Cisco Blogs


Cisco Blog > Enterprise Networks

“Security Everywhere” – Enterprise Branch Security for Direct Internet Access and IWAN

Two weeks ago, a leading global medical device manufacturer came to Cisco for advice. In an effort to streamline IT operations and reduce operating costs, the customer had recently migrated from their internal Microsoft Exchange 2010 environment to Office365, Microsoft’s hosted online service.

The migration was initially done for the headquarter users and the feedback was more positive than they expected. However, when they migrated their branch and remote office users, the WAN bandwidth usage almost immediately spiked and user experience suffered as a result.

This customer is certainly not the only company looking to embrace Cloud applications for greater agility, reduced costs and complexity, and increased productivity. Or has had to deal with BYOD issues and the increasing impact of video has on their bandwidth. However, what our customer and those other companies have found is that the current method of backhauling the traffic to the data center is no longer a viable way to handle the increased consumption when faced with a flat or even a declining IT budget. Therefore, many of today’s distributed enterprises are looking to use direct Internet access pathways in an effort to improve the user experience while reducing IT costs.

However, enabling direct Internet access (DIA) at branch offices also forfeits the inherent threat protection that traffic routed through the data center provides. The enterprise-level risks that branch offices face with BYOD issues, compliance requirements, and advanced persistent threats require enterprise-level security. According to Gartner’s “Bring Branch Office Network Security Up to the Enterprise Standard”, “By 2016, 30% of advanced targeted threats — up from less than 5% today — will specifically target branch offices as an entry point.”

Cisco FirePOWER Threat Defense for ISR addresses these issues by extending their industry-leading FirePOWER threat protection beyond its traditional network edge and data center deployments out to individual Cisco ISR routers. Read More »

Tags: , , , , , , ,

The Network as a Security Sensor and Enforcer

The Digital Economy and the Internet of Everything means everything is now connected. Digitization is fundamentally transforming how we conduct business. It creates new opportunities to develop services and engage with employees, partners, and customers. It’s important to understand that digitization is also an opportunity for the hacking community, presenting new services, information, data, devices, and network traffic as attack targets. To take full advantage of the digitization opportunity, security must be everywhere, embedded into and across the extended network – from the data center to the mobile endpoints and onto the factory floor.

Today, Cisco is announcing enhanced and embedded security solutions across the extended network and into the intelligent network infrastructure. These solutions extend security capabilities to more control points than ever before with Cisco FirePOWER, Cisco Cloud Web Security or Cisco Advanced Malware Protection. This is highlighted in Scott Harrell’s blog. We are also transforming the Cisco network into two roles: as a sensor and as an enforcer of security.

The role of the Network as a Sensor The network provides broad and deep visibility into network traffic flow patterns and rich threat intelligence information that allows more rapid identification of security threats. Cisco IOS NetFlow is at the heart of the network as a sensor, capturing comprehensive network flow data. You can think of NetFlow as analogous to the detail you get in your monthly cellular phone bill. It tells you who talked to whom, for every device and user, for how long, and what amount of data was transferred – it’s metadata for your network traffic.

Visibility to network traffic through NetFlow is critical for security, as it serves as a valuable tool to identify anomalous traffic on your network. Watching NetFlow, we gain an understanding of the baseline traffic on the network, and can alert on traffic that is out of the ordinary.  The network is generating NetFlow data from across the enterprise network all the way down to the virtual machines in the data center.  This gives us visibility across the entire network, from the furthest branch office down to the east-west traffic in the data center.  Read More »

Tags: , , , , , , , , , ,

10 Smart New Ways to Keep Your Network Up and Running: A Preview of What to See at Cisco Live

CiscoLive! is next week. With more than 23,000 people ciscolivelogo_245x100expected to attend, there’s no event more popular with IT professionals who pride themselves on their networking expertise. As I prepare to travel to San Diego for the occasion, I wanted to share my perspective on how IT organizations can better operate and protect the networks that are the digital backbones of their companies.

Chances are you’re already realizing numerous benefits using either Cisco SMARTnet or Smart Net Total Care (SNTC) Services. We know, because we regularly poll Cisco enterprise customers on how they’re succeeding with each service. We also know that most of us like to have our cake and eat it, too. That’s one reason why we have decided to combine these two services into one powerful and flexible service under the Smart Net Total Care name. 

The move to Smart Net Total Care creates more flexibility and more value for you when it comes to supporting your company’s network.  “Flexibility” means you can choose to only to use the basic features of the combined solution or take full advantage of SNTC’s extended feature set.  Put simply, you can choose only the basic support capabilities traditionally found in SMARTnet or reach higher to access the added value of proactive smart service features in Smart Net Total Care to optimize the full lifecycle of all your Cisco equipment. You can also choose a Do-It-Yourself (DIY) deployment or, if you want a fast boost up the learning curve, we will make available assisted deployment options from Cisco. Flexibility means you choose the approach that is best for you.  Read More »

Tags: , , ,

Scan. Analyze. Improve! Introducing Switching and Wireless Best Practices on Cisco Active Advisor

In a recent post, we discussed Dimension Data’s 6th Network Barometer Report and its recommendations. Detailed in this exhaustive report, Dimension Data has found that 32% – about 1/3 – of all Service incidents are related to Human Error*. (* 6% Configuration Errors and 26% Other human errors)

We’re all human and we all make mistakes – that’s the way we learn.  However, in this era of constant connectivity, with mobility and the Internet of Everything growing rapidly, there is an ever-increasing demand on your network to perform, be available and stay secure.  Incidents of IT failure are becoming more and more costly, not only from an operational aspect, but even more so from the loss of uptime, data and customer satisfaction.  What if you could have 33% less service incidents, while using 32% less resources, keeping your network as stable as ever?  That’s where Cisco Active Advisor can help you!

It’s no secret that Cisco Active Advisor is a huge time saver – Cisco Active Advisor is a free cloud-based service that automatically discovers Cisco Enterprise Networking products with no hardware or software installation, and can not only keep you up-to-date on important lifecycle milestones, but also analyze your network health and offer recommendations for improvement.

Cisco has compiled a set of Best Practices Designs, based on experience gained from multiple TAC and escalation cases, engineering testing and customer interviews, into a set of recommendations that can improve reliability, availability and performance of your network. Read More »

Tags: , , , , ,

Network like a Ninja at Cisco Live with #GeekSlices and #SelfieBINGO – #CLUS

SelfieBingo Join Jun2One of the great things about Cisco Live is the people you meet. While the classes, hands-on labs, and speaking sessions are all great, if you’re willing to take the extra step beyond the convention center, you can meet people you will continue to learn from all year.

To facilitate this – this meeting of people that can sometimes feel a bit awkward – I’ve set up two activities that should be fun and help overcome some of the awkwardness: #GeekSlices & #SelfieBINGO!

#GeekSlices is a big, informal pizza & beverages gathering.  Think of this as a great opportunity to meet others in the community over a drink and tasting some of the best pizza ever.  EVER.

To join us, just sign up http://tweetvite.com/event/GeekSlices  (If you really really don’t want to use twitter, come find me in the social media lounge or the Data Center booth to get details.)

 

#SelfieBINGO – Is a big game of BINGO where you find people on each square, take a selfie with them, and tweet it.  It’s fun because it basically gives you a list of 25 new people to seek out at Cisco Live. If you’re playing, these are people who have self-selected as willing and interested in meeting new people. We’ll be playing throughout the week.  Read More »

Tags: , ,