Just when we feel we are drowning in information, along comes Big Data to save the day. Big Data refers to a dataset so large it is beyond the capability of a typical database to manage and make use of the information. But a set of advances in hardware and software now allows us to rapidly capture, organize, and make sense of vast oceans of data, enabling us to apply the results to make better business decisions.
Big Data can give us a strategic advantage. For example, investors could see global trends in trading across sectors in near-real time; they could respond much earlier to a downturn in prices in a given sector, avoiding the steep losses incurred by taking later action.
Big Data can also create a richer experience for customers. Bloomberg.com gathers more than 100 data points from every page an individual reader views, processing the data with 15 algorithms to personalize recommendations. Algorithms that understand natural language and rich media and can reason make Big Data technology even more useful in decision making. Novel visualization paradigms, 3D, and gesture interfaces make Big Data understandable and accessible to everyone.
For those of you that have been around the networking world for a while, NetFlow is far from a new technology. Cisco developed NetFlow years ago and it has become the industry standard for generating and collecting IP traffic information. NetFlow quickly found a home within network management providing valuable telemetry for overall network performance and management. Nine versions later NetFlow is growing in popularity not solely due to its value to network management but as a critical component of security operations. Over the past 12 months I have encountered more and more large enterprises that view NetFlow as one of their top tools for combating advanced threats within their perimeters.
The dynamic nature of the cyber threat landscape and growing level of sophistication and customization of attacks are requiring organizations to monitor their internal networks at a new level. IP flow monitoring (NetFlow) coupled with security focused NetFlow collectors like Lancope’s StealthWatch is helping organizations quickly identify questionable activity and anomalous behavior. The value that NetFlow provides is unsampled accounting of all network activity on an IP flow enabled interface. I bring up unsampled because of its importance from a security perspective. While flow sampling is a valid method for network management use cases sampling for the sake of security leaves too much in question. An analogy would be having two different people listen to the same song. One person gets the song played in its entirety, unsampled, and the other only hears the song in 30-second intervals. While neither may be musically inclined the person who had the advantage of listening to the song in its entirety would be able more accurately hum or sing back that song than the person that only heard 30 second snippets of the song. Furthermore the ability to identify that song during radio airplay would be in favor of the individual that was able to listen to the song in its entirety. This holds true for IP flow information when leveraging the information for detecting malicious or anomalous traffic. Some malicious code will only send a single packet back to a master node, which would most likely be missed, in a sampling scenario.
Further increasing the value of IP flow monitoring is Cisco’s recent release of Flexible NetFlow (FnF). FnF introduces two new concepts to flow monitoring. The first is the use of templates and the second expands the range of packet information that can be collected as well as monitor more deeply inside of a packet. This allows greater granularity in the information that is to be monitored as well a providing different collector sources for different sets of information. You can search for Flexible NetFlow on Cisco’s main website to get more technical details.
Are you using NetFlow for security operations? I welcome any feedback, good or bad regarding your experience and opinions on the value that IP flow information provides for detecting this ever-changing threat landscape.
The federal government is a perennial target, always subject to accusations of waste and inefficiency, among other allegations. But recent developments in technology and new legislation hold out hope for a more efficient, effective, and greener federal workforce. The U.S. Telework Enhancement Act of 2010 generated tremendous momentum toward increasing workforce mobility options for federal employees. The act paves the way for the federal government to unlock significant benefits, including greater productivity, resilience, environmental sustainability, and employee inclusion. It creates accountability for achieving these objectives in the form of telework managing officers (TMOs), senior officials responsible for telework policy development and implementation.
Realizing these objectives will require a significant departure from current practice. To date, agencies have focused on increasing telework participation rates through advertising, employee training, and resolution of technological barriers. Meaningful progress toward the act’s other goals-including emergency readiness, energy use, recruitment and retention, performance, and productivity-will require moving past first-generation strategies aimed at increasing telework participation rates and, instead, pursuing integrated mobility strategies explicitly linked to agency business objectives.
TMOs should not view the act as just another administrative burden that requires compliance. As the first TMOs assume their roles, they have a unique opportunity to use workforce mobility-including telework and a broader range of tools and systems to enable productivity anywhere, anytime, and on any device-as a catalyst to create a more flexible, productive, and inspiring federal workplace.
Achieving this vision requires a sober assessment of the current situation, an ambitious, goal-driven strategy linked to agency business objectives, and a new management posture aimed at transforming mindsets and behaviors rather than resolving technological challenges.
Cisco will be a Platinum sponsor of the third annual Cloud Computing World Forum in London. If you are planning to attend this event, please stop by booth #235 where we’ll be demonstrating Cisco Cloud technologies such as VXI, Cloud Orchestration/automation, UCS, Security, etc. This would be a good opportutnity to talk to experts in this field or meet account teams for the European and Emerging Market regions.
We are also excited to host a Public Sector Cloud Day with Cisco customers on June 20th. This event (by invitation only) will allow us to meet with CIO and Technical Decision Makers to discuss the evolution of Cloud Computing in public sector organizations. A great opportunity to stay close to our customes!