White PapersThree years ago, Joyce Brocaglia of Alta Associates, a New Jersey-based executive search firm, started the Executive Women’s Forum (EWF) as an annual event drawing together female leaders in the information security field. Rhonda MacLean, former senior VP and director of corporate information security at Bank of America was one of the first executives to lend support to the EWF.
Today, under Brocaglia’s leadership, EWF is one of the top events of its kind, and MacLean has gone on to become not just an annual attendee, but also a guest panelist and member of their advisory committee. In advance of this 3rd annual EWF, writer Tom Field sat down with Brocaglia and MacLean to discuss the EWF mission and accomplishments. Tom Field: How did the Executive Women’s Forum begin, and what were its objectives?
Joyce Brocaglia: As the CEO of Alta Associates, a search firm specializing in information security and controls for the last 20 years, I’ve been able to develop deep relationships and gain a unique perspective on the evolution of information security. A few years ago I began recognizing the noticeable increase in the number of women I was dealing with who held influential positions in their areas of information security, risk management and privacy. I thought, ‘What if I could get some of these women together to share their experiences and talk to each other?’ I called women like Rhonda, Becky Bace, Maryann Davidson—some of the pillars of the information security community—and said ‘What would you think if I put a forum together?’ They all thought it was a great idea, so I went into it with the ‘If I build it, they will come’ approach. Three years later we have accomplished our goal of establishing a trusted venue where the most senior women in our industry gather to share experiences unique to them as security professionals and as women leaders. They create lifelines and build trust-based relationships that last long after the event itself is over.
CSOFOCUSAU G U S T C S O"V O L U M E 1 , N U M B E R 1E X E C U T I V E W O M E N S F O R U MMastering the Art of LeadershipBuilding Trust Leads to Career Success INSIDE: Q&A About the Executive Women s Forum p3The Future of Information Security is Now p6 Beyond Recruiting p8How to Toughen Up and Recover p12 Self-Defending Network p14Untitled DocumentThe 3rd Annual Executive Women s Forum (EWF), hosted by AltaAssociates, Inc. promotes the building of trust-based relationships as adefining element of leadership. Over 300 women who have createdand implemented some of the world s most effective informationsecurity and risk strategies rely on the Executive Women s Forum tobuild such relationships.The Executive Women s Forum creates an environment that allowsdiverse industry leaders who protect and maintain the informationassets of global companies to share experiences, challenges andsuccesses. The EWF provides a forum to compare notes and shareideas on the people, processes and tools that have been essential totheir success.Join your peers at the de facto venue for women of influence. For more information on the EWF or to register please visit:www.infosecuritywomen.com. E-mail: ewf@altaassociates.com;Phone: (908) 806-8442.Mastering the Art of Leadership3rd AnnualExecutiveWomen s ForumInformation Security,Risk Management &PrivacySEPTEMBER 14-16, 2005 | THE SHERATON WILD HORSE PASS RESORT & SPA | PHOENIX, AZKeynote PresentationsEXECUTIVE LEADERSHIP: Cathy Brune,SVP & CIO, Allstate Insurance, ExecutiveLeadership Panel Say It So They Hear It, CIO s share their secrets to communicatingeffectively to the Executive Suite.METRICS PANEL: Rhonda MacLean,Former CISO, Bank of America, MetricsPanel The Value Proposition, Threepremier companies show how they usemetrics to communicate risk, value andsupport business priorities.TECHNOLOGY RISK PANEL: LynnTerwoerds, Senior Security Strategist,Microsoft Trusthworthy Computing, Expertsdiscuss and propose methodologies foraddressing issues such as: Identity Theft,SPAM, Malware, and Compliance. EXECUTIVE COACHING Barbara Poole,Executive Coach, Success Builders, Inc. Aninteractive session that will enhance your EQ and take your emotional intelligenceto a higher level.SECURITY & PRIVACY WORKSHOPSApplication Security by Cisco SystemsIncident Response by Microsoft Corp.Privacy by Sun MicrosystemsRisk Management by SymantecCompliance by VeriSignIdentity Management by Infidel andTriCipherIf I Knew Then What I Know Now byMerck & CompanyVendor Risk Management by Ernst &YoungWOMEN OF INFLUENCE AWARDSCo-presented by CSO magazine and Alta Associates, the awards honor fourwomen for their accomplishments and leadership roles in the fields of security, riskmanagement and privacy. Winners will be announced at an awards ceremonyduring the Executive Women s Forum.OPENINGKEYNOTEJayshree UllalSenior VP/GM,SecurityTechnologyGroupCisco Systems, Inc.THURSDAY KEYNOTEZainab SalbiPresident & CEOWomen forWomenInternationalFRIDAYKEYNOTENora DenzelSenior VP & GMHewlett-PackardCompanyUntitled DocumentA D V E R T I S I N G S U P P L E M E N T The Word is