In this 5th why I love big data blog series, I am joined by Jeff Aboud from Splunk to outline why big data security analytics is essential to today’s security challenges.
Jeff Aboud, Sr. Solutions Marketing Manager, Security Markets, Splunk Jeff Aboud has more than a dozen years in various areas of the security industry, spanning from the desktop to the cloud, including desktop AV, gateway hardware and software, encryption technologies, and how to securely embrace the Internet of Things. His primary focus today is to help business and security professionals understand how to visualize, analyze, and alert across a broad range of data sources in real time to maximize their security posture.
It’s no secret that advanced threats and malicious insiders present increasing security challenges to organizations of all sizes. Security professionals know that it’s not matter a question of if, but when an attack will successfully breach their network. Visibility is often what makes the difference between a breach and a major security incident, and enables proactive security posture throughout the attack continuum – before, during, and after the attack. It’s also essential to understand that the fingerprints of an advanced threat are often located in the “non-security” data, so the effective detection and investigation of these threats, before your data is stolen, requires security and non-security data.
So what does all this really mean, and how can you use it do dramatically improve your security posture?
You need to integrate and correlate the data from your firewalls, intrusion prevention, anti-malware, and other security-specific solutions along with your “non-security” data such as the logs and packet information from your servers, switches, and routers. This is no easy task with the large number of different security solutions present in most enterprise networks. But having all your data at your fingertips will help you improve your detection capabilities and automate the remediation of advanced threats.
But how can you do this, since Security Information and Event Management (SIEM) systems only look at traditional security sources? The partnership between Splunk and Cisco is the answer. Splunk is integrated across Cisco security platforms, as well as other places throughout the network including various Cisco switches, routers and Cisco Unified Computing Systems (UCS) to deliver broad visibility across your environment.
Together, Splunk and Cisco provide security and incident response teams the tools they need to quickly identify advanced threats, visualize them in real-time across potentially thousands of data sources, and take automated remediation action on Cisco firewalls and intrusion prevention systems. Read More »
Tags: #CLUS, @ciscoDC, BigData, IoE, IoT, security, Splunk
The Digital Economy and the Internet of Everything means everything is now connected. Digitization is fundamentally transforming how we conduct business. It creates new opportunities to develop services and engage with employees, partners, and customers. It’s important to understand that digitization is also an opportunity for the hacking community, presenting new services, information, data, devices, and network traffic as attack targets. To take full advantage of the digitization opportunity, security must be everywhere, embedded into and across the extended network – from the data center to the mobile endpoints and onto the factory floor.
Today, Cisco is announcing enhanced and embedded security solutions across the extended network and into the intelligent network infrastructure. These solutions extend security capabilities to more control points than ever before with Cisco FirePOWER, Cisco Cloud Web Security or Cisco Advanced Malware Protection. This is highlighted in Scott Harrell’s blog. We are also transforming the Cisco network into two roles: as a sensor and as an enforcer of security.
The role of the Network as a Sensor The network provides broad and deep visibility into network traffic flow patterns and rich threat intelligence information that allows more rapid identification of security threats. Cisco IOS NetFlow is at the heart of the network as a sensor, capturing comprehensive network flow data. You can think of NetFlow as analogous to the detail you get in your monthly cellular phone bill. It tells you who talked to whom, for every device and user, for how long, and what amount of data was transferred – it’s metadata for your network traffic.
Visibility to network traffic through NetFlow is critical for security, as it serves as a valuable tool to identify anomalous traffic on your network. Watching NetFlow, we gain an understanding of the baseline traffic on the network, and can alert on traffic that is out of the ordinary. The network is generating NetFlow data from across the enterprise network all the way down to the virtual machines in the data center. This gives us visibility across the entire network, from the furthest branch office down to the east-west traffic in the data center. Read More »
Tags: Cisco Advanced Malware Protection, Cisco Cloud Web Security, Cisco FirePOWER, Cisco Identity Services Engine, Cisco TrustSec, IoE, IOS Netflow, ISE, Lancope, network as a sensor, network as an enforcer
The digital economy and the Internet of Everything (IoE) are creating a host of new opportunities. With as many as 50 billion connected devices by 2020, this wave of digitization will spell new opportunities for organizations and governments and the consumers and citizens they serve.
Yet, the more things become connected, the more opportunities exist for malicious actors as well. We are now dealing with a new world where more and more devices are creating a broader and more diverse attack surface that can be exploited.
Attackers are becoming stealthier, better organized, collaborating extensively, and are well resourced. According to the Cisco 2015 Annual Security Report, malware is becoming increasingly sophisticated and elusive. Since 2009, we have seen a 66 percent compound annual growth rate of detected security incidents.
In order to respond faster to threats and achieve better outcomes requires a tightly integrated security architecture that is as pervasive as the devices and services we are protecting. For this reason, we believe that the most effective way to confront these challenges is to evolve to an approach that extends security everywhere – both embedded into the intelligent network infrastructure and pervasive across the extended network – from the service provider to the enterprise network infrastructure, data center, IoT, cloud and endpoint. This is essential to protect today’s wide array of attack vectors while positioning security to act as a growth engine to enable companies to seize new business opportunities.
Read More »
Tags: CLUS15, IoE, network, security
Today we are seeing a step change in the applications and data infrastructure. No longer do we rely only on large centralized repositories. Instead, hyper-distributed infrastructure is hosting apps and data at any location, resulting in a growing network of “centers of data.” These centers of data are small computing hubs used by people and processes within an organization. As ecosystem dependencies increase, businesses are not only dependent on these centers of data inside their organization, but also on those outside their organizations. This paradigm unites information from sources that had never been connected before to produce new insights, new processes across value chains, new contextual experiences and people engagement. Read More »
Tags: #CLUS, Cisco, CiscoLive 2015, connected analytics, digitization, Hari Harikrishnan, Internet of Everything, IoE
Cities, states, and other communities continue to face an increasing variety of challenges: traffic congestion, parking, public safety and security, waste and water management, and access to education and healthcare. As such, government leaders are looking to technology to solve these challenges, while also finding more efficient ways to provide better services, reduce the carbon footprint, and enhance livability.
Solutions enabled by the Internet of Everything (IoE), such as the Cisco Smart+Connected City Operations Center, can successfully enable communities to become digital and to address these challenges.
This means improved operating models to drive efficiency, safety, and better citizen experiences overall.
Read More »
Tags: #CLUS, cisco live, city, community, digital, government, Internet of Everything, IoE, state