- Nokia's new N97 vs. the iPhone
- Talk-powered cell phones?
- FBI: Copper thieves jeopardize U.S. infrastructure
- 10 Microsoft research projects
- Smartphone smackdown: Storm vs. iPhone
John Stewart doesn't talk like your typical corporate executive. He said that his company, Cisco, has been lucky when it comes to security and that his company's Self-Defending Network marketing push has painted "a big bull's-eye" on its products.
But then again, Stewart has more important things to worry about. As chief security officer, he's the man responsible for directing Cisco corporate and business unit security practices. That means he gets the call whenever there's an important security bug in Cisco's products or if hackers were to hit the Cisco.com Web site. The way he puts it, it's his job to help lock down Cisco's products before he's forced to deal with what he calls "the burning platform" -- a serious flaw or attack against the most widely used routers on the Internet.
Maybe Cisco needs someone like Stewart, to steer clear of the mistakes that other major technology companies have made on security. Take Microsoft, for example. Microsoft first took a hostile attitude towards security researchers and critics, but that backfired and helped cement the impression that the company was ignoring security bugs rather than trying to fix them. Microsoft ultimately reversed its course, but not until its reputation took a serious hit.
On a smaller scale, Cisco has made a similar kind of reversal. The company angered hackers in 2005 by suing researcher Mike Lynn after he showed how it was possible to run unauthorized shellcode software on a Cisco router.
But instead of kicking off a new era of Cisco hacking, the Mike Lynn episode was more of an aberration. Cisco research was quiet for the next few years.
Stewart said that Cisco has been "a little lucky" in that it has not had major security flare-ups, but he's not taking anything for granted. He invited IDG News Service to his San Jose office to talk about the Cisco threat landscape. Following is an edited transcript of the interview.
Cisco got a lot of attention at Black Hat 2005. What's your take on things, three years later?
Part of the reason all the attention was painted on us at Black Hat three years ago is because we created a firestorm of, frankly all sorts of complicated issues, that felt like Cisco was suppressing communication and research.
I think arguably we did some silly things, like trying to put the genie back in the bottle, which you can't do. We were trying to do it for the right reasons: protection of intellectual property and our customers. But how it came out just completely went sideways.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (3)
Interesting articleBy Anonymous on August 19, 2008, 3:18 pmI appreciate Stewart's honesty. Companies can learn from one another by putting quality first and implementing a process that focuses on the SDLC or similar procedures.
Reply | Read entire comment
Apple's Arrogant Attitude About Security!!By Anonymous on August 6, 2008, 11:07 amI reccomend that Stewart give the folks at Apple some lectures on this one!! Apple seems worse off than Microsoft when it comes to dealing with security issues of...
Reply | Read entire comment
Cisco Security Growing Up? The self-defending network is still in diapers.By Schratboy on August 6, 2008, 8:48 amAnybody that can market a "self-defending network" can claim anything. The question is are they being truthful? I think by self-defending they mean that the networks...
Reply | Read entire comment
View all comments