Inspirational Questions and Answers About theExecutive Women s ForumDITOR S NOTE: Three years ago, Joyce Brocaglia of AltaAssociates, a New Jersey-based executive search firm,started the Executive Women s Forum (EWF) as an annualevent drawing together female leaders in the informationsecurity field. Rhonda MacLean, former senior VP and director of corporateinformation security at Bank of America was one of the first executives tolend support to the EWF.Today, under Brocaglia s leadership, EWF is one of the top events of its kind,and MacLean has gone on to become not just an annual attendee, but also aguest panelist and member of their advisory committee.In advance of this 3rd annual EWF, writer Tom Field sat down withBrocaglia and MacLean to discuss the EWF mission and accomplishments.Tom Field: How did the Executive Women s Forum begin, and what were itsobjectives?Joyce Brocaglia: As the CEO of Alta Associates, a search firm specializing ininformation security and controls for the last 20 years, I ve been able to developdeep relationships and gain a unique perspective on the evolution of informationsecurity.A few years ago I began recognizing the noticeable increase in the num-ber of women I was dealing with who held influential positions in their areas ofinformation security, risk management and privacy. I thought, What if I couldget some of these women together to share their experiences and talk to eachother? I called women like Rhonda, Becky Bace, Maryann Davidson some ofthe pillars of the information security community and said What would youthink if I put a forum together? They all thought it was a great idea, so I wentinto it with the If I build it, they will come approach. Three years later we haveaccomplished our goal of establishing a trusted venue where the most seniorwomen in our industry gather to share experiences unique to them as securityprofessionals and as women leaders. They create lifelines and build trust-basedrelationships that last long after the event itself is over.AUGUST CSO VOLUME 1, NUMBER 1CSOFOCUS 3executive women s forumLeadership insights by:Alta AssociatesCisco SystemsExecutive Women sForumMicrosoftSun MicrosystemsSymantecVerisignCSOFOCUSEXECUTIVE WOMEN S FORUM I really wanted to provide a forumfor women to help each other where they can create life lines bybuilding trust-based relationshipsthat last long after the event itself is over. joyce brocagliaceo, alta associatesE[continued on page 5]Untitled DocumentUntitled DocumentCSOFOCUS 5A D V E R T I S I N G S U P P L E M E N TTF: Now, Rhonda, you attended thatfirst forum?Rhonda MacLean: I did attend thatfirst forum. To echo what Joyce said, Iwas blown away by the event. To befrank, arriving at that first EWF I didn tknow what to expect. I knew Joyce hadput together a good program, and thatthe topics were going to be interesting.But it was the number of women attend-ing that were actually in my field com-bined with their experience level thathad such a positive impact on me. For asmany people as I know in security, riskand privacy, just to see them all in oneroom I met a lot of new people I didn tknow were out there. Just being able toshare experiences with such a diversegroup of women who were highly tal-ented was just an amazing experience. Ifelt the experience really helped me inmy own personal development.TF: How is EWF different from otherexecutive forums you ve attended?RM: What made this unique is thatwomen don t oftentimes build a net-work of just women. At other forums,you re basically a face in the crowd, andfinding peers can sometimes be a diffi-cult thing to do. For me, the experienceof being able to share challenges, suc-cess stories, what works and doesn twork learning the backgrounds ofvarious women and how they veachieved their success, was just atremendous experience and that wasvery different. To me, there seems to bean air of real trust when we re there [atEWF] together a willingness to share.JB: I think the word is inspira-tional. Women leave the EWF with arenewed spirit and a sense of cama-raderie. So many women tell me aboutthe instant connection they have whenthey run into an EWF alumni inanother city or at a business function.The people who walk out of heredon t feel like they just attended a con-ference. We really are creating a com-munity with stronger bonds for thesewomen, stronger relationships. I thinkthey are really inspired by the franknessand openness of women standing up tosay Hey, this is how I did it this is howI won, how I lost, and here are the pit-falls. We did a war stories/miraculoussaves discussion one night and it wasamazing to hear incredibly successfulpeople talk about their own frailties andfailures, rather than just being out theirevangelizing, telling how wonderfulthings are at their companies.RM: One thing I ve taken from it aswell, is lifelong friendships. People Ifeel I can call on anytime. And I wantpeople to feel they can call me. [EWF]really does create an environmentwhere you can build these strong rela-tionships and network.TF: How do you set the expectationsfor