SecuritySolutionsWatch.com: Please give us an overview of your
background and your role at Cisco.
Jeff Platon: I am the VP of product and technology
marketing efforts as they pertain to security.
SecuritySolutionsWatch.com: Cisco's "security" capabilities
include the "Self-Defending Network".
Would you kindly give our audience an overview of how
Cisco's Self-Defending Network is designed to identify, prevent,
and adapt to threats.
Jeff Platon: The first phase of the Cisco Self-Defending
Network strategy involved integrating security capabilities
directly into network elements including routers, switches,
wireless access points, and standalone network appliances. The
second phase, which includes the industrywide Cisco Network
Admission Control (NAC) effort, enables security-enabled network
elements to communicate with one another in a collaborative
manner, while extending security capabilities to individual user
devices that connect to other networks and might infect a
corporate network. Adaptive Threat Defense is the next phase and
helps to further minimize network security risks by dynamically
addressing threats at multiple layers, enabling tighter control of
network traffic, endpoints, users, and applications. It aims to
protect every packet and every packet flow on a network. With the
introduction of Adaptive Threat Defense, Cisco has announced more
than ten new product and technology innovations to help provide
ubiquitous, layered protection and improved operational efficiency
of business processes and applications.
SecuritySolutionsWatch.com: "Phishing" and "Pharming"
threats seem to be growing in number and sophistication, yet, many
people are still unfamiliar with what these terms actually mean
and how these threats actually work. Would you please give us an
overview of "phishing" and "pharming" scams
and what consumers and businesses can do to guard against these
threats. What resources are available at Cisco.com to help
consumers and businesses guard against cyber threats?
Jeff Platon: Phishing and Pharming are among the array
of Internet threats impacting businesses today. Phishing attacks
use 'spoofed' e-mails and fraudulent websites designed to fool
recipients into divulging personal financial data such as credit
card numbers, account usernames and passwords, social security
numbers, etc. By hijacking the trusted brands of well-known
organizations, phishers are able to convince a certain percentage
of recipients to respond to them. Pharming is the exploitation of
a vulnerability in the DNS server software that allows a hacker to
acquire the Domain Name for a site, and to redirect that website's
traffic to another web site. DNS servers are the machines
responsible for resolving internet names into their real addresses
- the "signposts" of the internet. If the web site
receiving the traffic is a fake web site, such as a copy of a
bank's website, it can be used to "phish" or steal a
computer user's passwords, PIN number or account number. Note that
this is only possible when the original site was not SSL
protected, or when the user is ignoring warnings about invalid
server certificates. Cisco offers products, architectural
"best practices" known as our Cisco SAFE blueprints to
help protect from these threats, and is also involved with the
standards bodies such as the development of an E-Mail
Authentication Proposal DomainKeys Identified Mail Submitted to
the IETF for Consideration as a new E-Mail Standard to Address
E-Mail Forgery and Phishing Internet Industry Leaders Including
Alt-N Technologies, AOL, Brandenburg Internetworking, Cisco,
EarthLink, IBM, Microsoft, PGP Corporation, Sendmail, StrongMail
Systems, Tumbleweed, VeriSign and Yahoo! Teamed to Develop
DomainKeys Identified Mail
SecuritySolutionsWatch.com: Cisco and Boeing recently announced
a business alliance to create and deliver joint solutions for the
projected $200 billion global market for network-centric defense
and security operations. What solutions will this alliance bring
to the marketplace and what are the respective roles of Cisco and
Boeing. Any other key strategic relationships you care to mention?
Jeff Platon: Building on a successful 15-year business
relationship, Boeing and Cisco signed a non-binding memorandum of
understanding documenting their intention to extend their
non-exclusive business alliance to create and deliver joint
solutions for the projected $200 billion global market for
network-centric defense and security operations. The 10-year
alliance unites Boeing, a leader in network-centric operations,
with Cisco, the leading provider of open-standards-based,
commercial networking technology and services to federal and
global governments. Both companies intend to invest resources in
defining, creating, integrating and deploying industry leading
network centric solutions that help military and government
agencies deal with complex and time-sensitive missions. Other
strategic relationships in the area of security include Cisco's
alliance with IBM and Microsoft. Another key industry initiative
which Cisco spearheaded is the Cisco Network Admission Control (NAC)
program, which includes over 20 partner companies, and is a Cisco
Systems sponsored industry initiative that uses the network
infrastructure to enforce security policy compliance on all
devices seeking to access network computing resources, thereby
limiting damage from viruses and worms. Using NAC, organizations
can provide network access to endpoint devices such as PCs, PDAs,
and servers that are verified to be fully compliant with
established security policy. NAC can also identify noncompliant
devices and deny them access, place them in a quarantined area, or
give them restricted access to computing resources.
SecuritySolutionsWatch.com: Please give our audience an overview
of a Cisco success story in the large enterprise market and the
government market.
Jeff Platon: Both ReserveAmerica and The Leukemia &
Lymphoma Society are customers using Cisco security solutions
SecuritySolutionsWatch.com: Can you give us an overview of the
Government mandates and new legislation which are driving public
and private sector enterprises to improve the security of their
networks such as Sarbanes-Oxley Act of 2002 and The Federal
Information Security Management Act (FISMA).
Jeff Platon: Many of these legislative compliance
efforts are clearly driving security funding and purchases, and
some of this spending is helping drive refinement of policies and
product deployments that heretofore weren't necessarily
acknowledged as much in the past. However, organizations are
likely realizing challenges in the interpretation of some of these
regulations, and generate some confusion and lead to decisions
that don't necessarily mean you are deploying a more secure
infrastructure.
SecuritySolutionsWatch.com: Thanks, Jeff.