Cisco Blogs


Cisco Blog > Security

Cloudy with a Chance of Scalable Malware Protection

Cisco CWS The proven value of Software-as-a-Service (SaaS) solutions, that we all access daily from multiple devices, makes the cloud a reality, but SaaS also creates an environment in which anyone, anywhere in an organization, can be attacked at any time. Modern Networks go beyond traditional walls and include data centers, endpoints, virtual and  mobile – all linked by cloud services. To some the cloud is an attack vector while to others it’s a business enabler. Security as a Service bridges these two definitions to deliver the scale of cloud engines to address security challenges found anywhere in the Modern Network, whether physical, virtual, local or remote.

Two recent stories from our Cloud Web Security (CWS) Service , illustrate the power of the cloud to address security concerns. The first focuses on the sheer processing power we can deliver from our global data center estate, and the second covers the elastic capacity our investment in Next Generation infrastructure provides, ensuring we can turn up the dial when our customers need more bandwidth, delivered securely.

The first example goes to the heart of our latest announcement, demonstrating how the cloud can learn from one environment and quick leverage that learning to improve the security coverage of all customers.  Last week the CWS team release  CWS Premium for advanced threat protection. CWS Premium combines the two distinct services of Advanced Malware Protection (AMP) which examines file reputation, file behavioral analysis, inclusive of sandboxing and retrospective alerting of infected hosts, and Cognitive Threat Analytics (CTA), which uses machine learning to examine traffic patterns for anomalous behavior indicative of compromise. The combination of these two announcements brings enterprise-class advanced threat protection delivered from the cloud and addresses the number one request from our growing global customer base.

During the AMP pilot we learned something about the power of the cloud-delivered service. A beta user submitted an unknown file to the AMP sandbox, a file not known to anyone – external verification showed zero detects. What happened next showed that the file was far from benign and produced a very detailed set of reports and analysis. The high level summary goes like this: Our sandbox discovered that the file was in fact malware, and then classified the file as malicious in the AMP cloud, sending a retrospective alert to the CWS user. This enabled the user to see where the file came from, the behavior of the file over time and what other systems had been infected. Moving outside this customer, with the AMP cloud aware of the malicious nature of this file, over the next 12 hours the file was detected and removed in nine other CWS enterprise customers, without anyone having to make a decision to change policy or reconfigure existing solutions. This demonstrates the closed loop nature of our system, teaching itself and automatically projecting its new knowledge by way of protection to all of our customers – all without human intervention. If those nine customers within the first 12 hours had – at a conservative estimate – 15,000 end points each, that’s 135,000 users protected without anyone actually doing anything. Within 24 hours that number of customers was beyond 30, and the number of estimated end users at almost half a million and no one pushed a button after the original file was submitted to the cloud.

The second example pivots us away from advanced threats and demonstrates the power of the cloud to scale. We are always updating and investing, growing to meet capacity, and recently we became aware that a very popular consumer hardware and software vendor was about to release an upgraded version of its operating system to potentially test that capacity. I can’t name names, but it’s safe to say that fans of the device worldwide were thrilled by news of new software, and were eager to download the update the instant it was released. This posed a number of challenges, particularly for web security services. Traffic volumes after past such events have increased between 15-20% worldwide, which not only places a strain on our customers’ networks but also means our cloud-delivered service has to be ready to process a vast increase in capacity.

How vast an increase?  The daily volume of CWS traffic for this particular update spiked to 16TB. Stop for a moment to imagine 16TB. Imagine a premium Netflix account, streaming 1GB per hour in HD. Now imagine watching 1,000 hours of video, that’s 41 days worth of constantly watching HD movies.  That’s 1TB.  It would take 656 days – almost two years of data streaming at the same rate and about 4,500 movies – to equal 16TB, the same amount of extra data rammed through the global CWS estate in 24 hours with no degradation of service. And that’s 16TB of additional traffic, not counting the rest of the daily web content being processed.

Our mission has been to proactively ensure that CWS customers continued to experience excellent performance from their own networks during the first few days of the update availability, while delivering the stable, high-performing CWS service that customers have come to expect.  We tuned data centers in readiness, advised customers of the impending spike, gave them the option to block the relevant traffic if they chose and we monitored traffic patterns in real time to optimize loads. No support cases raised and no drop in performance. Mission accomplished.

Today’s cyber attacks threaten precious Intellectual Property (IP), valuable customer information and state secrets. You only have to look at the daily news headlines to find about the next  high-profile attack. In fact, Cisco reports stopping an average of 320 million cyber attacks each day, up substantially year over year. That’s like everyone in the US launching a cyber attack each and every day. The web is the attack vector in an increasing number of these cases. To protect valuable resources requires a threat-centric, operational model that is advanced beyond an attacker’s abilities and addresses the extended network and evolving business environment. Whether harnessing cloud power or offering scalability, CWS is a crucial component in enabling organizations to embrace this approach and capitalize on the efficiencies that a cloud-based model offers.