people who are attending for thefirst time?JB: I tell them: This is not yourfather s information security confer-ence. The expectations are: You have tobe willing to come and truly participate.No wallflowers allowed. Everybody whocomes has to have something to offer,has to be willing to share. The beauty ofit is that every attendee is actually quali-fied to be a panelist, so there s a tremen-dous amount of back-and-forth. It isnot for the shy or timid of heart toattend. People have questions; there slots of lively discussion around issues.They work hard and they play hard, allday and all night. It s an event like noother event that they ll attend.RM: I think you ve really hit on it.WhatI got out of it was the interaction youtalked about, Joyce. It s so critical to theevent s success. This is not a meeting atwhich you re going to come and sit andlisten. This is one where you re going togo and participate because it s veryengaging and rewarding. Because thepeople who attend have so much expe-rience in the issues that are brought up,when someone speaks up with a com-ment, it spawns another comment. Atthe end of the day, those discussions goon into the night. It really is an amazingevent. Of all the professional forums Ihave ever done in my career this is oneof the most beneficial.TF: The forum doesn t just end whenthe event ends, does it?RM: No, it doesn t. I think that s partof the reason why I ve found it so bene-ficial. It s not your typical conference,where you go make a few contacts andmaybe keep up with some people. Thisis all about developing relationships. Iq &aJoyce Brocaglia and Rhonda MacLean Of all the professional forums I have ever done in mycareer this is one of the most beneficial. RHONDA MACLEANUntitled Document6 CSOFOCUSA D V E R T I S I N G S U P P L E M E N Trarely given the title. Following thoseevents, as well as the huge push towardglobalization in the last few years, wehave begun to deal with risk on a globallandscape. This has been accelerated bycompliance requirements like GLBAand most notably Sarbanes-Oxley herein the U.S. The role is more structured.Sarbanes-Oxley was really helpful inthat regard, in helping us structure howwe can talk about risk and controls.We ve evolved from the securityexpert who was consulted onlywhen he or she had to be, and itwas bad news when you did, to arole where we have a seat at thetable and advise corporate manage-ment on risk. It s a night and daychange in the last five years.Q: Where do you think the greateststrides have been made in terms of globalsecurity?A: I was involved with a group thatstarted developing a standard inEurope that eventually became theBritish standard 7799 and is now theinternational standard, ISO 17799.That has now become the standardthat companies can use interchange-ably to understand each other s pos-ture. What is driving global securityand making it really critical right nowinternationally is privacy. Security andprivacy go hand in hand. Becauseinformation is a global asset andcrosses international boundaries wehave to be sensitive to what it takes toprotect information from a securitystandpoint and also comply withinternational statutes.Q: What worries you the most?A: The thing I worry about the most isthe people aspect of my job.Technology is actually the easiestaspect once you get it figured out andrunning, it works. People aren t likethat. Any large multinational com-pany is like a city you re alwaysgoing to have people with valuesthat aren t uniform. And people canmicrosoftWhat changes have you seen in the securitylandscape and the role of the CSO over the lastfew years?A: The most significant changes came aboutafter Code Red, Nimda and 9/11, which took place about the sametime. Security leaped to the forefront of everyone s mind. Prior to that,people very often had the role of what we consider a CSO, but wereQThe Future ofInformation SecurityIsNowQ&A with Karen Worstell, CISO, Microsoft Corp.Untitled DocumentCSOFOCUS 7make mistakes or errors in judgment.You have to build the program withthat in mind, we want to create an envi-ronment where people can collaborateand share information. At the sametime we have to keep in mind that badstuff can happen and plan for those situations.Q: What do you predict the securitylandscape will look like five years fromnow?A: I love that question, because what sso cool about being at Microsoft is thatwe re living companies futures fiveyears from now. As we test and installsomething like Longhorn, companieswill be rolling out those same technolo-gies in the near future. We have all ofthe collaboration technologies and allof the open networks with most of theperimeters dissolved. Our architectureis intended to support an environmentthat is very mobile, open and very col-laborative. We re living that right now.If I look out five years from now, giventhat this is the technology and that thisis the world of work that people couldbe embracing, what I m hoping for isthat we ll get past the shock and fearthat has just hit everybody aroundsecurity. Now that it is a priority, peo-ple will be