Brian Pennington

A blog about Cyber Security & Compliance



Top Concerns for 2014 from Today’s CISOs

According to Cisco’s 2014 Annual Security Report Top Concerns for 2014 from Today’s CISOs

As chief information security officers (CISOs) survey today’s threat landscape, they are faced with growing pressure to protect terabytes of data, meet stiff compliance regulations, and evaluate risks of working with third-party vendors and doing it all with shrinking budgets and lean IT teams. CISOs have more tasks than ever and sophisticated, complex threats to manage.

Principal security strategists for Cisco security services, who advise CISOs on security approaches for their organizations, offer this list of the most pressing concerns and challenges for 2014:-

Managing Compliance

The most pervasive concern among CISOs may be the need to protect data that resides throughout an increasingly porous network, while expending precious resources on compliance. Compliance alone is not equal to being secure it is simply a minimum baseline focusing on the needs of a special regulated environment. Security, meanwhile, is an all-encompassing approach that covers all business activities.

Trusting the Cloud

CISOs must make decisions on how to manage information safely with the finite budgets and time they are allotted. For example, the cloud has become a cost-effective and agile way to manage ever-growing storehouses of data, but it raises more worries for CISOs. Chief executive officers and boards of directors see the cloud as a panacea for eliminating costly hardware. They want the benefits of offloading data to the cloud, and expect the CISO to make it happen securely and quickly.

Trusting Vendors

As with the cloud, organizations tap into vendors to provide specialized solutions. The cost model for going with third parties makes sense. However, these vendors are high value targets for criminals, who know that third-party defences may not be as strong.

Bouncing Back from Security Breaches

All organizations should assume they’ve been hacked, or at least agree that it’s not a question of if they will be targeted for an attack, but when. Recent hacks such as Operation Night Dragon, the RSA breach, and the Shamoon attack against a large oil and gas company in 2012 are on the minds of many CISOs.

The three key findings from the Cisco 2014 Annual Security Report

1. Attacks against infrastructure are targeting significant resources across the Internet.

  • Malicious exploits are gaining access to web hosting servers, name servers, and data centers. This suggests the forming of überbots that seek high-reputation and resource-rich assets.
  • Buffer errors are a leading threat, at 21% of the Common Weakness Enumeration (CWE) threat categories.
  • Malware encounters are shifting toward electronics manufacturing and the agriculture and mining industries at about 6x the average encounter rate across industry verticals.

2. Malicious actors are using trusted applications to exploit gaps in perimeter security.

  • Spam continues its downward trend, although the proportion of maliciously intended spam remains constant.
  • Java comprises 91% of web exploits; 76% of companies using Cisco Web Security services are running Java 6, an end-of-life, unsupported version.
  • “Watering hole” attacks are targeting specific industry-related websites to deliver malware.

3. Investigations of multinational companies show evidence of internal compromise. Suspicious traffic is emanating from their networks and attempting to connect to questionable sites (100% of companies are calling malicious malware hosts).

  • Indicators of compromise suggest network penetrations may be undetected over long periods.
  • Threat alerts grew 14% year over year; new alerts (not updated alerts) are on the rise.
  • 99% of all mobile malware in 2013 targeted Android devices. Android users also have the highest encounter rate (71%) with all forms of web-delivered malware.

Cisco Security can be found here.

Profile of growing attacks against the internet infrastructure - infographic

Cisco’s 2014 Security Report as an infographic

Cisco’s Infographic is an interesting turn on the ROI message as it looks at security from the loss prevention angle rather than earnings.

Especially with Data Centre downtime costing on average $336,000 per hour.

100,000 new security threats are identified each day

Network Barometer Report 2012 – a Dimension Data’s report

Dimension Data announced the results of its Network Barometer Report for 2012. The findings of the report have been taken from 294Technology Lifecycle Management” (TLM) assessments of enterprise organizations.

TLM review a networks’ readiness to support business by reviewing network device across four distinct areas:-

  1. Security vulnerabilities
  2. Configuration variance from best practice
  3. IOS Version Management
  4. End-of-Life status

The report has a concentrates mainly on Cisco products as they form the largest vendor in the Dimension Data installed support base.

Key finding of the report

  • 75% of network devices are carrying at least one known security vulnerability, in line with the 73% in 2011.
  • A single vulnerability was responsible for this high PSIRT penetration. PSIRT 10944, identified by Cisco in September 2009, was found in 47% of all the devices analysed during 2011 (A PSIRT is a software vulnerability that has been identified by Cisco’s Product Security Incident Response Team)
  • While the number of configuration errors per device increased from 29 to 43, security related configuration errors such as AAA Authentication continue to dominate
  • The percentage of devices that entered the obsolescence phase increased from 38% to 45%
  • Of those devices, the percentage that were End-of-Sale (EoS) jumped from 4.2% in 2011 to 70% in 2012. The percentage of devices that were either EoSW maintenance EoCR dropped a similarly dramatic amount from 86.2% to 20.8%.
  • A third of all Wireless access points discovered during the calendar year 2011 were 802.11n-capable. This is nearly triple the 12% 802n penetration from last year. This adoption will also drive refresh in the underlying routing and switching infrastructure
  • After peaking at 64 new PSIRTS in 2007, the announcements had tapered off in the 45 to 50 range for the past three years, before spiking again to 60 in in 2011
  • On average, 40% of all devices have been past EoS for the past four years. That said, there have been small year–on-year increases over the past three years – 3% from 2010 to 2011 and 7% from 2011 to 2012.

The report states

“While the overall percentage of devices carrying at least one known security vulnerability stayed constant, the data also shows that an increasing number of organisations have been successful in their security vulnerability management.

