This post is officially my first after coming over as part of the Cisco acquisition of OpenDNS. Since 2012, I’ve served as the CTO and am proud to be part of an incredible research team, OpenDNS Labs. Like the Talos Research Group we are focused on detecting and preventing threats that help protect our customers globally. We are uniquely positioned to do this through statistical models and classification techniques that are fueled by our satellite view of the Internet’s infrastructure with more than 80 Billion active DNS queries per day.
Today I’d like to share some of our research that we recently published around combining classification models together to better predict, and therefore prevent phishing and targeted attacks. In this post we discuss how we can combine two of our classifiers; NLP Rank and Traffic Spikes to predict malicious domains. Additionally we highlight the value of data visualizations with OpenGraphiti.
While the blog only highlighted some of our capabilities with OpenGraphiti, I recorded a short video of the tool in action below. This video demonstrates how we not only can ingest the data but also digest it visually — enabling incident response teams to pivot through the attackers infrastructure in a way that is difficult in a textual format. The visualization shows the relationships between the top-level host with all the associated fake sites that are associated and identified with NLP Rank. Note: There is no audio.
We at OpenDNS are extremely excited about being part of Cisco and look forward to sharing more of our incredible technology, research, and data moving forward.
Tags: Big Data, cloud, opendns, opendnslabs
Someone at a meeting recently told me how cool it was that big data was finally moving out of the early adopter phase. He’s lucky I wasn’t drinking a beverage at the time, or he might have ended up wearing it.
I’m accused of being sort of a unicorn when it comes to the Big Data ecosystem, having worked with engineered Big Data environments since 2004 or so and Hadoop proper since 2009. And while some individual companies may be emerging from early adopter, it’s hard to say that Big Data itself is that new. You just have to look at the conference world to see how big this ecosystem has become, and how it’s shifted from theory and skunkworks projects and resume fodder, to technology solutions for new and metamorphic problems in business.
Some people will say “But surely there’s only been a competitive landscape for Hadoop distributions since 2012, right?” That’s true, but as I’ve said in 20 or more presentations in the past year, Big Data is more than Hadoop. And don’t call me Shirley.
One of the oldest companies driving Big Data software predates commercial Hadoop by a couple of years. In fact, they’re just about old enough to go into fourth grade (with apologies to Judy Blume for my title on this post). And you still have time to join Splunk (and Cisco) for their seventh annual worldwide user conference the week of September 21, 2015.
Buttercup at .conf Search Party via Lily Wai (@lgwai)
DON’T SEND OUT THE SEARCH PARTY YET:
JOIN SPLUNK AND CISCO AT .CONF SEPTEMBER 19-24
.conf is Splunk’s annual worldwide user conference, attended by thousands of customers and partners and users of Splunk’s suite of products.
Cisco has been attending, and presenting, for a while now, and 2015 is no exception. We will have a booth in the expo at .conf 2015, and you can join members of the Cisco team at two IT Operations breakout sessions.
- Thursday, September 24, 11:15am: Cisco and Splunk: Under the Hood of Cisco IT (with Robert Novak and Cisco IT’s George Lancaster)
Learn how Cisco IT uses Splunk software to gain deep operational visibility into applications, accelerate problem resolution, and drive better business outcomes.
- Thursday, September 24, 1:15pm: Event-Driven SDN with Splunk and Cisco’s Open SDN Controller (with Steven Carter and Friea Berg)
This session presents and demonstrates a system using Splunk and the Cisco Open SDN Controller for steering large data flows around firewalls and other devices that could disturb their performance while actively blocking threats.
Read More »
Tags: .conf, Big Data, Cisco IT, cisco on cisco, Cisco UCS, las vegas, New York City, SDN, Splunk, Strata
Cisco Intelligent Traffic Director (ITD) is an innovative solution to bridge the performance gap between a multi-terabit switch and gigabit servers and appliances. It is a hardware based multi-terabit layer 4 load-balancing, traffic steering and clustering solution on the Nexus 5k/6k/7k/9k series of switches.
It allows customers to deploy servers and appliances from any vendor with no network or topology changes. With a few simple configuration steps on a Cisco Nexus switch, customers can create an appliance or server cluster and deploy multiple devices to scale service capacity with ease. The servers or appliances do not have to be directly connected to the Cisco Nexus switch.
ITD won the Best of Interop 2015 in Data Center Category.
With our patent pending innovative algorithms, ITD (Intelligent Traffic Director) supports IP-stickiness, resiliency, consistent hash, exclude access-list, NAT (EFT), VIP, health monitoring, sophisticated failure handling policies, N+M redundancy, IPv4, IPv6, VRF, weighted load-balancing, bi-directional flow-coherency, and IPSLA probes including DNS. There is no service module or external appliance needed. ITD provides order of magnitude CAPEX and OPEX savings for the customers. ITD is much superior than legacy solutions like PBR, WCCP, ECMP, port-channel, layer-4 load-balancer appliances.
ITD provides :
- Hardware based multi-terabit/s L3/L4 load-balancing at wire-speed.
- Zero latency load-balancing.
- CAPEX savings : No service module or external L3/L4 load-balancer needed. Every Nexus port can be used as load-balancer.
- Redirect line-rate traffic to any devices, for example web cache engines, Web Accelerator Engines (WAE), video-caches, etc.
- Capability to create clusters of devices, for example, Firewalls, Intrusion Prevention System (IPS), or Web Application Firewall (WAF), Hadoop cluster
- Resilient (like resilient ECMP), Consistent hash
- VIP based L4 load-balancing
- NAT (available for EFT/PoC). Allows non-DSR deployments.