more aware, they ll knowwhat they need to do, and the shockand fear factor will be gone. The tech-nology opportunity for people to leadand be part of a very open informa-tion-sharing environment is all there.I m excited about what our professioncan do to start talking about theenablement and empowerment thatpeople have to personally do to protectthemselves and how to be responsiblein doing that. This is a process that willtake place over a period of years. As weget that education out there, things willcalm down. People will be aware and itwill be like wearing a seat belt whendriving a car.Q: What are the best practices for CSOsto use in helping their corporate manage-ment prepare for this new open, collabo-rative and mobile world?A: CSOs must understand the businessso that they can learn to fairly and accu-rately represent risk. If we can charac-terize risks relative to all the things thataffect the integrity, availability, confi-dentiality and security of those digitalassets, then you can translate it into anumber of discrete control activitiesthat need to be done. Instead of everynew situation becoming a fire drill, wecan go to executive management with acoherent plan. The problem in the pastis that too many security people treatedevery new item as a new risk&in realitynew risks are not infinite. It s not sus-tainable for a security team to be in amode of always introducing new issuesto management.Q: What are the most appropriate met-rics for measuring the success of a secu-rity program?A: First of all, we need to get to a pointwhere management can make a deci-sion about how much risk is in theenvironment, and what amount of riskis acceptable. At Microsoft, we have aframework that identifies the businesssituation and the risk factor if this isleft unattended. It rolls up to a num-ber it gives management the ability tolook at the risk and make good deci-sions about managing the tradeoffs.Management can either accept thatrisk, or they can then decide what to doabout it. To me, success is knowingspecifically what the risk is, and know-ing that you can define and monitorthe controls for that risk.Q: If you had the CEOs and CIOs of theFortune 1000 companies in one room,what one thing would you tell them?A: I would tell them to start consider-ing how security can be your competi-tive advantage, and stop thinking aboutthis as the thing they have to do to pro-tect us from the bad guys. In this newworld of mobility and collaboration,the spoils will go to the organizationsthat can protect their employees andtheir information wherever they are. Itwill be a differentiating feature set anda competitive advantage. IA D V E R T I S I N G S U P P L E M E N TCSOs must understand the business so that they can learnto fairly and accurately represent risk.Untitled DocumentUntitled DocumentCSOFOCUS 9A D V E R T I S I N G S U P P L E M E N Tbusinesses they support and how theirefforts add value to the bottom line.Information security isn t just abouttechnology; it s about being adaptive,working with the right people tounderstand common objectives andachieving extraordinary goals. As theleading recruiting firm in its field, AltaAssociates is able to leverage an exten-sive network of relationships. Alta s recruiters are recognized asindustry insiders who provide valuableguidance on hiring and career develop-ment trends to our clients and candi-dates. says Brocaglia. We advise ourclients on how to position themselvesand help them attract and retain thebest talent in this dynamic industry. Alta Associates doesn t just fill jobs;it acts as a strategic partner and trustedadvisor to clients. Often sought after tofill the most difficult jobs in the securityindustry, Alta has played a key role inbuilding corporate information securityorganizations, developing professionalservices practices, and growing securityproduct start-ups throughout theUnited States.Information security professionalsdevote considerable time and energy toenhancing their skills. Alta s clients andcandidates realize the benefits of part-nering with a firm that has devotedthat same level of commitment to help-ing individuals and organizationsachieve their professional goals Ialta associateshe role of information security officer (ISO) isevolving, as threats to corporate IT security grow innumber and severity with each passing day. To handleand anticipate these threats, an ISO must not only bewell versed in the technology, but also possess multi-disciplinary skillsand exceptional leadership ability.BeyondRecruitingAlta Associates Is a StrategicPartner and Trusted AdvisorIn the 20 years that Alta Associateshas been recruiting in the informationsecurity and controls industry, therequirements for an effective ISO havechanged dramatically. Alta s team ofseasoned recruiters has acquired a pro-found practical knowledge of theserequirements. Companies are asking us to find anew breed of ISO& says JoyceBrocaglia, CEO, Alta Associates. &Business-savvy leaders who arefocused on the people and processes asmuch as the underlying technologiesthat companies rely on to secure