Cisco Blogs


Cisco Blog > Government

Advanced Malware Protection Can Help Keep Defense Agencies’ Networks Secure

It seems like these days, you can’t read the news without seeing something about a cyberattack or data breach. While the digital economy and the Internet of Everything (IoE) are creating huge opportunities for value creation in both the public and private sectors, they also create huge opportunities for security breaches. With an expanded attack surface created by the IoE, cybercriminals look to take advantage of the influx of new devices and increasing network complexity. While a large cyberattack on a private company might be painful financially, a hack on some of our nation’s defense agencies could hurt much more.

The Department of Defense (DoD) is a high-priority target for hackers of all types, but especially for advanced malware creators who are seeking to steal intellectual property, capabilities and strategies from the U.S. government.  These threats aren’t only isolated incidents from hacktivist groups; they often come from other advanced nation-states. The protection of military information and network assets is a part of national security and the DoD needs the tools to protect itself from cyberattacks.

One way the DoD and other agencies are looking to better protect their networks is by using advanced malware protection (AMP) tools. AMP helps detect “bad” files as they move across a sensor and flags the files for removal so that they don’t corrupt the rest of the network. Cisco’s AMP services are industry-leading; it was named a leader in Gartner Magic Quadrants for Intrusion Prevention Systems in 2014 and improved its position in 2015. It was also tested during NSS Labs’ rigorous next-generation firewall testing and received the highest effectiveness rating possible.

Figure1

Figure 1. Gartner’s 2015 Magic Quadrant for Intrusion Prevention Systems

Cisco AMP is unique from its competitors in that it can place sensors throughout the network. Unlike most companies’ sensors, which must be attached to the firewall, Cisco’s sensors are compatible with a large variety of devices and platforms, such as switches, virtual machines and the cloud. By allowing for sensors in other places in the network, Cisco AMP casts a wider and finer net to catch malware.

Additionally, Cisco AMP tracks files throughout the whole network. For most advanced malware systems, a file is only flagged as good or bad when it crosses a sensor. But with Cisco AMP, the file is tracked throughout and continually evaluated. That means if a file was initially tagged as good but more information appears, Cisco AMP can detect that anywhere in the network, flag it, and have the file removed. Continuously monitoring files enables security managers to get rid of corrupted files rapidly – which means the network can recover more quickly as well.

Figure2

Figure 2. Point-In-Time Detection vs. Cisco’s Continuous Detection

Another way that Cisco AMP sets itself apart from other security options is through its ability to trace a file’s path and remove other files it has potentially corrupted. The corrupted file is patient zero, but CiscoAMP can find every other patient it touched to ensure the threat is completed eradicated.

As DoD networks become increasingly complex, with more devices requiring access from remote areas, the capabilities Cisco AMP solutions provide will be even more important to ensure these critical networks are secure. No matter how it is utilized, Cisco AMP can help the Department of Defense and other public sector agencies defend their sensitive information from cyberattacks. Click here to learn more about Cisco AMP solutions.

Tags: , , , , , ,

An Overview of Network Security Considerations for Cisco ACI Deployments

Security continues to be top of mind with our customers and frequently comes up with customers who are evaluating new architectures. I have been in the networking industry for over two decades involved in multi-billion dollar product lines like Catalyst 5K/6K, MDS-9000, Nexus-7K, UCS, and now with Application Centric Infrastructure (ACI). I don’t claim to be a security expert by any means, but have gained good insight into what’s important based on numerous conversations with customers over the years thereby allowing me to write about it with some degree of authority.

That said, security is a very broad topic and there are myriad products in the industry to deal with the various types of attacks that infrastructure and applications are exposed to today. For purposes of this blog, I will focus on the network security aspects and how they intersect with Cisco ACI.

Read More »

Tags: ,

Manufacturing, IoT and Innovation – What’s the Missing LInk?

My colleague Chet Namboodri recently discussed, “The Internet of Things and the Future of Manufacturing” with Manufacturing Revival Radio.  In the interview, Chet discussed how best in class manufacturers like GM and Stanley Black and Decker are driving innovation and capturing real business value across their value chain by developing and executing an IoT strategy.

