Cisco Canada Blog

Understanding Cisco’s Security Intelligence Operations

March 2, 2012

I have been in the security field long enough to know that software based intelligence is certainly not enough in an industry where your attackers are well educated, collaborate extensively and have a purpose. The latest political and financial attacks have certainly been proof that we are far from protected in software signature-based environments. At the same time, massive amounts of information generated from our internal network components are making the discovery of that specific security event an exercise in futility.

We were reaching the limits on signature-based solutions as they required more and more CPU and memory to go deeper into each packet. At the same time attackers were modifying each threat to bypass signatures, and unless you were an Uber-Admin, you were always a few sigs or patches behind.

At Cisco we had a vision to build a solution that would address many of these shortcomings, provide our customers with a global view of security events, and integrate automatically with our products.

Cisco Security Intelligence Operations (SIO) is that vision made real. Cisco SIO is a cloud-based service that connects global threat information, reputation-based services and sophisticated analysis to Cisco’s security devices to provide comprehensive protection with faster response times. SIO has become the key solution that binds Cisco’s Email and Web, Firewall, Intrusion Prevention Systems (IPS) and Remote access solutions together.

SIO has three main components:

  1. Cisco SensorBase: the world’s largest threat-monitoring network
  2. Cisco Threat Operations Center: a global team of security analysts and automated systems
  3. Dynamic updates: real-time updates automatically delivered to Cisco security devices

Now most security vendors would say they have an operation center and dynamic updates, but only Cisco can talk to the volume of data that we process through our SensorBase solution. Each day 700,000 globally deployed Cisco IPS, email security, web security, and firewall devices feed more than 500 GB of data, which includes 7 billion URLs and threat data, from more than 30% of the world’s email traffic.

Think about that for a second.  Over 30 per cent of the world’s email traffic runs through Cisco SIO each and every day.

Amazingly, this mass of information is processed centrally, correlated and a reputation score for each IP address is assigned within milliseconds. This is then distributed locally to provide each device, either as an IP score or signature-valuable information, to protect your data.

With SIO, Cisco is leading the way in security protection. The increased accuracy, effective visibility and feature enhancements in our products over the last 5 years has become our key differentiator in the world of ‘Johnny come lately’ security vendors.

Learn more about Cisco’s security solutions here.

Leave a comment


  1. traceymt

    Ali, I am excited about the opportunity Cisco and our partners have with our Security platform. The announcements made at RSA this week have postioned Cisco well in this space.