Cisco Blogs

Cisco Blog > Security

New blueprint for data center security

RATS in the Data Center, a recent blog post by Cisco’s Tom Hogue, highlighted the current threat landscape for data centers. Tom was referring to Remote Access Toolkits, not the disease-carrying vermin that likely started the plagues that ravaged Europe in the Middle Ages. However, the destructive effect of modern-day RATS can be devastating.. They provide a novice hacker the tools to craft a successful attack, lowering the skill and proficiency needed while increasing the volume and likelihood of attacks. And RATS attacks will likely target the data center because that is where the most valuable information is stored – whether it’s credit card numbers, social security and other personally identifiable information (PII), financial records, intellectual property, or trade secrets.

Many organizations secure the perimeter of their network. But once network access is granted, there are minimal controls in place for authorized users. They are completely trusted on the network. The underlying problem in today’s threat environment is these users may not be in control of their device due to malware infection. Or they may not be who they say they are due to stolen credentials/passwords. A new model is needed to continually protect the critical assets of the business and to minimize complexity while supporting new data center services and business models.

Cisco developed the Secure Data Center for the Enterprise Solution portfolio of validated design guides to create a comprehensive and modular approach to securing data centers. The newest Cisco Validated Design (CVD) to be added to this portfolio is Threat Management with NextGen IPS -- First Look Design Guide.  This new CVD builds on the capabilities introduced in the Single Site Clustering with TrustSec CVD by integrating the FirePOWER NextGen IPS to provide a true threat management system. The FirePOWER appliance provides threat protection capabilities beyond what a traditional IPS offers, resulting in a comprehensive solution for today’s malicious environment using highly capable threat management workflows. These workflows provide a different approach: the point of view of a cyber-attacker.

A First Look from a Different Viewpoint

That’s what makes this CVD intriguing—and, we hope, very useful. By looking at the “Attack Chain” where the capabilities to execute a successful attack are developed, this information can arm cyber-defenders with the tools and knowledge to effectively protect their networks and the business-critical information contained in their data centers.


Attack Chain

Attack Chain


The Threat Management with NextGen IPS First Look Design Guide also introduces a new security model, the attack continuum, which identifies each of the critical processes integral to a complete security system. This model addresses the cyber threat problem by looking at the actions to take before, during, and after an attack, across a broad range of attack vectors such as endpoints, mobile devices, data center assets, virtual machines, and in the cloud. Where most security solutions tend to address threat protection at a single point in time, it is important to look at it as a continuous cycle with key actions to take at each point in time.

Attack Continuum

Before an Attack: Organizations need complete visibility of their environment, including but not limited to the systems, services, users, endpoints, operating systems, applications, and network behavior models. From this visibility, ongoing monitoring and actionable alerts must be in place so informed decisions may be made in a timely manner.

During an Attack: Awareness is critical to identify the attack at the earliest possible point in time, ideally before the critical systems are compromised and valuable data is accessed. A security system should aggregate and correlate data using historical patterns and global attack intelligence to provide context to distinguish between active attacks, exfiltration, and reconnaissance using continual analysis and decision making.

After an Attack: Retrospective security is a big data challenge. With an infrastructure that can continuously gather and analyze data to create security intelligence, security teams can, through automation, identify indicators of compromise, detect malware that is sophisticated enough to alter its behavior to avoid detection, and then remediate it.

The attack continuum model provides a view of how to address threats, and helps build a framework of capabilities so organizations can start implementing robust security controls to protect their data centers. This new Cisco Validated Design, Threat Management with NextGen IPS, provides fresh tools and technologies needed to develop a comprehensive response to today’s threats affecting not only the data center, but also the entire enterprise.

If You Build It, Will They Come?

So after reading my last blog, you’ve finally come to the realization that you now need to start getting serious about creating video for your organization as the return on investment is certainly a compelling one. But where do you start?  Do you immediately run out and begin building a studio and streaming infrastructure?  Probably not.  Even though the ROI on video is overwhelmingly positive, Read More »

Tags: , , , , ,

#HigherEdThursdays – Reinventing the Educational Experience Through Collaboration

The landscape in higher education continues to change. In September, the U.S. Census Bureau released statistics showing that college enrollment declined for the first time in six years in the fall of 2012. (U.S. Census Bureau, 9/2013), and nearly half of Moody’s rated public and private universities were anticipating total enrollment declines in 2014 (Moody’s 2014 Industry Outlook, Nov. 25. 2013). Given some of these changes, colleges and universities across the nation are looking to technology to drive new and innovative initiatives to attract and retain students and faculty, to differentiate themselves from their peers, and to improve the educational experience.

Read More »

Tags: , , ,

#InnovateThink Tweet Chat on Friday, June 27 at 10 a.m. PST: Exploring the #FutureOfMobility

Innovations in mobility have made it possible for us all to connect from pretty much anywhere in the world, turning wherever we are in to our office. And mobile connections show no signs of slowing. By the end of 2014, the number of mobile-connected devices will exceed the number of people on Earth!

As with any technology, mobility is constantly changing, having to meet the demands of an increasingly mobile workforce that desires to conduct “business as usual” from anywhere.  And while companies have realized the importance of investing in mobility solutions, critical questions remain that must be answered for them to determine what needs to happen next to remain competitive and maximize their mobility efforts:

Cisco_IDG_Tweetchat FOM 6 25 14

  • How has mobility changed your business?
  • What do you need to impact your future business initiatives?
  • How is mobility influencing behavior among workers and customers?
  • What’s got you excited for the future of mobility in your organization?

Join me on Twitter this Friday, June 27 at 10 a. m. PST/1 p.m. EST for an exciting and insightful hour about the #FutureOfMobility in the #InnovateThink  Tweet Chat. Join me @RachaelMcB and @CiscoIoE alongside @ron_miller to learn more about how mobility has transformed the business landscape and why companies must continue to keep pace with the possibilities it creates. Simply use the hashtags #InnovateThink and #FutureOfMobility on Twitter to join the conversation.

Tags: , , , , , , , , , ,

Observations from London SDN Conference… “Wait, it’s coming…” … But Can You Afford To?

June 26, 2014 at 10:05 am PST

Last week I spent some time at the “Software Defined Networking 2014” conference in London.  It’s a relatively small conference I would say however given the growing interest in SDN and rapid progress of the technology it’s always good to hear alternative viewpoints and experiences.  And I certainly found the previous conference here in December 2013 interesting -- in particular one vendor in my view using SDN as the “hammer to crack a nut“.

Cisco wasn’t present at this conference last week, so what are others saying about SDN?  Here is a quick summary of my takeaways (in some cases questions raised in my mind), which I will expand on below.  And let me be controversial in my summary!

(1) Negligible discussion on live SDN deployments.

(2) NFV -- at least for service providers -- is potentially a quicker win than SDN

(3) SDN “Washing” is alive and well :-)

(4) Is OpenFlow more of an academic pursuit?

(5) Open Daylight excitement

(6) Negligible Discussion on “Making It Happen”

As I say, to some my statements may be controversial -- let me explain!

Read More »

Tags: , , , ,