Cisco Blogs

Cisco Blog > Security

RSA 2014 Live Broadcast – Recap

Last week at RSA 2014, Chris Young and I joined a Live Social Broadcast from the Cisco Booth to discuss our announcements of Open Source Application Detection and Control and Advanced Malware Protection, as well as to answer questions from you, our partners and customers, about the trends, the challenges, the opportunities we’ve seen in the security industry this year.

Below is a link to view the recording of the broadcast. If you have any questions that didn’t get answered, please leave them in the comments, and Chris or I will get back to you.

Tags: , , ,

Cisco Announces OpenAppID – the Next Open Source ‘Game Changer’ in Cybersecurity

One of the big lessons I learned during the early days, when I was first creating Snort®, was that the open source model was an incredibly strong way to build great software and attack difficult problems in a way that the user community rallied around. I still see this as one of the chief strengths of the open source development model and why it will be with us for the foreseeable future.

As most every security professional knows, cloud applications are one of the most prevalent attack vectors exploited by hackers and some of the most challenging to protect. There are more than 1,000 new cloud-delivered applications per year, and IT is dependent on vendors to create new visibility and threat detection tools and keep up with the accelerating pace of change. The problem is that vendors can’t always move fast enough and IT can’t afford to wait. Countless custom applications pile on even more complexity.

So today, Cisco is announcing OpenAppID, an open, application-focused detection language and processing module for Snort that enables users to create, share, and implement application detection. OpenAppID puts control in the hands of users, allowing them to control application usage in their network environments and eliminating the risk that comes with waiting for vendors to issue updates. Practically speaking, we’re making it possible for people to build their own open source Next-Generation Firewalls.

Read More »

Tags: , , , , ,

Open Daylight Shines in Impressive Debut

First Open Daylight Summit took place exactly one year since we’ve started the project, to the day! Ah, those memories of having to stay quietly patient, from our first meeting, February 4th, 2013, and longer… in hindsight, talking about it after the code actually started to flow was more appropriate, the 2013 Spring Equinox, as it should. The Open Daylight community has shown that code is the coin of the realm, as it should. To walk that talk, a million lines of code are flowing now and for a project with partners and committers as diverse as this, one cannot do that unless there is a strong tie that binds, the commitment that the best multi protocol controller will be open source: as Linux achieved that status in the OS world, OpenDaylight has a bright opportunity to do so in the network world. As for the bad news, there aren’t any: yes, we would like to see ourselves talk more about use, before we talk about our size, but for a one year old, I think we should be patient.

The outstanding news for this young project is the community diversity, energy and commitment: it brings the best protocol (SB) guys in the world with the best scientists and network (NB) developers in the world in a focused, collaborative, engaged community. Remember, in open source, community trumps code, which side by side with its project sovereignty, is nothing but a formula for success. That is what sets Open Daylight apart, and as long as we take care of those two things, it will be fine. As I said last week during the event, particularly good to see Google, Intel, Ericsson, Microsoft, Cisco, IBM, RedHat and others doing their presentations celebrating this event. I am proud of these guys, how they lead the way for any other Open Source project interested in leveraging the network (be it Open Stack, Open Compute Project, or others), Linux Foundation and Open Daylight is the best way to stay ahead, to stay engaged: if you are interesting in networking and open source, there is no other better place than this.

Diverse contributors in Open DaylightDiverse contributors in Open Daylight 

Tags: , , , , , , , , , ,

OpenDaylight Unleashes Hydrogen to the Masses

The OpenDaylight Project today announced that its first open source software release Hydrogen is now available for download. As the first simultaneous code release cross-community it has contributions across fifty organizations and includes over one million lines of code. Yes. ODL > 1MLOC. For those of you interested that’s approximately two hundred and thirty man-years of work completed in less than twelve months.

It was around this time last year that the media started to pick up on a few rumors that something may be in the works with software-defined networking and controllers. I remember our first meeting at Citrix where the community started to collaborate on The OpenDaylight Project and come to common ground on how to start something this large. We had multiple companies and academics in the room and many ideas of where we wanted this project to go but there was one thing we had in common: the belief and vision to drive networking software innovation to the Internet in a new way and accelerate SDN in the open; transparently and with diverse community support. Each of us had notions of what we could bring to the table, from controller offerings to virtualization solutions, SDN protocol plugins and apps to solve IT problems. Over two days at Citrix we looked at things from a customer perspective, a developer perspective and ultimately and arguably the most important, a community perspective. From there The OpenDaylight Project emerged under the Linux Foundation. As I look back I want to applaud and thank the companies, partners, developers, community members and the Linux Foundation for driving such a large vision from concept to reality in less than twelve months, which is an incredible feat in itself.

Hydrogen is truly a community release. Use cases span across enterprise, service provider, academia, data center, transport and NfV. There are multiple southbound protocols abstracted to a common northbound API for cross-vendor integration and interoperability and three editions have been created to ensure multi-domain support and application delivery as well as deployment modularity and flexibility for different domain-specific configurations. These packages have a consistent environment yet are tailored to domain and role-based needs of network engineers, developers and operators.

