Understanding Cisco’s Security Intelligence Operations

I have been in the security field long enough to know that software based intelligence is certainly not enough in an industry where your attackers are well educated, collaborate extensively and have a purpose. The latest political and financial attacks have certainly been proof that we are far from protected in software signature-based environments. At the same time, massive amounts of information generated from our internal network components are making the discovery of that specific security event an exercise in futility.

We were reaching the limits on signature-based solutions as they required more and more CPU and memory to go deeper into each packet. At the same time attackers were modifying each threat to bypass signatures, and unless you were an Uber-Admin, you were always a few sigs or patches behind.

At Cisco we had a vision to build a solution that would address many of these shortcomings, provide our customers with a global view of security events, and integrate automatically with our products.

Cisco Security Intelligence Operations (SIO) is that vision made real. Cisco SIO is a cloud-based service that connects global threat information, reputation-based services and sophisticated analysis to Cisco’s security devices to provide comprehensive protection with faster response times. SIO has become the key solution that binds Cisco’s Email and Web, Firewall, Intrusion Prevention Systems (IPS) and Remote access solutions together.

SIO has three main components:

  1. Cisco SensorBase: the world’s largest threat-monitoring network
  2. Cisco Threat Operations Center: a global team of security analysts and automated systems
  3. Dynamic updates: real-time updates automatically delivered to Cisco security devices

Now most security vendors would say they have an operation center and dynamic updates, but only Cisco can talk to the volume of data that we process through our SensorBase solution. Each day 700,000 globally deployed Cisco IPS, email security, web security, and firewall devices feed more than 500 GB of data, which includes 7 billion URLs and threat data, from more than 30% of the world’s email traffic.

Think about that for a second.  Over 30 per cent of the world’s email traffic runs through Cisco SIO each and every day.

Amazingly, this mass of information is processed centrally, correlated and a reputation score for each IP address is assigned within milliseconds. This is then distributed locally to provide each device, either as an IP score or signature-valuable information, to protect your data.

With SIO, Cisco is leading the way in security protection. The increased accuracy, effective visibility and feature enhancements in our products over the last 5 years has become our key differentiator in the world of ‘Johnny come lately’ security vendors.

Learn more about Cisco’s security solutions here.

About Ali Afshari

Ali Afshari is a 15-year veteran of the security industry, with 5 years experience at Cisco Canada. As Cisco Canada’s director of enterprise security sales, Ali works with Canada’s largest financial institutions and service providers on their security strategy. His passion is to ensure security is embedded into every aspect of IT, approaching it from an architectural view across organizations. You can follow Ali on Twitter at @Ali_Afshari for ongoing updates of security news in Canada.
This entry was posted in Borderless Networks, Cisco and tagged , , , , , , , , , , , , , . Bookmark the permalink.

One Response to Understanding Cisco’s Security Intelligence Operations

  1. Tracey McLean-Thompson says:

    Ali, I am excited about the opportunity Cisco and our partners have with our Security platform. The announcements made at RSA this week have postioned Cisco well in this space.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s