Do you have an iPhone, Android, Samsung , or any other mobile phone? Not surprising since there will be 15 billion networked devices by 20151. With employees (yes, even IT themselves) bringing their mobile phones to work, businesses are seeing at least a doubling of mobile devices per employee; from laptop-only to laptop + mobile phone (+ tablet)2.
The IT department is faced with an increased burden on their existing wireless network, while securing email access from any platform and simultaneously ensuring an optimal, reliable user mobile experience. Offering a reliable, consistent user mobile experience used to be a luxury ask; today, it impacts employee productivity. Mobile employee productivity can range from wireless laptop access from conference rooms to roaming the within the building accessing corporate email from any mobile device. This is true for me (working at a large enterprise) and my husband (working at a medium-sized business).
As part of CSIRT’s mobile monitoring offering for special events, we undertook monitoring of the corporate and customer traffic of the Cisco House at the London 2012 Olympics. This engagement presents us with an excellent opportunity to showcase Cisco technology, while keeping a close watch on potential network security threats. CSIRT monitoring for this event will be active for the entire life-span of the Cisco House, from two months before the Olympics, until two months after.
For the London 2012 engagement, we shipped our gear in a 14RU military-grade rack that is containerized: made for shipping. Inside the mobile monitoring rack we have an assortment of Cisco kit and third-party kit that mirrors the monitoring we do internally:
Catalyst 3750 to fan out traffic to all the other devices
FireEye for advanced malware detection
Two Cisco IronPort WSA devices for web traffic filtering based on reputation
Cisco UCS box where we run multiple VMs
Lancope StealthWatch collector for NetFlow data
and a Cisco 4255 IDS for intrusion detection
We mirror the signatures that we have deployed internally at Cisco out to these remote locations. Depending on the environment where the mobile monitoring rack is deployed, we may also do some custom tuning. The kit in the mobile monitoring rack can do intrusion detection, advanced malware detection, and collect and parse NetFlow and log data for investigation purposes. The Cisco UCS rack server also helps us have several VMs, allowing us to run multiple tools that complement the other devices in the rack. For example, we run a Splunk instance on a VM to collect the logs generated by all the services. The data from the gear in the mobile monitoring rack is analyzed by our team of analysts and investigators, to eliminate false positives, conduct mitigation and remediation, and finally produce an incident report if required.
Today, while we have seen that there is plenty of meat in Borderless Networks in the office, Borderless Networks has plenty of meat on the road as well. Bob, our enterprise worker, travels a lot, doing tradeshows and customer visits and dispensing Kool-Aid of various types. When he knows he is going to have to do some heavy lifting with PowerPoint he is sure to take a laptop running AnyConnect, a secure VPN client that works with the Cisco ASA firewall back at HQ to give secure, encrypted remote access. Even if he is in a coffee shop using public Wi-Fi, he knows that his data is safe because everything is going back through that encrypted tunnel. But it is more than just connectivity that we are talking about here because traffic goes through a Cisco Ironport web security appliance, filtering spyware, trojans and the like. And, just like when he is in the office, TrustSec ensures that he has access to what he needs and can’t touch the things he doesn’t. Security is deeply integrated into the network itself, not just an afterthought or add-on appliance.