InformationWeek – Security > Context-aware security is our best defense against APTs: Chris Young, Cisco

Welcome Guest | |

Home
Global CIO 2010
Case Studies
Special Features
Interviews
Top News
Section
Vertical
- BFSI
- IT/ITES
- Government
- FMCG
- Telecom
- Manufacturing
- Pharma
- Services
Special Property
Editor Zone
Analytics & Reports
International News

| | | | | | | | | | |

Security

Context-aware security is our best defense against APTs: Chris Young, Cisco
Chris Young, Senior VP Security, shares his perspective on why context-aware security is key for thwarting new age threats By Srikanth RP, InformationWeek, June 28, 2012

Security has been a big area of focus for Cisco this year. In February last year, Cisco CEO John Chambers announced that security was to become a top engineering priority for the company. The pace of innovation and development has been rapid ever since. To understand Cisco’s focus on security, InformationWeek’s Srikanth RP caught up with Chris Young, Senior VP Security, who shares with us his perspective on why context-aware security is key for thwarting new age threats

How do you think the threat landscape has changed?
From a strategic point of view, mobility driven by trends such as BYOD is reshaping what is happening at the endpoint. This is fundamentally because what you are doing at the endpoint is going to change because of BYOD. The cloud has brought in a different dimension. We have seen instances where hackers have used the cloud as a platform to stage DDoS attacks. These are some of the biggest trends that are changing the security landscape today.

How do you think the industry must respond to thwart these threats?
The ideal way is to build comprehensive security in all solutions, and make security as integrated as possible. And the best way to do this is build security into the network itself as the network knows everything that is happening in the environment. Using the intelligence in the network, we can not only have clear visibility into what computer or mobile users are doing on the network, we can also enforce granular policies for giving access to social applications such as Facebook. When you see applications, information, the devices and the users on the network, you have a context – and using this context, you can decide your security posture.

Do you think context-aware security can prevent sophisticated attacks such as APTs?
If we are able to understand what is happening from the endpoint to the datacenter and at the application level, and have visibility into identity and the type of devices that are connecting to a network – we can certainly mitigate sophisticated attacks by looking at the big picture. For example, if you suddenly see a computer trying to connect itself to different types of servers at an odd time of the day, you must certainly introspect. Enterprises, hence need to be contextually aware of who, what, when and how is a service or user trying to connect to an application or network. For attacks such as Advanced Persistent Threats (APTs), which are slow, patient and often below the radar, context-aware security can go a long way in boosting our defense mechanism, and offer the best defense against APTs. As the network plays a vital role in establishing context, intelligence and control, it is best equipped to understand what is happening in your environment.

blog comments powered by Disqus

About Author

Srikanth RP

An award-winning journalist with more than 14 years of experience, Srikanth RP is Executive Editor with InformationWeek India. Srikanth is passionate about writing on topics which clearly show the business impact of technology.