For more information, visit: http://cisco.com/go/cws

Tags: ,

IoT in Action – Connectivity in Fire & Safety

The Internet of Things (IoT) is having a profound impact connecting buildings and industrial networks to IT environments. By linking your industrial sensors, robotics, trucks, and other equipment with your enterprise applications, through the Internet of Things (IoT), companies have better visibility into what’s happening in the environment. More importantly, these companies can more quickly and effectively respond to that information.

Connected Buildings and Incident Management

One area where IoT is changing the landscape is building management.   Traditionally, building management systems have been maintained on independent and proprietary networks.   This worked when the requirements were for stand-alone systems.   However, with the emergence of IoT, these systems are migrating to an IP/Ethernet based platform.   The benefits of this include: (1) improved ability to communicate between systems, (2) better integration with the building IT networks, and (3) ability to communicate outside the building.

One example is in fire and life safety.   Organizations are now looking at these solutions to be more than fire detection and alarm systems by providing additional capabilities and becoming incident management systems.

Edwards/UTC Moving into IoT

For example, when Edwards Fire Safety, a division of UTC Building & Industrial Systems, was looking for ‘Solutions for the Future’, they looked to Cisco. Working with Edwards, Cisco’s IoT business unit initiated a program under a Strategic Technology Integration agreement that combines Cisco’s ruggedized IE 2000 switch with the fire and life safety system.

To properly operate in these environments, networking devices must be highly ruggedized to protect the internal components. Specific and tight connectors are needed to avoid any possible water penetration and disconnects due to vibrations.

For Edwards, this provides a smart, next generation communication platform that provides three key benefits:

  1. Faster Deployments -- The “Powered by Cisco” logo is one that is certainly respected and recognized within the networking ecosystem.   Edwards can leverage this logo to quickly address any concerns about the power of their solution components when working with building IT and networking teams.
  2. Next Generation Platform -- Allows Edwards to utilize an IP/Ethernet based solution.   This offers multiple benefits including: common platform, open standards, scale and security, and the opportunity to build additional capabilities on the solution to support incident management.
  3. Solution Support -- Enables Edwards to easily and quickly perform diagnostic and remediation of networks issues using a smart and managed switch.

Take a look at the solution at this year’s ASIS Conference:

 

Finding Solutions for the Future

Cisco makes it easy to capitalize on industrial connectivity and IT-to-operations convergence. We bring industry-leading network and management capabilities to your harshest environments, while providing end-to-end solutions to address every aspect of industrial networking, including plant routing and switching, field networks, embedded networks, and physical security. And all of these solutions integrate with Cisco’s traditional wired and wireless networking, security, collaboration, and data center solutions as part of a single, converged platform. For more information about Cisco switches, visit www.cisco.com/go/ie2000.

Cisco Cloud Security for Public and Private Cloud – A Secure, and Compliant Cloud Data Center

Recently the widespread fire of data breaches impacting privacy of millions of hapless people across the globe has become the stirring news. This spree of cyber attacks unveiling the fact that information security industry, organizations and even governments are vulnerable to today’s persistent, well-organized and sophisticated cyber threats.

There was a common theme among all the recent data breaches shown below and that is the amount of time for initial detection, which is in weeks and months.

Cisco Cloud Security

According to Verizon data breach report, 85% of cyber attacks Read More »

Tags: , , , , , , , , , , , , , , ,

Cisco UCS Mini Wins infoTECH Spotlight Award

December 18, 2014 at 1:13 pm PST

Technology Marketing Corporation (TMC) announced the winners of the 2014 infoTECH Spotlight Data Center Excellence Awards today. Cisco is honored that UCS Mini is one of the recipients! To quote from the TMC press release:

“The 2014 infoTECH Spotlight Data Center Excellence Award recognizes the most innovative and enterprising data center vendors who offer infrastructure or software, servers or cooling systems, cabling or management applications.”

Read More »

Tags: , , ,

Project Squared Update: Secure Media

The cloud is software in motion.

Our recently announced Cisco Collaboration Cloud did not stop moving once we launched it on November 17. We’ve been pushing code into the cloud multiple times per day and have release several client updates since we launched. The great thing about this model is that we can be delivering new features constantly without waiting for a giant release. This also means that, when a feature doesn’t get done by a particular date, it’s not the end of the world. It doesn’t need to wait for a huge release 6-12 months later. It might come just a few weeks later.

This is exactly what has happened with an important security feature which we didn’t quite finish in time for Collaboration Summit – secure media (also known as Secure RTP or SRTP). The version of the application that we launched on November 17 did not utilize secure media in all clients. Given our focus on security this was obviously something we weren’t happy about. But, we knew that it was almost done and we would push it soon enough.

I’m pleased to report that we have indeed pushed secure media. All of our Project Squared clients – the Mac, Android, IOS and web clients send all media in encrypted form to our media servers. The media is secured using a flavor of SRTP known as DTLS-SRTP, which performs the key exchange inline with the media itself.  SRTP is on by default and cannot be disabled. This is consistent with our general approach to security – to make it always there but invisible to end users. Neither our users nor our admins of the collaboration cloud need to do anything to make sure media is secure. It just is.

Of course – we’re not done yet! There is still a healthy backlog of features, including many more great security improvements, that we’re working on. Stay tuned, more stuff is  coming. That’s because the cloud is software in motion.

Tags: , , , , ,