Manufacturers like GM and Stanley Black and Decker are creating this platform for innovation by deploying open standards–based Internet Protocol (IP) technologies that converge their enterprise and plant floor networks. The convergence enables tight integration of operation technology (OT) and information technology (IT), creating a flexible and scalable platform to:2439633

Speaking of security, it is cited by most manufacturers as the key barrier to IoT adoption and innovation.  The prospect of connecting millions, potentially billions of sensors, actuators, motors, gauges, valves, and machines with Manufacturing Operations Management (MOM) applications like MES (Manufacturing Execution Systems) and ERP (Enterprise Resource Planning) applications can make VP of Supply Chains, Operation Managers and the like want to go back to the old island of automation model that Chet cited in his interview.

As daunting as security may be to innovation and IoT adoption. The skills workforce gap in the industry is the biggest threat and concern for manufacturing executives and managers. ThomasNet conducted a survey of over 1200 line of business manufacturing professionals .  The survey cited that Generation Y (18-32 years old) employees will make up 75 percent of the workforce by 2025, but three-quarters of manufacturers report that 25 percent or less of their workforce are in the Generation Y age group.

Cisco recognizes that new skills and education are the missing link required to drive innovation and realize the value afforded by IoT in the manufacturing industry.

To prepare and attract the next generation manufacturing workforce Cisco has launched the Cisco Industrial Networking Specialist Certification for information technology (IT) and operational technology (OT) professionals in the manufacturing, process control, and oil and gas industries who install, maintain, and troubleshoot industrial network systems. This certification ensures candidates have the foundational skills to manage and administer networked industrial control systems. It provides plant administrators, control system engineers and traditional network engineers with an understanding of the networking technologies needed in today’s connected plants and enterprises.

What are your major barriers to IoT Adoption?  Security, transitional workforce, ….?  In the meantime, be sure to visit the Industrial IP Advantage website for more information around how you can leverage IP technologies to accelerate your path to IoT value.

IIPA Logo

Tags: , , , , , , , , , , , , , ,

The Expanding Burden of Security

[ed. Note: This post was updated 7/9/2014 to include new information not available to the author at the time of original publishing]

I just returned from the Gartner Security Summit at the Gaylord Resort in National Harbor Maryland. Each morning I took my run along the Potomac River and passed this sculpture of a man buried in the sand.

KT_sandman

In speaking with many IT executives they expressed specific concerns around their IT security, and this sculpture of the “man in the sand” took on new meaning for me. I could see how they might similarly feel overwhelmed and buried given their limited resources and the abundance of threats to their environments. Yes, I’ve been in this industry too long! Anyway, throughout all of my conversations it was abundantly clear that people were looking for a new way to approach securing their networks and applications. Customers are recognizing that unsecured access to the network is a critical threat vector; however, when leveraged properly, the network itself also provides a significant platform that offers comprehensive protection to close those gaps. So, what do I mean by that?

The network uniformly sees and participates in everything across the threat continuum, whether before, during or after an attack. If we can leverage the insights and inherent control the network provides, IT organizations can truly augment their overall end-to-end security across this continuum. If done correctly, this augmentation can happen without investing a large amount of time, energy, and resources in filling all the gaps to secure their environments – regardless of legacy network, endpoint, mobile, virtual, or cloud usage models

Cisco strongly believes that the network must work intimately with various security technologies in a continuous fashion to offer protection for networks, endpoints, virtual, data centers and mobile.

The New Security Model

Given Cisco’s breadth and depth of security, we did not have room to exhibit our networking devices. However, within much of our networking (and even security) offerings, we have embedded security capabilities that provide more comprehensive protection across the entire threat continuum.

An example of this is Cisco TrustSec embedded network access enforcement, which provides network segmentation based on highly differentiated access policies. Cisco TrustSec works with Cisco ISE to provide consistent secure access that is mapped to IT business goals. Cisco ISE and TrustSec are part of the Cisco Unified Access solution and leverage a superior level of context and simplified policy management across the entire infrastructure in order to ensure that the right users and devices gain the right access to the right resources at any given time.

Cisco’s integrated approach to security reduces complexity, while providing unmatched visibility, continuous control and advanced threat protection, which, in turn, allows customers to prioritize more efficiently and act more quickly – before, during, and after an attack. Through Cisco’s New Security Model, we help you achieve a more pleasant experience and get you dug out of the sand. To learn more and go beyond just a shovel and pail, go to Cisco’s Security Page.

Tags: , , , , , , , ,