Cisco Blogs


Cisco Blog > Partner

Cisco Partner Weekly Rewind – February 20, 2015

Partner-Weekly-Rewind-v2Each week, we’ll highlight the most important Cisco Partner Ecosystem news and stories, as well as point you to important, Cisco-related partner content you may have missed along the way. Here’s what you might have missed this week:

Off the Top

It was quite a busy week on the Partner Blog. Hopefully you had a chance to read Sherri Liebo’s blog on how digital marketing has transformed the traditional marketing landscape. If not, be sure to check it out and take a look back at her super heroes posts from 2014 and how those particular marketing team members can lead the way as digital marketing continues to shift how we all work.

As we are getting ever closer to this year’s Marketing Velocity event, this blog is a nice look at how all our marketing efforts tie together and what “digital” is doing to all of us.

Intelligent Cybersecurity

Raja Sundaram had some insight into cybersecurity and how it affects your customers. He looked at changing business models, dynamic threats, and complexity and fragmentation. Branching out from there he pointed out how Cisco is offering up the products you need for your customers to tackle these tough security situations. It’s a great overview on security. Read More »

Tags: , , , , , , , , , , , , , , , , , , , ,

OpenStack Podcast #19 Yuriy Brodskiy

Symantec’s Director of Cloud Platform Engineering, Yuriy Brodskiy, was a really interesting interview–not only because he was a very early adopter of OpenStack in his PayPal days, but also because he now works for one of the pioneers in software security. He gave us some surprising insights into how his company views open source in general and OpenStack in particular, as well as what they’re doing to make the cloud more secure. He also discussed:

  • How cloud changes the culture of an organization
  • How OpenStack changed perceptions of open source software
  • The upside (and downside) of rolling your own distro
  • The future of PaaS and containers
  • What Symantec is doing with OpenStack
  • What to consider in order to create a truly secure OpenStack environment

To see who we’re interviewing next, or to sign-up for the OpenStack Podcast, check out the show schedule! Interested in participating? Tweet us at @nextcast and @nikiacosta.

For a full transcript of the  interview, click read more below.

Read More »

Tags: , , , ,

No Such Thing as Implicit Trust

News has not been kind to US headquartered technology companies over the past year.  From an erosion of faith because of a company’s geographic location, to a series of high profile breaches that are calling into question trust in your IT systems. Technology providers and governments have a vital role to play in rebuilding trust.  And so do customers—who need to demand more from their technology providers.

In my recent trip to Europe, and speaking to some balanced, thoughtful, and concerned public officials, it got me thinking.  Why do we trust the products we use? Is it because they work as advertised? Is it because the brand name is one we implicitly believe in for any number of reasons? Is it because the product was tested and passed the tests? Is it because everyone else is using it so it must be okay? Is it because when something goes wrong, the company that produced it fixes it? Is it because we asked how it was built, where it was built, and have proof?

That last question is the largest ingredient in product and service acquisition today, and that just has to change. Our customers are counting on us to do the right thing, and now we’re counting on them. It’s time for a market transition: where customers demand secure development lifecycles, testing, proof, a published remediation process, investment in product resilience, supply chain security, transparency, and ultimately – verifiable trustworthiness.

We saw some of this coming, and these are some of the principles I hear customers mention when they talk about what makes a trustworthy company and business partner. Starting in 2007, with a surge that began in 2009, we’ve systematically built these elements into our corporate strategy, very quietly, and now we want the dialogue to start.

I’m challenging customers to take the next step and require IT vendors to practice a secure development lifecycle, have a supply chain security program, and a public, verifiable vulnerability handling process.

I recently recorded the video blog above discussing what it means to be a trustworthy company.  I hope you will share your thoughts and experiences in the comment section.

Tags: , , , ,

Cisco PSIRT – Notice about public exploitation of the Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability

Cisco PSIRT is aware of public exploitation of the Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability identified by Cisco bug ID CSCup36829 (registered customers only) and CVE ID CVE-2014-3393. This vulnerability was disclosed on the 8th of October 2014 in the Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software.

All customers that have customizations applied to their Clientless SSL VPN portal and regardless of the Cisco ASA Software release in use should review the security advisory and this blog post for additional remediation actions.

NOTE: The Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software should be used as the Single Source of Truth (SSoT) for all details of this vulnerability and for any revisions of information going forward. Read More »

Tags: , , , ,

Equation Coverage

Cisco Talos is aware of the public discourse surrounding the malware family dubbed “The Equation Family”. As of February 17th the following rules (33543 – 33546 MALWARE-CNC Win.Trojan.Equation) were released to detect the Equation Family traffic. These rules may be found in the Cisco FireSIGHT Management Console (Defense Center), or in the Subscriber Ruleset on Snort.org. Talos security researchers have also added the associated IPs, Domains, URLs, and hashes to all Cisco security devices to provide immediate protection across the network. Talos will continue to monitor public information as well as continue to independently research to provide coverage to this malware family.

coveragetable
Advanced Malware Protection (AMP) is ideally suited to prevent the execution of the malware used by these threat actors.

CWS or WSA web scanning prevents access to malicious websites and detects malware used in these attacks.

The Network Security protection of IPS and NGFW have up-to-date signatures to detect malicious network activity by threat actors.

While email has not been observed as an attack vector, ESA is capable of blocking the malware used in this campaign.

Tags: , , , , , ,