  • The Base Edition, which includes a scalable and multi-vendor SDN protocol based on OSGi, the latest (and backward compatible) OpenFlow 1.3 Plugin and Protocol Library, OVSDB, NetConf/Yang model driver SDN and Java-based YANG tooling for model-driven development.
  • The Virtualization Edition (which includes the Base Edition) and adds Affinity Metadata Service (essentially APIs to express workload relationships and service levels), Defense4All (DDoS detection & mitigation), Open DOVE, VTN, OpenStack Neutron NorthBound API support and a virtual tenant network offering.
  • The Service Provider Edition (again, including the Base Edition) that also offers the Metadata Services and Defense4All but includes BGP-LS and PCEP, LISP Flow Mapping and SNMP4SDN to manage routers, gateways switches.

More information can be found on the website with regards to the releases and projects themselves.

I want to stress the importance of how well the vision has been delivered to date. I’ve been involved in multiple standards-bodies and in open source discussions in the past but this is truly one of the largest undertakings I’ve seen come together in my entire career. OpenDaylight developers have been coding day and night to get this release out the door and it’s amazing to see the collaboration and coherency of the team as we unite to deliver on the industry’s first cross-vendor SDN and NfV Platform. In addition and frequently not mentioned is that many of the protocols listed in the Editions above are also standardized at organizations like the IETF during the same period. Code and specs at the same time. It’s been a long time since rough consensus and running code has been the norm.

Over here at Cisco we’re fully committed to OpenDaylight. We’re currently using it as a core component in our WAN Orchestration offering for service providers to allow intelligent network placement and automated capacity and workload planning. The ACI team (formerly Insieme) collaborated with IBM, Midokura and Plexxi to create a project in OpenDaylight that creates a northbound API that can set policy and be used across a wide range of network devices. And of course we’re bringing components of the OpenDaylight codebase into our own controllers and ensuring application portability for customers, partners and developers alike. From this I would expect to see more code donations going into the community moving forward as well. We made several announcements last week about our campus/branch controller that includes OpenDaylight technology.

At the end of the day an open source project is only as strong as its developers, its community and its code. As we as a community move forward with OpenDaylight I expect it to become stronger with more members joining with new project proposals as new code contributors coming onboard from different industries as well. As I look at our roadmap and upcoming release schedule I’m pumped for what’s next and so happy the community has catalyzed a developer community around networking.

Please do visit the site, download the code and take Hydrogen for a test-drive. We want to hear feedback on what we can make better, what features to add or how you’re going to utilize it. Moreover, we’d love you to participate. It’s a kick-ass community and I think you’ll have fun and the best part; you’ll see your hard work unleashed on the Internet and across multiple communities too.

Tags: , , , , , , , , , , , , , , , , , , ,

Back to the Future: Do Androids Dream of Electric Sheep?

As information consumers that depend so much on the Network or Cloud, we sometimes indulge in thinking what will happen when we really begin to feel the effects of Moore’s Law and Nielsen’s Law combined, at the edges: the amount of data and our ability to consume it (let alone stream it to the edge), is simply too much for our mind to process. We have already begun to experience this today: how much information can you consume on a daily basis from the collective of your so-called “smart” devices, your social networks or other networked services, and how much more data is left behind. Same for machines to machine: a jet engine produces terabytes of data about its performance in just a few minutes, it would be impossible to send this data to some remote computer or network and act on the engine locally.  We already know Big Data is not just growing, it is exploding!

The conclusion is simple: one day we will no longer be able to cope, unless the information is consumed differently, locally. Our brain may no longer be enough, we hope to get help, Artificial Intelligence comes to the rescue, M2M takes off, but the new system must be highly decentralized in order to stay robust, or else it will crash like some kind of dystopian event from H2G2. Is it any wonder that even today, a large portion if not the majority of the world Internet traffic is in fact already P2P and the majority of the world software downloaded is Open Source P2P? Just think of BitCoin and how it captures the imagination of the best or bravest developers and investors (and how ridiculous one of those categories could be, not realizing its potential current flaw, to the supreme delight of its developers, who will undoubtedly develop the fix — but that’s the subject of another blog).

Consequently, centralized high bandwidth style compute will break down at the bleeding edge, the cloud as we know it won’t scale and a new form of computing emerges: fog computing as a direct consequence of Moore’s and Nielsen’s Laws combined. Fighting this trend equates to fighting the laws of physics, I don’t think I can say it simpler than that.

Thus the compute model has already begun to shift: we will want our Big Data, analyzed, visualized, private, secure, ready when we are, and finally we begin to realize how vital it has become: can you live without your network, data, connection, friends or social network for more than a few minutes? Hours? Days? And when you rejoin it, how does it feel? And if you can’t, are you convinced that one day you must be in control of your own persona, your personal data, or else? Granted, while we shouldn’t worry too much about a Blade Runner dystopia or the H2G2 Krikkit story in Life, the Universe of Everything, there are some interesting things one could be doing, and more than just asking, as Philip K Dick once did, do androids dream of electric sheep?

To enable this new beginning, we started in Open Source, looking to incubate a project or two, first one in Eclipse M2M, among a dozen-or-so dots we’d like to connect in the days and months to come, we call it krikkit. The possibilities afforded by this new compute model are endless. One of those could be the ability to put us back in control of our own local and personal data, not some central place, service or bot currently sold as a matter of convenience, fashion or scale. I hope with the release of these new projects, we will begin to solve that together. What better way to collaborate, than open? Perhaps this is what the Internet of Everything and data in motion should be about.

Tags: , , , , , , , , , , , , , , , , , , , , , ,