During 2010, 14% of all the assessments performed showed networks that were completely clear of security vulnerabilities. This figure increased to 25% of all assessments performed during 2011.

Repeat Technology Lifecycle Management Assessment clients fared even better – during 2010, 18% of all assessments showed no security vulnerabilities, a number that doubled to 37% for 2011.

In fact, repeat users of the TLM Assessment performed better than the general population with 59% of all devices carrying at least one known security vulnerability when compared to 75% for the entire sample set. This would seem to confirm that on going network visibility is a crucial component of successful vulnerability management.” 

Dimension Data’s Conclusion of it report is below.

With the on going changes in the way IT services are consumed, in some cases driven by user demand, it has become more important than ever to take an architectural approach to network design. The adoption of enterprise mobility, virtualisation and cloud will place more pressure on an already stretched network and if it is not managed proactively will impact business agility, efficiency and ability to remain competitive.

Effective infrastructure management and network planning ensures that IT is able to meet the needs of the organisation at a tactical and strategic level, with additional benefits in terms of cost, asset optimisation and security. Dimension Data concludes that a technology lifecycle management (TLM) approach will address key architecture, security and configuration issues. We recommend this approach include six stages.

INITIATE: Determine the impact of the network technology lifecycle The first stage involves a business discussion about the network’s technology lifecycle, and the organisation’s existing and best fit longer term network architecture, considering risk, cost and strategic factors.

DISCOVER: Gather network data

Incorporates business and technical reviews with the key stakeholders to ensure the relevant information is collected. An asset list is required at this stage and if the organisation does not have an up to date list, a network scan will be required to create one. Dimension Data recommends a TLM Assessment to help identify lifecycle milestones as well as security and configuration issues.

CONSTRUCT: Perform gap analysis and develop recommendations

Here, the discovery data is analysed against security, configuration and end-of-life databases as well as checked for maintenance coverage status. There are automated tools to perform this task and the TLM Assessment service achieves this for Dimension Data clients. A technology roadmap will be created, based on the prioritised recommendations from the analysis. This will include configuration remediations as well as security and maintenance recommendations.

RECOMMEND: Consult and present the recommendations and roadmap

This consultative stage includes sharing the findings of the work done with key stakeholders and determining how to act on recommendations based on risk, cost and strategic factors. This will include a formal report and a collaborative discussion to develop an action plan.

EXECUTE: Execute on recommendations

IT operations will then execute on the recommendations. These may include allocating resources or working with a third party to address the security and network remediations that are required, reviewing maintenance and support contracts, and/or planning for equipment upgrades. As this is a multi-year planning approach, there are likely to be steps executed in future financial periods as the organisation’s needs dictate.

IMPROVE: Execute this discipline on an ongoing basis

Networks and markets are dynamic. Configurations will drift from best practice standards over time and additional products deployed will enter the manufacturer’s obsolescence lifecycle. In order to ensure the benefits of this approach over time, repeat assessments should be considered.

See my summary of the 2011 Dimension Data Barometer Report here.


Network Barometer Report 2011 – Dimension Data’s annual report

Dimension Data announced the results of its Network Barometer Report for 2011. The findings of the report have been taken from 270 “Technology Lifecycle Management” (TLM) assessments of enterprise organizations.

The annual Dimension Data report gauges the readiness of organizations’ networks to support business by evaluating adherence to best practices, potential security vulnerabilities and the end-of-life status of network devices.

Key findings from the 2011 report are:

  • More than 73% of corporate network devices had at least one known security vulnerability, nearly double the 38% recorded in last year’s report.
  • A single, higher-risk vulnerability identified by Cisco’s PSIRT* (Product Security Incident Response Team) in September 2009 – PSIRT 109444 – was found in a staggering 66% of all devices, and was responsible for this jump.
  • With PSIRT 109444 removed from the equation, the next four vulnerabilities were found in less than 20% of all devices, indicating that organizations are stepping up remediation efforts.
  • 47% of devices were in late stage obsolescence – characterized as “beyond end-of-contract renewal” – which is the highest risk phase of the product lifecycle. At this point, organizations can no longer purchase additional support and are less likely to have access to the latest vendor-supplied security patches, leaving them vulnerable to security breaches and compliance violations.
  • The average number of configuration violations per device has decreased by 30%; however, AAA (authentication, authorization and accounting) errors continue to dominate.
  • A fall in the total number of configuration issues per device indicates that there has been progress in organisations’ response to configuration errors.
  • Despite some improvement, potential security violations still represent the single largest block of configuration errors.
  • Technology obsolescence is running at 38% of organisations’ installed asset base – little change in the past 3 years
  • The percentage of devices in late stage end-of-life dropped from 58% last year to 47% this year, and those beyond LDoS dropped from 31% last year to 9%. This suggests that organisation are managing their network assets in a much more effective manner and refreshing those devices where the risk is greatest.
  • An increase in technology obsolescence in the cases of repeat assessments also suggests that organisations are using an overall understanding of their technology estate to ‘sweat assets’ intelligently.

“The Network Barometer Report 2011 raises the question of whether organizations have the necessary visibility into their overall technology environment to adequately protect customer data, privacy and sensitive business information, and to intelligently manage and ‘sweat’ IT assets,” said Wesley Johnston, chief operating officer, Dimension Data Americas.

“Previous research that we’ve conducted – unrelated to the Network Barometer Report – supports this concern, revealing that companies are unaware of as much as 25% of their networking devices. Organizations need a full view of every device on the network – including where it is, what it does and what the implications are when it breaks or becomes unsupportable – in order to protect themselves and their customers and ensure business productivity and efficiency,” stated Johnston.

 The Dimension Data Network Barometer Report can be downloaded here


Blog at

Up ↑

%d bloggers like this: