Cisco addresses the security issues in its routers

Cisco Live 2019 Security Panel

A selection of Cisco's cyber security team joined together to form a panel at Cisco Live on Tuesday, addressing members of the press and fielding questions relating to the current state of global cyber security while also offering an insight into how the company approaches the hot topic when building its security products.

What a lot of people don't know is that Cisco is the largest enterprise cyber security company in the world - it's not just a networking firm, which is why hearing from a panel of experts is a valuable resource of insights into the state of cyber security around the world.

Cisco's stance on cybersecurity is that it wants to bring the 60+ different security products a business uses into one unified threat management tool, streamlining the security process.

A security company can streamline its processes all it likes but if it still lets its customers down, then it will have some things to answer for. Cisco has been the victim of its fair share of cyber security incidents this year already, most notable Thrangrycat - a critical flaw in its equipment thought to be unpatchable by experts.

What's been done to address Thrangrycat?

Thrangrycat is a term given by researchers to a pair of vulnerabilities in Cisco's routers that would allow hackers to remotely control enterprise-grade routers, allowing them access to a business' entire network.

Although Steve Martino, CISO at Cisco, said that every product that's shipped is checked so it adheres to Cisco's secure development lifecycle (CSDL) - a set of policies and tools to ensure products are built to a good specification - some fail through human error.

"We have 30,000 carbon units called humans that build these software products and occasionally they're going to make a mistake, said Martino. "They have many priorities around features, velocity, getting things to market, doing things securely and sometimes things are going to slip through.

"There is no modern piece of software built today that is bug-free or security flaw free; there just isn't, it just doesn't happen. So, what we have to be able to do is find those flaws, fix those flaws quickly and responsibly. So, I can't give you a root cause for [Thrangrycat] but, we really do take that very, very seriously."

It seems Martino seemed to sidestep the crux of the question, other issues were also on the minds of Cisco Live attendees, namely DNS hijacking attacks.

Can you comment on the wave of DNS attacks and why they're happening?

Over the past year, another emerging threat that's been growing in popularity and one that's targeted national governments is DNS hijacking attacks. The US government, Cisco and other major cyber security companies have warned over the new pervasive threat that's claimed middle-eastern governments and companies as its victims.

A DNS attack is supremely damaging, in the wave of attacks on the Middle East over the past year, attackers were able to steal login credentials from people in government and private bodies in Lebanon and the UAE. Successful DNS hijacking also allows attackers to obtain SSL certificates to decrypt intercepted email and VPN credentials. Cisco is scared that it could be the next big trend for cyber criminals to follow.

"Unfortunately for us, when we start manipulating the DNS system on a global scale everyone sees it and that is incredibly bad because there's one thing that I think we can all agree about the internet - when bad guys find a technique that's successful, other bad guys are going to see those same techniques and copy them," said Craig Williams, director of outreach at Cisco Talos.

"Right now, those types of manipulations and DNS redirections are only really going to affect nation states attacking other nation-states," he added. "I have concerns that, in the future, normal bad guys - cyber criminals - are going to utilise the same techniques. So, it's something we need to keep an eye on, it's something we need to take seriously."

To stay protected, Williams recommends regularly patching systems, mitigating vulnerabilities and enabling multi-factor authentication. "There's no reason not to be using multi-factor authentication anymore," he said. "Everyone knows how to use it, my mum can use it, it's on her Facebook - so turn it on."

Cisco's approach to security

Conference attendees were also keen to hear more about Cisco's approach to cyber security going forward and how it plans on protecting its customers. Three main takeaways were pulled from the panel discussion, the first of which is that security is moving towards the endpoint and the end device.

"Being able to provide security controls, perimeter device, user-to-application-to-data is absolutely where take our discussions - it's no longer a single-product conversation," said John Maynard, VP global security sales.

Visibility and integration are two goals that drive Cisco's security product development too. Not only does the company want to unify those 60+ threat prevention tools and vendors as mentioned earlier, but it wants to inform customers why Cisco's tools are doing what they're doing.

"[Cisco's security portfolio] not only defends, but gives me insights into why it's defending things," said Martino. "We collect on our own network 4TB of data every day to help us further defend our network and our infrastructure and that visibility is really key."

Connor Jones
Contributor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.