Cisco Blogs


Cisco Blog > Enterprise Networks

Three Deciding Factors To Reach A New Digital World

October 20, 2014 at 3:21 pm PST

In a Technology Vision 2014 report, consulting firm Accenture discussed major trends that drive a dramatic transformation for every business to enter a digital world. As they described, the excitement is to change from being “digitally disrupted” today to “digital disrupters” tomorrow. The huge opportunity is for businesses position themselves as leaders in this new world.

Many forces are at work in the journey of this remarkable transition. Among them, three dominant factors will play a vital role to determine whether this digital transformation will be successful: an intelligent information edge, IT simplicity and cybersecurity.

dino pic 1 blog

At the edge of the new digital world, intelligent and real-time technologies allow people to act and react faster to achievebetter experience and outcome. While mobile device explosion serves as a clear indicator of this rapid transition, greater potential lies ahead to fully utilize the power of mobility, analytics, cloud computing and other new technologies. For a preview of what is possible, check out how Fernbank Natural History Museum integrates 3G/4G and Wi-Fi seamlessly. The outcome is an dynamic application that brings an immersive and interactive experience to the visitors, instead of forcing them to find the information.

Technical complexity arises, as more and more applications, systems and infrastructure are added together over time.  Cisco Global IT Impact Survey in 2013 found that nearly three out of four IT participants (71 percent) were deploying more applications than a year ago. Without IT simplicity, IT departments will be rapidly consumed by day-to-day fire drills. They will lose their ability to innovate and their relevance to the business.

Read More »

Tags: , , , , , , ,

#NCSAM: Cisco’s Cyber Security Story

As National Cyber Security Awareness Month (NCSAM) arrives, now is a good time to look at the rapid expansion of information growth. We believe that cyber security centers around an important question that all who serve, protect and educate should consider – if you knew you were going to be compromised, would you prepare security differently?

It’s no longer a matter of “if” an outside party will infiltrate a system, but “when.” We read about new threats in the news every day, and it’s important to consider innovation when it comes to protecting our most precious assets and information.

We look at preparedness from three angles: what it takes to manage security before an attack, how to react during a breach and what to do in the aftermath. Security professionals need to evolve their strategy from a point-in-time approach to a continuous model that addresses the full continuum.

The Cisco approach is visibility-driven, threat-focused and platform-based. By performing live policy and attack demonstrations, organizations can help to ensure that they are prepared for what may come across multiple platforms. Read More »

Tags: , , , ,

Drop the IT-Centric Mindset: Securing IoT Networks Requires New Thinking

October 8, 2014 at 5:00 am PST

The Internet of Things (IoT) has become a popular topic of discussion amongst security company executives, analysts, and other industry pundits. But when they begin discussing the technical details, it quickly becomes evident that many of the most experienced security professionals still approach IoT with an IT-centric mindset. That’s because they believe IoT is mostly about the billions of new connected objects. While the dramatic increase in the number and types of connected objects certainly expands the attack surface and dramatically increases the diversity of threats, they’re only part of the IoT security challenge. In addition, the convergence of the organization’s existing IT network with the operational technology (OT) network (e.g., manufacturing floors, energy grids, transportation systems, and other industrial control systems) expands the depth of security challenges and makes threat remediation remarkably more complex.

While IT and OT were once separate networks, they’re now simply different environments within a single extended network ‒ but by no means are they the same! The architectures, operational needs, platforms, and protocols are vastly different for each of them, which drive radically different security needs for each of them. As a result, security architectures, solutions, and policies that have proven effective for years in the IT world often don’t apply in OT environments, so attempting to enforce consistent security policies across the extended network is doomed for failure.

Protecting data confidentiality is IT’s primary concern, so when faced with a threat, their immediate response is to quarantine or shut down the affected system. But OT runs critical, 24x7 processes, so data availability is their primary concern. Shutting down these processes can cost the organization millions of dollars, so the cost of remediation may be greater than simply dealing with the aftermath of an infection. In addition, because OT is a human-based operation in what can be dangerous working conditions, their focus is on the safety of their operation as well as their employees. As a result of these main differences, the two groups approach security in completely different ways. While IT uses a variety of cybersecurity controls to defend the network against attack and to protect data confidentiality, OT views security more in terms of secure physical access, as well as operational and personnel safety.

Securing IoT networks must go beyond today’s thinking. Rather than focusing on the individual security devices, they need to be networked, so that they can work together to produce comprehensive, actionable security intelligence.  By combining numerous systems, including cyber and physical security solutions, IoT-enabled security can improve employee safety and protect the entire system from the outside, as well as the inside. As a best practice, IT should maintain centralized management over the entire security solution, but with a high level of understanding of the specific needs of OT. Based on that understanding, they need to enforce differentiated security policies to meet those specific needs, and provide localized control over critical OT systems.

At the end of the day, IT and OT need to work together for the common good of the entire IoT implementation – thereby driving truly pervasive, customized security across the extended network.

Want to learn about the part Big Data plays in your overall security plan, and how Cisco can help organizations deliver the security they need to succeed in the IoT and IoE eras? Join us for a webcast at 9 AM Pacific time on October 21st entitled ‘Unlock Your Competitive Edge with Cisco Big Data and Analytics Solutions.’ #UnlockBigData

Tags: , , , , , , , , ,

October is Cybersecurity Awareness Month: Marking the 11th Annual #NCSAM

NCSAM banner 96x70October 1st marks the beginning of the 11th annual Cyber Security Awareness Month (NCSAM), sponsored by the U.S. Department of Homeland Security. Throughout the month the Department of Homeland Security and other government agencies will be hosting various events throughout the country to discuss new cybersecurity issues, our cybersecurity infrastructure and our ability to prevent and mitigate national cyber threats.

NCSAM is not just about cybersecurity practices for the government but also to educate adults and children about online safety. It is our shared responsibility to ensure we are safe online whether at home, at work or at school. I encourage everyone to check out The National Cyber Security Alliance’s valuable resources available at www.staysafeonline.org. Read More »

Tags: , , , , ,

Security Must Mature to Protect Against Threats

As we discuss in the Cisco Midyear Security Report, cybersecurity is becoming more of a strategic risk for today’s businesses, creating a growing focus on achieving “security operations maturity.” That’s why Cisco has developed the Security Operations Maturity Model – to help organizations understand how security operations, technologies, and products must evolve to keep up with the pace of change in their environments and increasingly sophisticated attacks. The model plots a journey along a scale of controls that moves from static to human intervention to semi-automatic to dynamic and, ultimately, predictive controls.

Every day I see evidence of why we need to evolve our security capabilities. A perfect example is the Kyle and Stan malicious advertising attack that our Talos Security Intelligence and Research Group discovered and continues to analyze. Ongoing research now reveals that the attack is nine times larger than initially believed and began more than two years ago. The expansiveness and extended period of the campaign reflects the ability of this attack to continuously morph, move quickly, and erase its tracks leaving nearly indiscernible indicators of compromise. To effectively detect and protect against attacks like this, organizations need dynamic controls that see more, learn more, and adapt quickly. Relying exclusively on static controls and human intervention puts defenders at a significant disadvantage and allows attacks to run rampant.

Read More »

Tags: , ,