theirorganizations. The security industry continues toevolve, and as a result information secu-rity has become a critical part of anorganization s overall risk managementstrategy. It s more important than everthat ISOs and their staffs understand the My relationship with Alta Associates has given me a real appreciation forthe value of working with a well-connected, highly credible recruiting firm.Alta s professional network and industry knowledge is top notch and notonly knows this space but has the connections to deliver. howard a. schmidt, former ciso ebayT In an industry where trust cannot be bought orestablished lightly, Alta Associates has earned areputation for good work, with their deep under-standing of the industry and all of its nuances. amit yoran,former national cyber security chiefUntitled DocumentUntitled DocumentUntitled Document12 CSOFOCUSA D V E R T I S I N G S U P P L E M E N TIn addition to the age-old internalproblems, such as data corruption orloss, hardware failure or user errors, theexternal pressures are also increasing.For example, the number of detectedand documented attacks on organiza-tions was, on average, 13.6 per day inthe second half of 2004, up from 10.6attacks on average per day in the previ-ous six-month period. At the sametime, the growing scrutiny of corporatefinancial activities has increased regula-tory pressures.Increasing external threats to infor-mation force IT professionals to hardentheir company s systems. However, ITprofessionals must strike a balancebetween ensuring that informationis secure but yet immediately avail-able to authorized parties who needit. Increasing internal and externalpressures are elevating the need forinformation security, availability, andreliability to the top level of the company.The days of IT professionals whochiefly install new hardware and soft-ware, troubleshoot end-user problemsand patch systems on occasion to staycurrent with software updates are over.Today, many IT departments face theadded pressure of operating as a servicecenter with specific Service LevelAgreements and as profit centers.Consequently, IT departments musttake a broader look at the overall busi-ness needs of the company.Creating a resilient infrastructure The combined effect of hardening sys-tems against threats (whether internalor external) and enabling rapid recov-ery of systems and data creates aresilient infrastructure. With a resilientinfrastructure, companies have greaterassurance of their ability to survive andrecover from the unforeseen; meetcompliance requirements; and ensureservice availability through both nor-mal and disrupted states. A resilientinfrastructure is able to prevent or limitthreats and cope with or recover fromunexpected events.The bottom line is that a resilientinfrastructure establishes greater systemscontinuity and data integrity, as well aspeace of mind for IT professionals.Establishing a resilient infrastruc-ture or identifying how resilient yourinfrastructure is today takes effortand cooperation between IT securityand IT operations teams, but can beaccomplished by organizations ofany size. Three broad steps arerequired in creating a resilient infra-structure, including understandingnformation could be today s most prized business asset.Businesses rely more and more on information to keep thecompany up, running and growing. The pressures placed onIT infrastructures, the very infrastructures that keep thisprized business asset secure yet available, are tremendous.IHow toand RecoverCreating a resilient IT infrastructuresymantecT oughen UpUntitled DocumentCSOFOCUS 13your environment, acting to protect itand controlling it on an ongoing basis.Understand: Know where you revulnerable Many IT administrators might say, Iunderstand my company s IT environ-ment. While they probably do for themost part, the following questions mayuncover some gaps:I Is information conveniently availableto everyone who is authorized to accessit and protected from everyone else? I Are the right policies in place toensure that information is protectedfrom both internal and external threatsand easily recovered following a disruption? I Is the right data backed up, archivedand easily accessible for regulatory pur-poses while unneeded information ispermanently and securely deleted? I Is an inventory maintained of all pur-chased applications, tracking licensenumbers, most current version, ver-sions maintained and copies owned,with a prioritization in place forrestoration?I Can improvements be made to yoursecurity and availability posture aheadof the most recent vulnerabilities andthreats? I If a disruption arises that takes all orpart of the company s network down,how quickly can the organizationreturn IT operations to a normal state? These are just a few key questionsthat you should ask to determine howresilient your infrastructure is today. Toensure a resilient infrastructure, tech-nologies, such as early warning systems,should be implemented, enabling theorganization to understand not onlycurrent threats on the horizon, but alsofor helping companies act in a