Counting Threats: People Are Your Perimeter


Published on

How Cisco and Intel® are harnessing the collaborative power of people to deliver intelligent threat analysis and response across their organizations, products, and services.

Published in: Technology
1 Like

Comments are closed

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Counting Threats: People Are Your Perimeter

  1. 1. Unleashing IT Counting threats: People are your perimeter Cisco and Intel® partnering in innovation How Cisco and Intel are harnessing the collaborative power of people to deliver intelligent threat analysis and response across their organizations, products, and services. Too much information is hard to digest. Especially when your role is incident response and you’re called on to provide an informed risk assessment for the latest security threat. With terabytes of data to sift through, a significant amount of resource and time is required and that’s a daunting task for many organizations. So how do you improve your ability to sense, interpret, and act on emerging threats? By engaging the one resource you already have: people. The approach has proven itself at both Cisco and Intel through swift analysis of emerging threats like Stuxnet, quick response to attacks from undisclosed third parties, and increased alertness in general. It also enables security budgets to be directed toward efforts that matter most. “People build intelligence,” says Dixon. “Nothing coming in the door is intelligence. It’s only after our folks put our context on it that it becomes intelligence. That’s the difference between the sky is falling every patch Tuesday versus here’s a threat we have to care about and why.” “If you don’t have people focused on threat analysis and leveraging interested parties—both inside and outside your organization—then you’re leaving yourself vulnerable,” says Jerry Dixon, director of incident response, Cisco. “Technical infrastructure only gets you so far. You need to get the right threat intelligence to the right groups, creating a human intrusion detection system where everyone in the company has a role to play in information security.” Getting Started Building a sensor network requires C-level support from the start. According to Malcolm Harkins, vice president and chief security and privacy officer, Intel, best practices include: • Cisco has similar efforts in place to foster ongoing dialogue between product, security, and incident response teams across its organization. Together they maintain a pulse on emerging threat data and occasionally hold threat summits with external groups, including the research community and industry partners. They also host targeted awareness campaigns internally to ensure every Cisco employee is cognizant of the latest threats and correct response actions. “A sensor network is like a funnel,” explains Malcolm Harkins, vice president and chief security and privacy officer, Intel. “You begin by establishing collaborative groups, then funnel the information they collect into an interpretation or triage exercise, and ultimately push it back out across your company as an informed risk action.” People don’t need ‘information security’ in their titles to be valuable contributors to the sensor network. Pulling together those who are passionate about cyber security, regardless of their day job, adds mind power and eyes to contend with rapidly emerging threats that might otherwise be missed. • Both Cisco and Intel® are already capitalizing on this novel approach. Intel’s Threat Agent Group and Emerging Threat Analysis forum are collaborative groups within Intel open to anyone passionate about security. The groups consist of professionals from varied backgrounds, including manufacturing, product development, legal, human resources, and information security. Their collective insight is coupled with outsight—connections to outside groups and industry peers—to act on emerging threats in a manner that is deemed appropriate to Intel. Demonstrate the connection between enterprise risk and technology risk. Proper management of risks such as food safety or patient safety, for example, is dependent on the integrity of underlying systems and control processes. • Encourage tolerance in your management framework to allow information sharing with trusted peers. • Clearly articulate rules of engagement for information sharing that include privacy controls, oversight, and governance. Complimentary book For a complimentary book, Managing Risk and Information Security, Protect to Enable, available in limited quantities, visit: This article first appeared online at, available after subscribing at © 2013 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1309) Intel and the Intel logo are trademarks or registered trademarks of Intel Corporation in the U.S. and/or other countries.