Making scorching desking safe and accessible on a world scale
The primary rule of interviewing a CISO on the Australian division of Laing O’Rourke is that this: You’ll be able to’t dig deep into use circumstances or shoppers.
And this makes good sense, as a result of if you’re chargeable for securing crucial infrastructure for an AUD $6 billion world development and engineering agency, with tasks starting from transport to protection, even scant particulars can result in cyberattacks.
Crafting safety for joint ventures, and a really distributed community
Regardless of the excessive stakes, Laing O’Rourke’s safety challenges are distinctly common – particularly post-2020, the place the world noticed a large enhance within the sophistication and variety of DDoS, VPN, and different web-related assaults. And like peer corporations, the corporate wanted to set a agency basis to dam internet-based assaults on distributed infrastructure.
However right here’s the place issues are completely different. Due to enterprise necessities, Laing O’Rourke’s community setting is complicated. The corporate typically works on what James Fields, Group Deputy CISO for Laing O’Rourke, calls “mega tasks,” joint ventures (JVs) with different corporations which can be – to place it plainly – rivals.
“Being a development enterprise, bodily safety is an actual problem out on challenge websites. Typically, for a few of our larger-scale tasks, we discover ourselves in collaborative partnerships with our rivals,’” Fields commented. “At one second, they’re our companions in a challenge, and within the subsequent, they could possibly be our rivals for recent contracts. By participating in these joint ventures, we’re successfully inviting our competitors into our community.”
So, it’s crucial that Laing O’Rourke delivers safe community entry to employees, shoppers and JV companions in a hot-desking setting AND fulfill shoppers demanding adherence to completely different frameworks and certification. The corporate should additionally stop menace actors — in addition to anybody who may benefit competitively, financially, or in some other approach – – from accessing or exfiltrating info from the community.
They usually did it this by including two completely different Cisco options to the stack: Cisco Safe Firewall and Cisco Identification Providers Engine (ISE).
Streamlining safety within the face of pointless, time-consuming duties
Getting backing from management to spend money on the most effective site visitors and menace administration instruments can appear not possible for a lot of groups. Fortunately, Fields has enthusiastic backing from the board.
“My staff and I are actually enthusiastic about cybersecurity, and we’ve the board’s assist not only for compliance’s sake (not simply performing a tick field train), but additionally for establishing the most effective practices and instilling a cyber-centric mindset all through the enterprise.”
However that doesn’t imply it’s been simple constructing that framework.
As a snapshot, earlier than Cisco ISE, Fields says, “Our three way partnership companions and shoppers had a possible threat of unintentionally (or intentionally) accessing our company community attributable to shared workplace area. This prevented enterprise agility, necessitating mounted desks. Consequently, IT needed to continuously reconfigure ports on challenge websites as employees assignments modified based mostly on challenge phases or collaboration wants.”
Growing these pre-designed workspaces based mostly on whether or not the consumer was from Laing O’Rourke, or a JV took treasured time and power that might have been used elsewhere. The Laing O’Rourke staff wanted clever automation to streamline the method.
Laing O’Rourke already had a number of firewalls in place, however it wanted a Cisco Safe Firewall to assist the corporate management community entry, stop intrusions and exfiltration, filter URLs, and conduct deep packet inspection. In the meantime, Cisco ISE would assist wrangle all these three way partnership gadgets.
Because the Laing O’Rourke staff was already utilizing Cisco switches and was accustomed to how Cisco options work, it made the selection so as to add extra Cisco to the stack all that a lot simpler.
“We, like most enterprises, use Cisco switches at our core and on the edge. So it made sense to speak to Cisco about how they may assist us shield our community.”
Utilizing Cisco Safe Firewall to streamline entry and safeguard the community
Laing O’Rourke wanted bodily safety that might accommodate hybrid employees members and contractors via hot-desking (a number of staff utilizing a single bodily workstation) and attaining seamless connectivity and community administration was essential.
To deal with this, Laing O’Rourke turned to Cisco Safe Firewall, permitting the corporate to attain and keep the confidentiality, integrity, and availability — the coveted CIA triad — of knowledge. By successfully controlling community entry and stopping unauthorized knowledge adjustments, Cisco Safe Firewall performed a pivotal function in safeguarding Laing O’Rourke’s community infrastructure.