way thatprotects their information assets andminimizes the risk of disruption.Complementing technologies, processesalso need to be implemented so organi-zations can understand the policies thatdrive decisions relating to the recover-ability of IT systems.Act: Do something about it Once you understand your IT environ-ment and the exposures you face, takeaction. The first step is to prioritizeidentified risks and fill gaps that mayexist. These may be gaps in your poli-cies, technologies or capabilities. Fillingthese gaps helps harden your infra-structure against threats. Without thisstep in place, you may spend all yourtime recovering from disruptions,somewhat like bailing water out of aboat without repairing the leaks.Taking action also includes ensuringthat the proper technologies and proce-dures are in place to recover from theunexpected. Regardless of how well youprepare, something can always happen.A ruptured sprinkler line in the serverroom can create a very bad day for ITpersonnel, which can turn into a night-mare without a solid recovery plan inplace.Control: Growing forward The control phase is about managingyour IT infrastructure for the highestlevel of resilience in the future andabout maintaining the highest opera-tional state for every client within theinfrastructure, from servers to worksta-tions to laptops. This client resiliencestarts from the moment a new piece ofhardware or software is introduced intothe environment. IT administratorsneed to be able to maintain controlover the IT infrastructure to continu-ously ensure that client devices aresecure, available and compliant withestablished corporate standards andpolicies. Client resilience allows you tocontrol resources to prevent disrup-tion, minimize downtime and expandyour capabilities.Control means you know not think,but know you can maintain your infra-structure in a known good state.Summary Everyone strives for a resilient infra-structure, whether they know it by thatname or not. A resilient infrastructurekeeps the organization up, running and,equally important, growing. Becausewhen you can trust the integrity of yourinformation, you can be truly fearless inexploiting the benefits of deploying newtechnology solutions, which may lead tonew and more innovative ways toaccomplish core business initiatives andways to better serve your customers.However, in addition to the rightmix of technology, personnel, processesand procedures, organizations musthave a commitment to the concept of aresilient infrastructure to make it areality. The commitment includescrossing some traditional boundariesto ensure that information is alwayssecure and readily available. The entiresystem only works if all the parts areproperly connected. The invisible wallof silence that often exists between theIT security and IT operations teamsmust drop in order for the IT organiza-tion to fully understand the environ-ment, act to protect it and control it onan ongoing basis.A commitment toward a resilientinfrastructure must start at the top inthe C-level offices and infiltrate ITsecurity, IT operations and the entirecompany. When an organization com-mits to working together and commu-nicating regularly with a focus onhardening systems against threats andrecovering rapidly from the unex-pected, a resilient infrastructure andthe resulting business benefits isn tfar away. IA D V E R T I S I N G S U P P L E M E N TUntitled Document14 CSOFOCUSA D V E R T I S I N G S U P P L E M E N TAs we move deeper into an infor-mation-driven global economy thevalue of information, and controlledaccess to that information, has neverbeen greater. The goal of IT infra-structure is to create systems that areable to detect and protect againstunauthorized access while providingtimely access to legitimate users.Simply denying access in the face of anattack is no longer acceptable. Today snetworks must be able to respond toattacks in ways that maintain networkavailability and reliability to allow abusiness to continue to function.Corporate networks, and the attacksused to exploit them, have reached astate of complexity in which no singlemechanism can be relied on to keepthem secure. This has led to the con-cept of Defense in Depth. To date thisconcept has been built on the notion ofproactive defenses. But given the typeof vulnerabilities and attacks that haveaccompanied our ever changing net-works we must also begin building bet-ter adaptive solutions. The key abilitiesof an adaptive defense are:I to remain active at all timesI perform unobtrusivelyI minimize propagation of attacksI quickly respond to as-yet unknownattacksSuch an adaptive system must bebuilt on the premise that resources arefinite and must be marshaled carefullyto avoid resource exhaustion, and alsodesigned to leverage existing infra-structure with a minimum of disrup-tion to IT operations.The Cisco Self-Defending Networkprovides systems-based solutions thatallow organizations to leverage theirinfrastructure in new ways that reducewindows of vulnerability, minimize theimpact of attacks, and improve overallinfrastructure availability