Cisco Blogs


Cisco Blog > Data Center and Cloud

Paradise Just Got a Little Better

When you think of the Caribbean, you may think vacation. But for Curaçao Technology Exchange (CTEX), business thrives in paradise.

Curaçao is growing in importance in the international finance and commerce industry, which is why the island needed the ability to support booming business. Built in a carefully planned location, CTEX chose the island of Curaçao to house the Caribbean’s first—and only—tier IV data center.

The lack of technology in the area has been a hindrance to business. Building this new, top-of-the-line data center will enable world-class collocation, security management, archival, disaster recovery, and managed services—allowing customers to rely on CTEX for high-end IT services in ways previously unattainable in the region.

“The location, connectivity, and laws make Curaçao one of the safest locations in the world to house critical information assets.”

 – Anthony DeLima, Chairman and CEO, CTEX

 Learn more about how Cisco is help CTEX provide bigger and better IT services from the article featured in Unleashing IT: World-class technology services in paradise.

 

Tags: , , , , ,

With the Right Security Policy, BYOD Doesn’t Have to Be a Scary Thing

According the recent report by Cisco’s IBSG Group, the Financial Impact of BYOD, letting employees bring their own devices saves companies money and helps them become more productive. 53 percent of survey participants have raised work productivity through innovative work practices—powered by their devices. Nearly half of all participants preferred BYOD over corporate devices.

The freedom and productivity gains of BYOD are great for employees, but it also creates new priorities for IT—especially for security.  According to the BYOD and Mobility Security Report, security was a top concern for 70 percent of companies surveyed.

Just because employees are working on different devices doesn’t mean IT has to sacrifice security. The first step is in looking beyond the devices and putting together a mobility strategy. Cisco’s own mobility strategy is built around the network, not individual devices. It’s about viewing security as a way to allow individuals to work their way. Read More »

Tags: , , , , , ,

Plesk 0-Day Targets Web Servers

June 5, 2013 at 1:24 pm PST

Update 6/6/2013:

We’re seeing reports of exploitation of this vulnerability. We can confirm Global Correlation - Network Participation telemetry is seeing multiple exploitation attempts across many customers. Customers who participate in Global Correlation -- Inspection have a higher chance of this signature blocking in the default configuration since the sensor will take the reputation of an attacker into account during the risk rating evaluation. One of the reports mentioned the use of an IRC-based botnet as a payload for a large number of compromised machines. Since this report is similar to one I previously blogged about, I examined the IRC payloads in depth. Many of the variable names and functions are identical, with the new bot’s source code indicating that it is a later revision of the one we saw previously. Additional features have been added in this revision, which can allow the bots to transfer files directly to other bots via the command and control channel. Given the nature of this vulnerability and the ease of exploitation, it is very likely that unpatched machines will continue to be compromised if not remediated.

A 0-day vulnerability has been publicly posted which affects older versions of the Parallels Plesk software. The author of the exploit included an informational text file, which appears to indicate public servers have already been exploited. This vulnerability does not affect the latest major version of the software; nevertheless we expect to see widespread exploitation, due to the age of the affected versions — sites still running these versions of Plesk, which should enter End of Life of June 9, are unlikely to be regularly maintained.

plesk_2_1  Read More »

Tags: , , , ,

Why I love working trade shows like Microsoft TechEd for Cisco

June 5, 2013 at 7:19 am PST

I have lost count of the number of trade shows I’ve worked over my career. But working trade shows for Cisco over the past 14 months has been a uniquely positive experience. Microsoft TechEd North America 2013 makes my 5th show evangelizing Cisco UCS and our solutions.

I have been able to have long (sometimes up to 45 minutes) conversations with potential customers who have heard about UCS and want to learn more. Their reactions on how Cisco does it differently from others in the industry is an eye-opener for them – whether it the technology or the economics of the solution. They all walk away saying they are going to have to dig deeper into our solutions and contact their account team / partner.

It has become almost embarrassing the amount of praise our current customers heap on us when they come by the booth. Embarrassing because I’m just a very small part of what makes UCS successful; Cisco has a very strong team behind UCS and I wish they all could hear the great things the customers are saying about their experiences.

There are still two days left to stop by the Cisco booth and learn about:

  • UCS
  • UCS Solutions FlexPod, VSPEX, Exchange, SQL Server
  • UCS Manager
  • Nexus 1000V
  • VM FEX
  • Cisco Email Security

CiscoUCS_MSTechEd_Small

Tags: , , , , , , , , ,

Securing the Internet of Everything: An Architectural View

As a follow up to my introductory blog on Securing the Internet of Everything, I would like to discuss further the security implications that will comprise proposed framework. As the applications of the IoT/M2M affect our daily lives, whether it is in the Industrial Control, Transportation, Smartgrid or Healthcare, it becomes imperative to ensure a secure IoT/M2M system. As the use of IP networks are employed, IoT/M2M applications have already become a target for attacks that will continue to grow in both quantity and sophistication. Both the scale and context of the IoT/M2M make it a compelling target for those who would do harm to companies, organizations, nations, and people.

The targets are abundant and cover many different industry segments. The potential impact spans from minor irritant to grave and significant damage and loss of life. The threats in this environment can be similarly categorized as those in the traditional IT environments. It’s useful to consider general platform architecture when discussing IoT security challenges. Below is the platform architecture that uses to frame IoT/M2M discussions.

While many existing security technologies and solutions can be leveraged across this architecture, perhaps especially across the Core and Data Center Cloud layers, there are unique challenges for the IoT. The nature of the endpoints and the sheer scale of aggregation in the data center require special attention.

The architecture is composed of four similar layers to those described in general network architectures. The first layer of the IoT/M2M architecture is comprised of Read More »

Tags: , , , , , , , , , , , ,