Key stakeholders, together with Fields, emphasised the significance of Cisco’s wide-ranging menace intelligence. These updates ensured that the firewalls stay present with the newest menace and vulnerability signatures, reinforcing the power and effectiveness of Laing O’Rourke’s safety measures.
By partnering with Cisco, Laing O’Rourke has enhanced its capability to determine and mitigate a variety of threats through the use of superior options of Cisco Safe Firewall, together with intrusion prevention, URL filtering, and deep packet inspection capabilities.
The staff additionally used Firewall Administration Middle (FMC) dashboards to handle firewalls utilizing a single pane of glass, which was ultra-convenient after they wanted insights on intrusion occasions, potential threats, and geolocation. Due to the proactive safety measures carried out via Cisco’s Safe Firewall resolution, Laing O’Rourke has skilled a substantial lower in web-related vulnerability assaults.
As soon as the Cisco Firewall was in place for Laing O’Rourke, it was able to do what it’s recognized for: serving to stop DDOS, malware, VPN, and plenty of different assaults.
“Relating to firewalling, we take a twin vendor method. Round 5 years in the past we went out to market to switch our [competitor] firewalls. Given our optimistic expertise with Cisco’s networking tools, Cisco FTD’s have been on our purchasing checklist,” Fields mentioned. “We nonetheless take a twin vendor method and Cisco remains to be serving to safe our edge.”
Including a zero-trust framework with ISE for identification
Cisco Safe Firewall has confirmed itself a formidable drive to handle site visitors and block threats, with automated updates and frequent assault intel as a sweetener. However ISE has been a revelation for Laing O’Rourke, giving the staff a agency, assured hand when managing IP telephones, tablets, and laptops – all used to conduct enterprise.
“ISE was an actual sport changer for us. It has reworked the way in which we function on challenge websites, negating the necessity for predefined workspaces based mostly on if the consumer was a Laing O’Rourke employees member, JV companion, consumer, or visitor, whereas concurrently growing safety of our company community”.
With ISE, ports might be configured to dynamically reconfigure a port based mostly on safety posture and machine possession, allowing entry to the correct community segments on the proper time. This contains entry to the corporate’s company wi-fi (and wired) networks, visitor Wi-Fi, and BYOD – together with operational expertise (OT) networks.
“Whereas ISE takes a little bit of effort to arrange proper, as soon as it up and working, it’s a really steady platform, simple to configure and integrates effectively with different safety platforms like Firewall Menace Protection (FTD) and cellular machine administration (MDM) options,” Fields mentioned.
If he needed to title three issues that make Cisco ISE a stable resolution for Laing O’Rourke, Fields spoke of dynamic profiling that detects machine sort and applies the correct coverage, the MDM integration and compliance verify that makes positive gadgets are up-to-date, and anomalous behaviour detection.
Based on Fields, a few years in the past, a pen-tester found a technical hole that completely wanted to be closed. So now when an IP cellphone begins to speak as Home windows site visitors, as an example, ISE catches it with behavioural detection.
“With the dearth of bodily safety on our challenge websites, together with actively inviting our rivals onto our community, looks like a catastrophe ready to occur,” he mentioned. “Cisco ISE has confirmed to be a useful resolution for segregating entry between our workers and our shoppers and companions, defending us from menace actors and rogue community gadgets.”
Cisco Safe Firewall and ISE save time and money
Many community and safety execs perceive how painful it may be to safe a community – particularly one which’s distributed. However with a Cisco Safe Firewall in play and ISE to handle BYODs, Laing O’Rourke’s networking staff has already seen a distinction.
To begin, these Monday morning calls about desk strikes and disrupted community entry aren’t any extra. Laing O’Rourke is saving minutes, hours, and days, whereas concurrently bolstering community safety: one thing that notoriously…takes time.
The consumer expertise has improved, and the staff has extra time to concentrate on threats. Although Laing O’Rourke makes use of a twin vendor method, Cisco is the go-to for this crucial, world firm, with ROI already evident as soon as the corporate’s different firewalls have been changed with Cisco Firewalls.