and reliabil-ity. There are three phases in the evolu-tion of a self-defending network:1) Integrated security incorporationof security elements in network ele-ments such as switches and routers.2) Collaborative security building oflinkages between network security ele-ments and extend network presencesout onto endpoints that connect in anetwork.3) Adaptive security extension of theability of a network to respond tothreats.Most organizations will not adoptall of the components of a self-defend-ing network at one time. It is difficult tooverhaul the required subsystems atonce without disrupting the integrity ofIT services. Instead, Cisco advises aphased approach and offers productsciscoan a network really defend itself? According toJayshree Ullal, Cisco s Senior VP of SecurityTechnology Group, the answer is, Yes it can. Read why security is evolving from reactive toproactive and adaptive strategies and technologies and what you needto know when planning your network security design today.Self-DefendingIs it possible or just marketing hype? CNetworkUntitled DocumentCSOFOCUS 15that can be deployed independently ofone another and solutions that can linkthese products together over time.Key components of a Cisco self-defending network include:Endpoint protection. As a firstorder dampener to virus and wormpropagation, an endpoint intrusionprevention product such as the CiscoSecurity Agent employs behavioralsecurity to detect and prevent virusesand worms from gaining a foothold onan endpoint system. The SecurityAgent also provides a presence on end-points that can be used to acquire statethat may not be available at the net-work edge.Admission control. Admissioncontrol, the second order dampener,allows organizations to determine whatlevel of network access to grant an end-point based on its security posture,which is based on the security state ofthe operating system and associatedapplications rather than simply who isrequesting access. Admission controlalso gives IT administrators the meansto automatically quarantine and reme-diate non-compliant endpoints.Infection containment. Strongnetwork admission policies are not acure-all, and do not eliminate the needto continue monitoring devices oncethey enter a network. Therefore a self-defending network must be designed toextend the security checks performedat the time of admission for the dura-tion of the network connection.Intelligent correlation andincident response. Security moni-toring, analysis and response systemssuch as Cisco MARS provide methodsfor overlaying feedback from a varietyof points of presence in the networksuch as firewalls, NIDS, routers,switches and hosts with context itobtains from learning the layer 2 andlayer 3 network topology. This abilityenables the security incident responseteam to rapidly identify where attacksare occurring in the network anddecide what action to take.Inline IDS and anomaly detec-tion. A network intrusion preventionsystem with inline filtering capabilitiesprovides a mechanism to removeunwanted traffic with fine-grained pro-grammable classification engines.Application security and anti-x defense. Integration of next-genpacket and content inspection securityservices ultimately will result in net-works that are more application aware.Today application layer network prod-ucts are emerging to help deal withnew classes of threats such as spam,phishing, unauthorized peer-to-peeractivity and IP telephony abuse notadequately addressed by classic firewalland NIDS products. Granular trafficpacket and content inspection servicescollaborating with these key networksecurity enforcement point productsaids in containing malicious trafficbefore it can be propagated across thenetwork.In contrast to point products, theCisco Self-Defending Network is a sys-tem of defense that leverages the ubiq-uitous sensing and control capabilitiesof the network, each part communicat-ing with the other to strengthen protec-tion across the entire infrastructure.Such an integrated system creates acoordinated, consistent and proactiveenvironment to identify, mitigate,respond and adapt to threats. Theresult is network security that is a uni-fied threat baseline capable of respond-ing in computer speed to securityalerts, helping reduce windows of vul-nerability while lowering managementburdens.Jayshree Ullal,Senior VP and GM ,SecurityTechnology Group,Cisco Systems,Inc.A D V E R T I S I N G S U P P L E M E N TCorporate networks, and the attacks used to exploit them,have a reached a state of complexity where no single mecha-nism can be relied on to keep them secure.For more information about the Executive Women s Forum please visit www.infosecuritywomen.comUntitled DocumentAt 12,000 feet it s all about risk.Founded in 1986, Alta Associates has the most successful trackrecord of recruiting in the industry. Experts in developinginformation security organizations, building professionalservices practices and growing security product vendors. The Industry s Most Trusted Career Advisor 908-806-8442www.altaassociates.comOn the ground it s the people that count.