- Weighted load-balancing
- Load-balances to large number of devices/servers
- ACL along with redirection and load balancing simultaneously.
- Bi-directional flow-coherency. Traffic from A–>B and B–>A goes to same node.
- Order of magnitude OPEX savings : reduction in configuration, and ease of deployment
- Order of magnitude CAPEX savings : Wiring, Power, Rackspace and Cost savings
- The servers/appliances don’t have to be directly connected to Nexus switch
- Monitoring the health of servers/appliances.
- N + M redundancy.
- Automatic failure handling of servers/appliances.
- VRF support, vPC support, VDC support
- Supported on all linecards of Nexus 9k/7k/6k/5k series.
- Supports both IPv4 and IPv6
- Cisco Prime DCNM Support
- exclude access-list
- No certification, integration, or qualification needed between the devices and the Cisco NX-OS switch.
- The feature does not add any load to the supervisor CPU.
- ITD uses orders of magnitude less hardware TCAM resources than WCCP.
- Handles unlimited number of flows.
- Load-balance traffic to 256 servers of 10Gbps each.
- Load-balance to cluster of Firewalls. ITD is much superior than PBR.
- Scale IPS, IDS and WAF by load-balancing to standalone devices.
- Scale the NFV solution by load-balancing to low cost VM/container based NFV.
- Scale the WAAS / WAE solution.
- Scale the VDS-TC (video-caching) solution.
- Scale the Layer-7 load-balancer, by distributing traffic to L7 LBs.
- ECMP/Port-channel cause re-hashing of flows. ITD is resilient, and doesn’t cause re-hashing on node add/delete/failure.
Documentation, slides, videos:
Email Query or feedback:firstname.lastname@example.org
Please note that ITD is not a replacement for Layer-7 load-balancer (URL, cookies, SSL, etc). Please email: email@example.com for further questions.
Connect on twitter: @samar4
Tags: #BestofInterop, #CiscoITD, #CiscoLive2015, #CLUS, ACE, ACI, ASA, ASA 1000V Cloud Firewall, best of interop, Best of Interop 2015, Best of Interop Finalist, Big Data, cache engines, Cisco, Cisco Nexus, Cisco Nexus 5600, Cisco Nexus 7000, Cisco Nexus 9000, Cisco Nexus Switches, Cisco Prime NAM, Cisco WAAS, ciscolive, citrix, cloud, Cloud Computing, container, data center, Data Center container, F5, FirePOWER, Imperva, Imperva SecureSphere WAF, innovation, interop, IPS, ITD, load balancer, Load Balancing, nexus, Nexus 7000, NFV, SDN, security, server load balancer, Service Provider, Sourcefire, video, Web Application Firewall
Cisco, SAP and the Big-Data Revolution
SAP just announced the release of SAP HANA Vora. SAP HANA Vora is an in-memory query engine that plugs into the Apache Spark execution framework to provide enriched interactive analytics on Hadoop.
Cisco, provider of UCS Integrated Infrastructure for Big Data, is working with SAP to achieve the following:
- Process Big Data simply and cost-effectively for real-time business applications and analytics
- Provide enterprise-class drill-down insight into raw data
- Blend incoming data from customers, partners, and smart devices
- Combine business data with external data sources to make better decisions through greater context
SAP HANA Vora running on Cisco UCS consists of the following
- In-memory query engine running on Spark execution framework on the Cisco UCS platform
- Compiled queries for accelerated processing across Hadoop nodes on the Cisco UCS platform
- Enhanced Spark SQL semantic with hierarchies for analytical processing
- Enhanced adaptor for Spark and the SAP HANA database for faster query interactivity
- Unified administration across Hadoop distributions and SAP HANA
What does this mean for customers who plan to run SAP HANA Vora on the Cisco UCS platform?
- Enable more precise decisions through greater contextual awareness
- Democratize access for data scientists to facilitate new discoveries
- Simplify Big Data ownership through unified administration across multiple tiers
Structured and unstructured data, all part of the Internet of Things, is created each day at an accelerated rate and those companies that are able to take advantage of that data in a business environment, will outpace their competitors in the business world and provide those products in a manner that will be tailored to their customers’ demands.
In utilizing SAP HANA Vora on the Cisco UCS platform, not only will the customer demands be met, but it will be delivered via ACI (Application Centric Infrastructure) in an automated, cost-effective, policy-driven way, which can lead to lowering the total cost of ownership of a data center, both from a hardware and software perspective, and decreasing the time an employee spends deploying and managing a critical data center.
Look for more information about SAP HANA Vora on the Cisco Web Site and plan to visit the Cisco booth at SAP TechEd in Las Vegas and Barcelona this Fall.
Tags: Big Data, Cisco UCS, Integrated infrastructure, SAP, SAP. HANA
#CiscoChampion Radio is a podcast series by Cisco Champions as technologists. Today we’re talking about UCS and Big Data with Cisco Technical Solutions Architect Sean McKeown.
Get the Podcast
Listen to this episode
Download this episode (right-click on the episode’s download button)
View this episode in iTunes
Sean McKeown, Cisco Technical Solutions Architect
Cisco Champion Guest Hosts
Brad Haynes, @GK_bradhaynes, Client Solutions Specialist
Chris Nickl, @ck_nic, Cloud Infrastructure Architect
Stewart Goumans, @WirelessStew, Mobility Consultant Read More »
Tags: #CiscoChampionRadio, Big Data, big data analytics, Cisco UCS, Cisco Validated Designs, UCS