Guaranteeing Safety in M&A: An Evolution, Not Revolution


Scott Heider is a supervisor throughout the Cisco Safety Visibility and Incident Command workforce that studies to the corporate’s Safety & Belief Group. Primarily tasked with serving to to maintain the combination of an acquired firm’s options as environment friendly as potential, Heider and his workforce are sometimes introduced into the method after a public announcement of the acquisition has already been made. This weblog is the ultimate in a sequence targeted on M&A cybersecurity, following Dan Burke’s publish on Making Merger and Acquisition Cybersecurity Extra Manageable.

Mergers and acquisitions (M&A) are sophisticated. Many elements are concerned, making certain cybersecurity throughout the complete ecosystem as a company integrates a newly acquired firm’s merchandise and options—and personnel—into its workstreams.

By many years of acquisitions, Cisco has gained experience and expertise to make its M&A efforts seamless and profitable. This success is largely to a wide range of inside groups that preserve cybersecurity high of thoughts all through the implementation and integration course of.

Assessing the Assault Floor and Safety Dangers

“Precedence one for the workforce,” says Heider, “is to steadiness the enablement of enterprise innovation with the safety of Cisco’s data and techniques. As a result of Cisco is now the final word accountable get together of that acquisition, we ensure that the acquisition adheres to a minimal degree of safety coverage requirements and tips.”

The workforce seems to be on the acquired firm’s safety posture after which companions with the corporate to coach and affect them to take needed actions to attain Cisco’s safety baseline.

That course of begins with assessing the acquired firm’s infrastructure to determine and price assault surfaces and threats. Heider asks questions that assist determine points round what he calls the 4 pillars of safety, monitoring, and incident response:

  • What techniques, knowledge, or purposes are you making an attempt to guard?
  • What are the potential threats, together with exploits or vulnerabilities, to these techniques, knowledge, or purposes?
  • How do you detect these threats?
  • How do you mitigate or comprise these threats?

The infrastructure that Heider’s workforce evaluates isn’t simply the corporate’s servers and knowledge middle infrastructure. It could actually additionally embody the techniques the acquisition rents knowledge middle house to or public cloud infrastructure. These issues additional complicate safety and should be assessed for threats and vulnerabilities.

Acquisition Will increase Threat for All Events Concerned

As soon as Heider’s workforce is activated, they associate with the acquired firm and meet with them recurrently to recommend areas the place that acquisition can enhance its safety posture and cut back the general danger to Cisco.

Figuring out and addressing danger is crucial for either side of the desk, nevertheless, not only for Cisco. “Numerous acquisitions don’t understand that when Cisco acquires an organization, that group abruptly has an even bigger goal on its again,” says Heider. “Menace actors will usually have a look at who Cisco is buying, they usually may know that that firm’s safety posture isn’t enough—as a result of quite a lot of instances these acquisitions are simply targeted on their go-to-market technique.”

These safety vulnerabilities can turn into straightforward entry factors for menace actors to achieve entry to Cisco’s techniques and knowledge. That’s why Heider works so carefully with acquisitions to achieve visibility into the corporate’s atmosphere to scale back these safety threats. Some firms are extra targeted on safety than others, and it’s as much as Heider’s workforce to determine what every acquisition wants.

“The acquisition won’t have a longtime forensics program, for example, and that’s the place Cisco can are available and assist out,” Heider says. “They may not have instruments like Stealthwatch or NetFlow monitoring, or Firepower for IDS/IPS operations.”

When Heider’s workforce can carry of their established toolset and skilled personnel, “that’s the place the connection between my workforce and that acquisition grows as a result of they see we are able to present issues that they only by no means thought of, or that they don’t have at their disposal,” he says.

Partnership over Energy Play

Probably the most necessary elements in a profitable acquisition, based on Heider, is to develop a real partnership with the acquired firm and work with the brand new personnel to scale back danger as effectively as potential—however with out main disruption.

