Cisco Blogs


Cisco Blog > Cisco Interaction Network

IPS in the Data Center Workshop

November 14, 2012 at 12:12 pm PST

I pulled some workshop hosting duty trying to fill Jimmy Ray’s big orange shoes this morning. The subject is a great one -- Intrusion Prevention in the Data Center with an incredibly sharp engineer, Stijn Vanveerdeghem.  Stijn is one of those crazy smart security guys down in Austin, TX as he works with a bunch of old friends from the team of IDS experts we have there.

So much emphasis on the data center these days for obvious reasons and it makes sense that anytime we consolidate something valuable -- there is going to be an increase in creativity for how to get to it when your not supposed to.

We do these workshops as part of our TechWiseTV shows for their interactivity and the difference in the depth we can achieve.  A number of references were made as to other resources, shows we have done as well as published papers and studies.  I have included all the links we brought up below.

If you missed Stijn’s presentation or would like to go back and take better notes -- you can get to it at the same link you used to originally register OR I also highly recommend you bookmark ciscoworkshops.com

 

TechWiseTV Episodes referenced:

TWTV120 -- Defending the Data Center

Couple of notable segments within this show worth looking at here:

Clustering Technology with the 5585X

IPS 4500 Series

Episode 15, Firewall Reinvention with the ASA CX, is a good show throughout -- only one segment I will call out as a favorite however, a Master Class Jimmy Ray did on ‘Forensic Analysis.’ The differences between network device versus traditional computer forensics and network forensics best practices, why routers and firewalls aren’t the smoking gun, and how the Cisco Router Analysis Tool can help with your networking.

Fundamentals of IPS

Fundamentals of High End Firewalls

Couple of good pointers Scott Simkin lays out in his support of our workshop today -- thank you Scott.

The 2012 Verizon Data Breach Report (pdf)

Performance of the Cisco IPS 4300 and 4500 (Whitepaper, .PDF)

Global Correlation on Cisco IPS Sensors (Whitepaper, PDF)

IPS Tech Tips – Protecting Industrial Environments:

Cisco IPS Go page: http://cisco.com/go/ips

Thanks for watching!

Robb

@robbboyd

 

 

 

Tags: , , ,

What is a Zero-day Vulnerability?

We often hear about a dramatic class of vulnerabilities referred to as “zero-days” or “0 days,” “0-days,” or “0days” which can be pronounced as “zero days” or “oh days.” I have seen a number of email threads and blog posts lately that seem to refer to vulnerabilities in this class in varying and vastly different ways. This caused me to ask myself: what exactly is a zero-day vulnerability?

Emotion around zero-days can be high. This is predominantly because vulnerabilities with this label are perceived to be of greater impact and urgency. That is often correct and fair. However, there is at least one other reason for heightened energy around these issues: many teams and organizations have special service level agreements or informal expectations levied upon them in “outbreak” or “zero-day” scenarios. Imprecise use of the zero-day label can mix with these expectations to needlessly increase the urgency—and corresponding organizational disruption—of a vulnerability in these situations.

So what are the critical characteristics that set apart a zero-day from another, seemingly important and urgent vulnerability? In my opinion there are three characteristics that have garnered these vulnerabilities the urgency they hold; and if any one of these is not present the vulnerability it is not a zero-day.

Read More »

Tags:

Ask the Data Center Security Expert Series: Your invitation to participate!

I am pleased to be kicking off this Ask the Data Center Security Expert series at Cisco. This series is aimed at security professionals, partners, data center teams, and IT business decision makers and will address key security issues around virtualization, cloud and anticipated issues associated with trends such as the Software Defined Data Center. The series will take the form of blogs, videos, NetSec chats, and webinar panels. I have an array of expertise lined up ranging from key reseller and technology ecosystem partners, industry leaders and luminaries and internal Cisco experts. Stay tuned for the first in this series coming to you next week out of Singapore.

To get started, a little about me -- I was very excited to commence a data center and security solutions marketing role at Cisco 3 weeks ago.  I have over 12 years experience developing holistic security solutions and have been focused on data center and cloud for the last 3 years.  I currently chair the Cloud Security Alliance Cloud Controls (CCM), an industry effort dedicated to harmonizing regulatory controls for decreased compliance complexity and also have been bridging efforts with other industry associations such as the Open Data Center Alliance. Read More »

Tags: , , , , , , ,

Cisco CIO Summit 2012: Starting with the customer, and ending with IT in mind

We’ve all heard the sayings “put the customer first” and “the customer is always right.”  According to Forrester Research, the days of manufacturing, distribution, and information being the primary ways successful companies dominate their industries are gone, and the new “age of the customer” is here. Newly empowered, informed, and demanding buyers are radically redefining the conversations, strategies, and planning of top IT leaders around the world. This year at the CIO Summit hosted by Cisco, I had the privilege to engage with seventy-eight Chief Information Officers from large enterprises and organizations who shared similar sentiments. 

Read More »

Tags: , , , , , ,

Bring Your Own Margarita (I Mean Device) – Architectures, Design, and Operation

November 1, 2012 at 10:51 am PST

Mobility allows the expansion of Information Technology (IT) resources and application availability at anytime, anywhere, and in any possible way. Historically, many thought that “the movement” of bring your own device (BYOD) was simply a marketing tactic. However, BYOD is definitely a reality that has become crucial when trying to improve efficiency in the workplace.

Every single day a new mobile gadget is released to the market (for example, tablets, mobile phones, and many other mobile systems) and we all live in a connected world 24 hours a day 7 days a week. All these devices and social applications are introducing many security risks for enterprises and public sector organizations. These risks include threats of data theft, not only with very sophisticated attacks, but also with incidents as simple as just stealing mobile devices. Many of these devices can contain private and corporate information.

The question now is, how can we provide the benefits of  improving user productivity and flexibility without compromising network security? The Cisco AnyConnect Secure Mobility client and the Cisco ASA 5500 Adaptive Security Appliances allow users to connect to their corporate network from any device based on comprehensive secure access policies. The Cisco AnyConnect Secure Mobility Client can work in conjunction with the Cisco IronPort Web security appliances and provides integration with ScanSafe.

Read More »

Tags: , , , , , ,