How does one of the most attacked companies in the world keep their remote workforce secure?

When the world started to change back in March, tens of thousands of organisations went into a mode of working from home. For many organisations, this was a new experience, which meant that some of the business simply didn’t have the means to seamlessly transition and continue to work remotely.

However, Cisco with a workforce of about 70,000 users globally managed to seamlessly transition to working from home.

Ahead of the curve

Cisco had already began preparing for secure, remote working before the pandemic started. This allowed the company to switch to working from home within 2 weeks’ notice. Most Cisco employees work remotely at least once a month, so the capability was already in place.

Therefore, Cisco’s main concern was not around the transition but around scalability. The main challenge was ensuring sufficient VPN and maintaining the security posture that was already built up.

Ready for the attack

Cisco’s internal IT team suspected that there would be an increase in activity, especially around home networks, but to their surprise there was no increase in the amount of a threats that the company was hit with.

This fact is even more staggering since Cisco is one of the most attacked companies in the world with:

  • 28 Billion NetFlow flows every day.
  • 1.2 trillion registered security events
  • 47 terabytes of inspected traffic
  • 7.6 Billion DNS lookups per day (Twice the number of daily global Google searches!)

How does any company manage such volume of information?

Drink your own Champagne!

It doesn’t come as a surprise that of Cisco’s security infrastructure relies on Cisco’s security products. Cisco’s Internal IT team doesn’t develop products but they “drink their own champagne” and try the products internally to support 130,000 potential users, 500 offices in 100 countries.

To deal with the overwhelming amount of events Cisco’s Internal IT team enabled a lot of automation. Although Cisco is a global corporation, they don’t have an unlimited budget nor a bottomless talent pool. Therefore, security automation and integration were some of the key elements that, were developed over many years.

For example, Cisco created credit plays for data coming in, which means that if they see certain indicators of compromise or abnormal activity, they’ve got a baseline ready so that the automatic actions are taken. It’s not individuals looking at the information but tools, shielding the company against 95% of potential attacks through automation. Leaving just 5% of actions that require attention from individuals. That amounts to about 22 incidents per day that need some human intervention. These incidents are flagged up not necessary because of the potential high impact but generally the attacks are novel and something Cisco haven’t seen before.

All these novel attacks are fed back to Cisco Talos, the largest non – governmental threat intelligence agency in the world, to alert other customers that might be using the same products and advise them to update signatures.

The good news is that more of Cisco’s Internal IT team’s expertise is now built into some of Cisco’s security products. As the products are being tested internally, the IT team provides feedback around the smart signatures, the analytics, threat grid or security.

Not just Cisco products

However, Cisco does not only limit their tools to Cisco products. For example, Stealthwatch (a behavioural analytics product) was in place before the company decided to acquire it and include in their security product portfolio.

Furthermore, to protect their employees the company is using Mcafee. They also held off deploying app for their end points because it didn’t have the enterprise features that we wanted. The team doesn’t accept the applications until they are ready to support their 130,000 users.

Finally, Cisco are also building integrations with some of their biggest competition like Microsoft, where they created workflows to address common cyber challenges for their customers.

Bottom line

Protecting one of the most attacked companies in the world is not easy but with internal expertise, a lot of automation and market leading security products, Cisco continues to pave the way in security market.

To find out more about Cisco’s internal security watch our webinar: “Behind the scenes of Cisco IT Security – the good, the bad and the ugly of the pandemic security”