Each week, we’ll highlight the most important Cisco Partner Ecosystem news and stories, as well as point you to important, Cisco-related partner content you may have missed along the way. Here’s what you might have missed this week:
Off the Top
It was quite a busy week on the Partner Blog. Hopefully you had a chance to read Sherri Liebo’s blog on how digital marketing has transformed the traditional marketing landscape. If not, be sure to check it out and take a look back at her super heroes posts from 2014 and how those particular marketing team members can lead the way as digital marketing continues to shift how we all work.
As we are getting ever closer to this year’s Marketing Velocity event, this blog is a nice look at how all our marketing efforts tie together and what “digital” is doing to all of us.
Raja Sundaram had some insight into cybersecurity and how it affects your customers. He looked at changing business models, dynamic threats, and complexity and fragmentation. Branching out from there he pointed out how Cisco is offering up the products you need for your customers to tackle these tough security situations. It’s a great overview on security. Read More »
Symantec’s Director of Cloud Platform Engineering, Yuriy Brodskiy, was a really interesting interview–not only because he was a very early adopter of OpenStack in his PayPal days, but also because he now works for one of the pioneers in software security. He gave us some surprising insights into how his company views open source in general and OpenStack in particular, as well as what they’re doing to make the cloud more secure. He also discussed:
How cloud changes the culture of an organization
How OpenStack changed perceptions of open source software
The upside (and downside) of rolling your own distro
The future of PaaS and containers
What Symantec is doing with OpenStack
What to consider in order to create a truly secure OpenStack environment
News has not been kind to US headquartered technology companies over the past year. From an erosion of faith because of a company’s geographic location, to a series of high profile breaches that are calling into question trust in your IT systems. Technology providers and governments have a vital role to play in rebuilding trust. And so do customers—who need to demand more from their technology providers.
In my recent trip to Europe, and speaking to some balanced, thoughtful, and concerned public officials, it got me thinking. Why do we trust the products we use? Is it because they work as advertised? Is it because the brand name is one we implicitly believe in for any number of reasons? Is it because the product was tested and passed the tests? Is it because everyone else is using it so it must be okay? Is it because when something goes wrong, the company that produced it fixes it? Is it because we asked how it was built, where it was built, and have proof?
That last question is the largest ingredient in product and service acquisition today, and that just has to change. Our customers are counting on us to do the right thing, and now we’re counting on them. It’s time for a market transition: where customers demand secure development lifecycles, testing, proof, a published remediation process, investment in product resilience, supply chain security, transparency, and ultimately – verifiable trustworthiness.
We saw some of this coming, and these are some of the principles I hear customers mention when they talk about what makes a trustworthy company and business partner. Starting in 2007, with a surge that began in 2009, we’ve systematically built these elements into our corporate strategy, very quietly, and now we want the dialogue to start.
I’m challenging customers to take the next step and require IT vendors to practice a secure development lifecycle, have a supply chain security program, and a public, verifiable vulnerability handling process.
I recently recorded the video blog above discussing what it means to be a trustworthy company. I hope you will share your thoughts and experiences in the comment section.
All customers that have customizations applied to their Clientless SSL VPN portal and regardless of the Cisco ASA Software release in use should review the security advisory and this blog post for additional remediation actions.
Cisco Talos is aware of the public discourse surrounding the malware family dubbed “The Equation Family”. As of February 17th the following rules (33543 – 33546 MALWARE-CNC Win.Trojan.Equation) were released to detect the Equation Family traffic. These rules may be found in the Cisco FireSIGHT Management Console (Defense Center), or in the Subscriber Ruleset on Snort.org. Talos security researchers have also added the associated IPs, Domains, URLs, and hashes to all Cisco security devices to provide immediate protection across the network. Talos will continue to monitor public information as well as continue to independently research to provide coverage to this malware family.
Advanced Malware Protection (AMP) is ideally suited to prevent the execution of the malware used by these threat actors.
CWS or WSA web scanning prevents access to malicious websites and detects malware used in these attacks.
The Network Security protection of IPS and NGFW have up-to-date signatures to detect malicious network activity by threat actors.
While email has not been observed as an attack vector, ESA is capable of blocking the malware used in this campaign.