“The [competitor] firewalls have been considerably costlier and supplied no extra performance. The alternative [Cisco] really saved us cash,” Fields mentioned. “What I can say is likely one of the few issues that doesn’t hold me up at night time is our community uptime or network-based safety — because of Cisco Firewall Menace Protection (FTD) and Cisco ISE.”
Wish to safe your group’s scorching desking?
Take a look at Cisco Safe Firewall and (ISE) Determine Providers Engine — options Laing O’Rourke utilized to guard their community and other people. Be taught extra about how Cisco has helped different prospects obtain Safety Resilience.
We’d love to listen to what you suppose. Ask a Query, Remark Under, and Keep Related with Cisco Safety on social!
Cisco Safety Social Channels
Share:
OnePlus 12R (Iron Gray, 16GB RAM, 256GB Storage)
₹45,999.00 (as of February 27, 2024 21:13 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Sounce Smartwatch Usb All Type Charging Cable Compatible With Boat, Fire Boltt, Noise, Dizo, Beatxp, Fast-Track, Ptron & All 2 Pin Charger Watches (Cable Only), Black
₹149.00 (as of February 27, 2024 21:13 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
OnePlus 12R (Iron Gray, 8GB RAM, 128GB Storage)
₹39,999.00 (as of February 27, 2024 21:13 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
boAt Airdopes 141 Bluetooth TWS Earbuds with 42H Playtime,Low Latency Mode for Gaming, ENx Tech, IWP, IPX4 Water Resistance, Smooth Touch Controls(Bold Black)
₹1,299.00 (as of February 27, 2024 21:13 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Redmi 13C 5G (Starlight Black, 4GB RAM, 128GB Storage) | MediaTek Dimensity 6100+ 5G | 90Hz Display
₹10,999.00 (as of February 27, 2024 21:13 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Sounce Fast Phone Charging Cable & Data Sync USB Cable Compatible for iPhone 13, 12,11, X, 8, 7, 6, 5, iPad Air, Pro, Mini & iOS Devices
₹199.00 (as of February 27, 2024 21:13 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Canon PIXMA PG47 Black Ink Cartridge
₹647.00 (as of February 27, 2024 21:13 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
ZEBRONICS Zeb-Dash Plus 2.4GHz High Precision Wireless Mouse with up to 1600 DPI, Power Saving Mode, Nano Receiver and Plug & Play Usage - USB
₹203.00 (as of February 27, 2024 21:13 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Seagate Expansion 1TB External HDD - USB 3.0 for Windows and Mac with 3 yr Data Recovery Services, Portable Hard Drive (STKM1000400)
₹4,998.00 (as of February 27, 2024 21:13 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
TP-Link TL-WA850RE Single_Band 300Mbps RJ45 Wireless Range Extender, Broadband/Wi-Fi Extender, Wi-Fi Booster/Hotspot with 1 Ethernet Port, Plug and Play, Built-in Access Point Mode, White
₹1,299.00 (as of February 27, 2024 21:13 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Gotega External DVD Drive, USB 3.0 Portable +/-RW , DVD Player for CD ROM Burner Compatible with Laptop Desktop PC Windows Linux OS Apple Mac Black
$19.99 (as of February 26, 2024 21:13 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
ARCTIC MX-4 (incl. Spatula, 4 g) - Premium Performance Thermal Paste for all processors (CPU, GPU - PC, PS4, XBOX), very high thermal conductivity, long durability, safe application, CPU Thermal Paste
$5.38 (as of February 26, 2024 21:13 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Corsair Vengeance LPX 16GB (2x8GB) DDR4 DRAM 3200MHz C16 Desktop Memory Kit - Black (CMK16GX4M2B3200C16)
$45.99 (as of February 26, 2024 21:13 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Seagate BarraCuda 8TB Internal Hard Drive HDD – 3.5 Inch Sata 6 Gb/s 5400 RPM 256MB Cache for Computer Desktop PC (ST8000DMZ04/004)
$134.00 (as of February 26, 2024 21:13 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)