detect those attacks from 50 hours to about 13 hours, dramatically reducing time a threat has to inflict damage.

Visibility into network events, collected data, etc., is proving essential in capturing and containing such threats before they can do harm. It’s not all about technology either, as clear policies, education and awareness are taking hold organization-wide for an effective, pervasive security posture.

The Technology

Cisco Advanced Malware Protection,
Cisco Web Security Appliance,
Cisco Intrusion Prevention System,
Passive DNS/RPZ solution built by Cisco’s Cisco Computer Security Incident Response Team,
NetFlow

Disruptive Factor

Cisco’s verifiable trust initiatives signify the rapidly changing face of cybersecurity within organizations. As it continues to implement strategies to ensure secure processes, policies and technologies across the company, Cisco is educating the industry about the need to align cybersecurity strategies with innovation and growth efforts.

Within Cisco, the creation of a partnership between the IT and InfoSec teams has driven the success of its verifiable trust initiatives. As new technologies and software platforms are evaluated by IT, InfoSec is helpful in identifying weaknesses that require procedural accommodations to maintain the desired level of data protection. When the information security group develops security policies and protocols, IT plays an important role in identifying compatible tools to achieve the goals that are defined in the policies.

Cisco’s groundbreaking, original research supports this. The resulting “Cybersecurity as a Growth Advantage” report indicates that nearly one-third of finance and line-of-business (LOB) execs said they viewed cybersecurity primarily as a growth enabler. Instead of thinking of network protection measures as purely “defensive” efforts, 44 percent say cybersecurity delivers a competitive advantage. In fact, as part of its research, Cisco has identified an estimated $5.8 trillion in value among just over 400 organizations that is directly related to their deployment of cybersecurity as a catalyst for innovation and growth

Shining Moment

The Security and Trust Organization won Best Security Organization of the Year award for delivering innovative pervasive security and industry leading business value.