How does one of the most attacked companies in the world keep their remote workforce secure?

When the world started to change back in March, tens of thousands of organisations went into a mode of working from home. For many organisations, this was a new experience, which meant that some of the business simply didn’t have the means to seamlessly transition and continue to work remotely.

However, Cisco with a workforce of about 70,000 users globally managed to seamlessly transition to working from home.

Ahead of the curve

Cisco had already began preparing for secure, remote working before the pandemic started. This allowed the company to switch to working from home within 2 weeks’ notice. Most Cisco employees work remotely at least once a month, so the capability was already in place.

Therefore, Cisco’s main concern was not around the transition but around scalability. The main challenge was ensuring sufficient VPN and maintaining the security posture that was already built up.

Ready for the attack

Cisco’s internal IT team suspected that there would be an increase in activity, especially around home networks, but to their surprise there was no increase in the amount of a threats that the company was hit with.

This fact is even more staggering since Cisco is one of the most attacked companies in the world with:

  • 28 Billion NetFlow flows every day.
  • 1.2 trillion registered security events
  • 47 terabytes of inspected traffic
  • 7.6 Billion DNS lookups per day (Twice the number of daily global Google searches!)

How does any company manage such volume of information?

Drink your own Champagne!

It doesn’t come as a surprise that of Cisco’s security infrastructure relies on Cisco’s security products. Cisco’s Internal IT team doesn’t develop products but they “drink their own champagne” and try the products internally to support 130,000 potential users, 500 offices in 100 countries.

To deal with the overwhelming amount of events Cisco’s Internal IT team enabled a lot of automation. Although Cisco is a global corporation, they don’t have an unlimited budget nor a bottomless talent pool. Therefore, security automation and integration were some of the key elements that, were developed over many years.

For example, Cisco created credit plays for data coming in, which means that if they see certain indicators of compromise or abnormal activity, they’ve got a baseline ready so that the automatic actions are taken. It’s not individuals looking at the information but tools, shielding the company against 95% of potential attacks through automation. Leaving just 5% of actions that require attention from individuals. That amounts to about 22 incidents per day that need some human intervention. These incidents are flagged up not necessary because of the potential high impact but generally the attacks are novel and something Cisco haven’t seen before.

All these novel attacks are fed back to Cisco Talos, the largest non – governmental threat intelligence agency in the world, to alert other customers that might be using the same products and advise them to update signatures.

The good news is that more of Cisco’s Internal IT team’s expertise is now built into some of Cisco’s security products. As the products are being tested internally, the IT team provides feedback around the smart signatures, the analytics, threat grid or security.

Not just Cisco products

However, Cisco does not only limit their tools to Cisco products. For example, Stealthwatch (a behavioural analytics product) was in place before the company decided to acquire it and include in their security product portfolio.

Furthermore, to protect their employees the company is using Mcafee. They also held off deploying app for their end points because it didn’t have the enterprise features that we wanted. The team doesn’t accept the applications until they are ready to support their 130,000 users.

Finally, Cisco are also building integrations with some of their biggest competition like Microsoft, where they created workflows to address common cyber challenges for their customers.

Bottom line

Protecting one of the most attacked companies in the world is not easy but with internal expertise, a lot of automation and market leading security products, Cisco continues to pave the way in security market.

To find out more about Cisco’s internal security watch our webinar: “Behind the scenes of Cisco IT Security – the good, the bad and the ugly of the pandemic security”

Related posts

Nowcomm– Now Powered by FourNet – by James Baly- Co-Founder of Nowcomm

A Business Case for Managed Security

International Women’s Day: The increasing importance of women in technology

Stuck in a loveless Cisco partner relationship? You can do better.

Cybersecurity lessons learnt from 2022 and the New Year’s security resolutions you should stick to

12 new year’s resolutions for collaboration and hybrid working in 2023

What are the main reasons for poor WiFi in schools and how can you improve it?

How WiFi in schools is transforming the learning experience

All about the Department for Education Connect the Classroom initiative

Cloud Telephony for Public Sector

How is SASE Helping the Public Sector?

Hybrid workers are here to stay, but is your business ready?

How does call recording and analytics improve customer services?

A Quick Guide to Zero Trust Security

New phish in town – Browser-in-the-browser attack

Dubber on Webex – Call Insights and AI for Public Sector

Deep dive into the world of Secure Cloud Analytics

How is contact centre technology transforming the customer experience?

Exploits our radar: Apache Log4j

Cisco Secure Endpoint vs Microsoft Defender: Which one to choose?