Cisco acquires firms to increase its resolution choices to prospects, so disrupting an acquisition’s infrastructure or workflow would solely decelerate its integration. “We don’t wish to disrupt that acquisition’s processes. We don’t wish to disrupt their folks. We don’t wish to disrupt the expertise,” says Heider. “What we wish to do is be a complement to that acquisition, – that method is an evolution, not a revolution.”

The concentrate on evolution can generally lead to an extended course of, however alongside the way in which, the groups come to belief one another and work collectively. “They know their atmosphere higher than we do. They usually know what works—so we attempt to study from them. And that’s the place fixed dialogue, fixed partnership with them helps them know that we’re not a menace, we’re an ally,” says Heider. “My workforce can’t be all over the place. And that’s the place we want these acquisitions to be the eyes and ears of particular areas of Cisco’s infrastructure.”

Coaching is one other manner Heider, and his workforce assist acquisitions rise up to hurry on Cisco’s safety requirements. “Coaching is among the high priorities inside our commitments to each Cisco and the trade,” Heider says. “That features coaching in Cisco applied sciences, but additionally ensuring that these people are in a position to join with different safety professionals at conferences and different trade occasions.”

Finest Practices for Safety Issues in M&A

When requested what recommendation he has for enterprises that wish to preserve safety whereas buying different firms, Heider has just a few suggestions.

Make endpoint administration a precedence

Having the suitable safety brokers and clear visibility into endpoints is crucial. As is inputting the information logs of these endpoints right into a safety occasion and incident administration (SEIM) system. That manner, explains Heider, you could have visibility into your endpoints and may run performs in opposition to these logs to determine safety threats. “We’ll attain out to the asset proprietor and say they may have malware on their system—which is one thing no person desires to listen to,” says Heider. “However that’s what the job entails.”

Finish person training is necessary, too

Usually, finish customers don’t know that they’re clicking on one thing that might have malware on it. Heider says person training is sort of as necessary as visibility into endpoints. “Cisco actually believes in coaching our customers to be custodians of safety, as a result of they’re safeguarding our belongings and our prospects’ knowledge as nicely.”

Finish customers must be educated about practices equivalent to creating sturdy passwords and never reusing passwords throughout totally different purposes. Multi-factor authentication is an efficient follow, and finish customers ought to turn into acquainted with the rules round it.

Model updates and patching are widespread sources of vulnerabilities

Updating software program and techniques is a endless job, however it’s essential for holding infrastructure working. Typically, updating a system can weaken safety and create vulnerabilities. Enterprises should preserve a steadiness between enabling enterprise innovation and holding techniques and knowledge safe. Patching techniques might be difficult however neglecting the duty may enable menace actors right into a weak system.

Perceive public cloud safety earlier than going all in

Heider says public cloud operations might be useful since you’re transferring possession legal responsibility operations to a 3rd get together, like Amazon Net Companies or Google Cloud platform. “The one caveat,” he says, “is to be sure you perceive that atmosphere earlier than you go and put your buyer’s knowledge on it. You may make one false click on and expose your certificates to the Web.”

Cisco Regularly Strives for Enchancment

Heider says that whereas an enormous a part of his job helps acquisitions uplevel their safety area to fulfill baseline safety necessities, there’s all the time the aim to do even higher. “We don’t wish to be simply that baseline,” he says. His workforce has discovered from acquisitions previously and brought a few of these functionalities and applied sciences again to the product teams to make enhancements throughout Cisco’s options portfolio.

“We’re buyer zero – Cisco is Cisco’s premier buyer,” says Heider, “as a result of we’ll take a product or expertise into our surroundings, determine any gaps, after which circle again to product engineering to enhance upon it for us and our prospects.”

Associated Blogs

Managing Cybersecurity Threat in M&A

Demonstrating Belief and Transparency in Mergers and Acquisitions

When It Involves M&A, Safety Is a Journey

Making Merger and Acquisition Cybersecurity Extra Manageable

We’d love to listen to what you suppose. Ask a Query, Remark Beneath, and Keep Linked with Cisco Safe on social!

Cisco Safe Social Channels




Leave a Reply