This is the fourth and final blog in a series of campus switching innovation blogs that share our recent switching launch news from Cisco Live London.
How many times have you heard that IT cannot take on as many new projects as they would like to because their resources are tied up to keep the house running? That IT could do much more to drive business growth only if they had more resources?
We announced a number of innovations at Cisco Live London earlier this month, including Cisco Catalyst SmartOperations – a suite of about a dozen tools that offer built-in intelligence on Cisco Catalyst switches for easing many challenges faced by network administrators in their day-to-day tasks. And because most of the tools are included in the base software image, they deliver productivity savings without adding cost!
Read More »
Tags: Access Switches, Auto Smartports, Catalyst SmartOperations, Catalyst Switches, Flexible NetFlow, Smart Install, tco, use cases
I’ve had some recent discussions with colleagues in the armed forces regarding cyber security and how they consider “cyber” to be the fourth warfighting domain along with land, air, and sea. They describe how cyber has its own terrain made up of computing resources. As I further thought through this concept I saw a striking resemblance between the network and air warfare. To elaborate on this thought I must first set the context around the concept of air supremacy.
There are probably many different variations of the definition of air supremacy but let’s just use “the degree of air superiority wherein the opposing air force is incapable of effective interference” for the purpose of this blog. I borrowed this definition from NATO. There are two key words in the definition, “degree” and “effective.” Prior to achieving supremacy one must first move from parity, through superiority to eventually supremacy. Air parity is the lowest degree in which a force can control the skies above friendly units. In other words, prevention of opposing air assets from overwhelming land, air, and sea units. Read More »
Tags: application visibility control, cyber security, cyber space, cybersecurity, cyberspace, Flexible NetFlow, IP SLA, malicious threats, netflow, network as a sensor, network superiority
For those of you that have been around the networking world for a while, NetFlow is far from a new technology. Cisco developed NetFlow years ago and it has become the industry standard for generating and collecting IP traffic information. NetFlow quickly found a home within network management providing valuable telemetry for overall network performance and management. Nine versions later NetFlow is growing in popularity not solely due to its value to network management but as a critical component of security operations. Over the past 12 months I have encountered more and more large enterprises that view NetFlow as one of their top tools for combating advanced threats within their perimeters.
The dynamic nature of the cyber threat landscape and growing level of sophistication and customization of attacks are requiring organizations to monitor their internal networks at a new level. IP flow monitoring (NetFlow) coupled with security focused NetFlow collectors like Lancope’s StealthWatch is helping organizations quickly identify questionable activity and anomalous behavior. The value that NetFlow provides is unsampled accounting of all network activity on an IP flow enabled interface. I bring up unsampled because of its importance from a security perspective. While flow sampling is a valid method for network management use cases sampling for the sake of security leaves too much in question. An analogy would be having two different people listen to the same song. One person gets the song played in its entirety, unsampled, and the other only hears the song in 30-second intervals. While neither may be musically inclined the person who had the advantage of listening to the song in its entirety would be able more accurately hum or sing back that song than the person that only heard 30 second snippets of the song. Furthermore the ability to identify that song during radio airplay would be in favor of the individual that was able to listen to the song in its entirety. This holds true for IP flow information when leveraging the information for detecting malicious or anomalous traffic. Some malicious code will only send a single packet back to a master node, which would most likely be missed, in a sampling scenario.
Further increasing the value of IP flow monitoring is Cisco’s recent release of Flexible NetFlow (FnF). FnF introduces two new concepts to flow monitoring. The first is the use of templates and the second expands the range of packet information that can be collected as well as monitor more deeply inside of a packet. This allows greater granularity in the information that is to be monitored as well a providing different collector sources for different sets of information. You can search for Flexible NetFlow on Cisco’s main website to get more technical details.
Are you using NetFlow for security operations? I welcome any feedback, good or bad regarding your experience and opinions on the value that IP flow information provides for detecting this ever-changing threat landscape.
Tags: Flexible NetFlow, Flow monitoring, netflow, security, unsampled
How do you take the most widely deployed modular switch in the industry, and make it better? With more than 650,000 chassis deployed, how do you protect your customers’ investments in their existing platform while offering a seamless path to deploy new components without forcing “fork-lift” upgrades?
On October 5th, Cisco announced a complete refresh of the Catalyst 4500 series platform, the most widely deployed modular platform in the industry, with new supervisor engine, line cards and operating system. We gave it 2.6x more bandwidth, and the highest PoEP port density of any access switch in the industry. Catalyst 4500E comes with an open and modular operating system, IOS XE that is capable of running 3rd party services. The new system is highly available with features such as sub 10 millisecond In Service Software Upgrades. Flexible NetFlow brings unprecedented application visibility. Catalyst 4500E ships with a single universal software image – one image for LAN Base, IP Base and Enterprise Services that is managed by software licensing application. Customers can also introduce new line cards without upgrading the OS. We designed Catalyst 4500E for the future while providing support for the past by making the new components compatible with existing chassis. In fact, Catalyst 4500 platform offers the longest investment protection of any modular access switch in the industry with more than 10 years of backward compatibility.
Read More »
Tags: Borderless Networks, Catalyst 4500 series platform, Cisco EnergyWise, Cisco TrustSec, Flexible NetFlow, IOS XE, medianet