REVIEW: Cisco's SIO To Go iPhone App Offers Valuable Security Info, but Presentation Is Flawed
Cisco's free SIO To Go mobile application for iPhone aims to put the relevant and actionable security information contained within its Security Intelligence Operations service into the hands of network administrators on the move. While the content presented within the application is valuable for those with Cisco networks-mixing both high-level analysis and in-the-trenches tips and advisories-customization capabilities and off-network accessibility are woefully incomplete. In addition, the organization of the presented data fails to prioritize the most critical or time-sensitive information.
When Cisco told me about the SIO To Go app, my first thoughts were, "Why develop this only for the iPhone? Is that really the device of choice for the chosen audience?"
To be sure, the information gleaned from Cisco's worldwide network of global correlation sensors and researchers is already present on the Web via Cisco's primary Security Intelligence Operations Website. It seems that it shouldn't take much effort to organize that same content in a Web-based presentation designed specifically for mobile browsers. Or, if an on-device application is absolutely necessary, wouldn't the enterprise-dominant BlackBerry be a preferable development target?
While Cisco representatives confirmed that there is indeed a similar BlackBerry application in the works, they stated that the iPhone was an attractive development target because of its user interface and usability. Having platform-specific applications also lets the company take advantage of the iPhone's unique capabilities and widgets.
Unfortunately, in my tests, I found that Cisco has done little to make good use of any of the features inherent in Apple's platform, instead releasing a feed reader with a tight focus on content that is currently ill-equipped to deliver said content in the most useful manner. And that tight content focus is more on Cisco than on security, so you are more apt to see a blog about Collaboration or Cisco buying Tandberg than you are to see an advisory about a Windows SMB vulnerability.
The application acts as a front-end reader for Cisco's various online SIO resources (in the following categories): Cisco's Cyber Risk Report, Threat Outbreak Report, Applied Mitigation Bulletin, Company Press Releases, Podcasts, Security Blog, Latest Security News, Product Security Incident Response Team Advisories, Field Notices, Security Responses, various Twitter feeds and a YouTube feed. Each category can be read on its own page within the application, organized by date.
The application first places users in an aggregate feed called "All." But instead of organizing the All page by date or by criticality, it instead presents each of the categories listed above serially, in order. So, all Cyber Risk Reports are shown (some dating back months), then all the Threat Outbreak reports, and so on, down the list. Press releases are therefore shown before the Security Blog or Latest Security News categories.
Users can customize which feeds are received, allowing them to choose not to receive one or several of the top-level feeds. However, it would be preferable to be able to customize these capabilities further-say, to also be able to control the look, content and organization of the aggregate All feed.
For visual presentation and clarity, the color of the headlines alternates between white and turquoise. However, the application doesn't show whether information has already been read.
I was also disappointed with the limited amount of caching done by the application. Consider the New York Times reader for the iPhone as a model of what to do: When the user is connected to the network and starts the Times application, the latest headlines and articles are downloaded automatically. This lets me start the application when I have network coverage, download content and then read all the cached content when offline (in a tunnel, for instance).
The Cisco SIO application, however, downloads and caches only the headlines for each of the feeds. The actual content is pulled from the Web on demand, as each item is selected. Therefore, the application is largely useless without a live network connection.
The SIO application also offers a domain and IP address lookup tool that lets the user examine the Web reputation data and some WHOIS information for a given address. For example, I entered eWEEK.com into the tool, and was presented with a Web reputation score for the domain, along with volume statistics, WHOIS information and links to various other data about the domain.
Cisco representatives said the SIO iPhone app will be augmented with tools including a heat map and alerting capabilities in Version 2.0, which is expected in a few weeks (Apple approval process permitting, of course). Officials also stated that more extensive configuration and caching capabilities are in development for Version 3.0, which may be available in six to eight weeks.
Senior Analyst Andrew Garcia can be reached at firstname.lastname@example.org.