Cisco Blogs

Cisco Blog > Open at Cisco

My Top 7 Predictions for Open Source in 2014

My 2014 predictions are finally complete.  If Open Source equals collaboration or credibility, 2013 has been nothing short of spectacular.  As an eternal optimist, I believe 2014 will be even better:

  1. Big data’s biggest play will be in meatspace, not cyberspace.  There is just so much data we produce and give away, great opportunity for analytics in the real world.
  2. Privacy and security will become ever more important, particularly using Open Source, not closed. Paradoxically, this is actually good news as Open Source shows us again, transparency wins and just as we see in biological systems, the most robust mechanisms do so with fewer secrets than we think.
  3. The rise of “fog” computing as a consequence of the Internet of Things (IoT) will unfortunately be driven by fashion for now (wearable computers), it will make us think again what have we done to give up our data and start reading #1 and #2 above with a different and more open mind. Again!
  4. Virtualization will enter the biggest year yet in networking.  Just like the hypervisor rode Moore’s Law in server virtualization and found a neat application in #2 above, a different breed of projects like OpenDaylight will emerge. But the drama is a bit more challenging because the network scales very differently than CPU and memory, it is a much more challenging problem. Thus, networking vendors embracing Open Source may fare well.
  5. Those that didn’t quite “get” Open Source as the ultimate development model will re-discover it as Inner Source (ACM, April 1999), as the only long-term viable development model.  Or so they think, as the glamor of new-style Open Source projects (OpenStack, OpenDaylight, AllSeen) with big budgets, big marketing, big drama, may in fact be too seductive.  Only those that truly understand the two key things that make an Open Source project successful will endure.
  6. AI recently morphed will make a comeback, not just robotics, but something different AI did not anticipate a generation ago, something one calls cognitive computing, perhaps indeed the third era in computing!  The story of Watson going beyond obliterating Jeopardy contestants, looking to open up and find commercial applications, is a truly remarkable thing to observe in our lifespan.  This may in fact be a much more noble use of big data analytics (and other key Open Source projects) than #1 above. But can it exist without it?
  7. Finally, Gen Z developers discover Open Source and embrace it just like their Millennials (Gen Y) predecessors. The level of sophistication and interaction rises and projects ranging from Bitcoin to qCraft become intriguing, presenting a different kind of challenge.  More importantly, the previous generation can now begin to relax knowing the gap is closing, the ultimate development model is in good hands, and can begin to give back more than ever before. Ah, the beauty of Open Source…

Tags: , , , , , , , , , , , , , , , , , , , , , , ,

Cisco 2014 Annual Security Report: Threat Intelligence Offers View into Network Compromises

Thanks to extensive detection telemetry and analytics, we have a clear view into the attackers and malicious actors that are infiltrating Internet infrastructure and using trusted applications as a foothold for gaining access to networks. As explained in the Cisco 2014 Annual Security Report, online criminals continue to develop more sophisticated methods for breaching security protections—all of which require extra vigilance and a holistic view of threats and how they’re managed.

Perhaps the trend of most concern is malicious actors’ ability to gain access to web hosting servers, nameservers, and data centers, and using their processing power and bandwidth to launch far larger exploits and attacks. This is sobering, because it means that now the very foundations of the Internet are at risk of exploitation. The 2013 DarkLeech attack demonstrates how the compromise of hosting servers can help attackers gather the resources they need for a much larger campaign: In this case, servers were compromised worldwide, allowing the perpetrators to take over 20,000 legitimate websites.

The broad reach of this malicious behavior and resulting compromises can be seen in the results of Cisco’s examination of Domain Name Service (DNS) lookups originating from inside corporate networks, as detailed in the Cisco 2014 Annual Security Report.

Cisco threat intelligence experts found that 100 percent of the business networks analyzed had traffic going to websites that host malware, while 92 percent show traffic to webpages without content, which typically host malicious activity. Ninety-six percent of the networks reviewed showed traffic to hijacked servers. The pervasiveness of malicious traffic indicates that organizations need to monitor network traffic closely (and continuously) for possible indicators of compromise.

Some of the most tenacious players in the network compromise game are launching targeted attacks, which are proving very difficult for organizations to oust from their networks. These attacks are persistent and disruptive, threatening the security of intellectual property, customer data, and other sensitive information. As a guide to understanding targeted attacks, the Cisco 2014 Annual Security Report offers insights on the “attack chain”—that is, the events that lead to and through the stages of such attacks, as seen in the graphic below:


The bottom line is that IT security professionals need to think like attackers and understand the methods and approaches they use to execute their missions.

The Cisco 2014 Annual Security Report has many more findings on security threats, gleaned from Cisco research and observations—including updates on mitigating Java exploits, threats observed in mobile device use, and the status of threats and vulnerabilities reported by Cisco. You’ll find it a valuable resource as you prepare to understand security challenges in the year ahead.

Tags: , , , ,

AutoGuard: Keeping your Car Safe from Hacks

Like everything else in the forthcoming Internet of Everything era, cars, which today already rely heavily on digitized systems, are well on their way to connectivity with their surroundings. This is a welcome development. Already we have Bluetooth (radio to cellular) to help us speak hands-free while driving and GPS to keep from getting lost. In the near future, two communicative cars on a collision course could take preventative measures to avoid a crash. So the future looks bright. Our cars are essentially mobile computers on wheels, and our driving experience will be richer and safer as a result.


But there is a danger lurking, and it can’t be ignored. Think about the early days of networked computers. As long as computers were networked only with one another, there was little to threaten their security. But once computers connected to the Internet on a large scale, viruses, Trojans, and all sorts of nastiness were introduced into the world. These threats are manageable, but they do need to be managed.

Car networks are Read More »

Tags: , , , ,

Tackling the Cybersecurity Skills Gap

The demand for skilled IT security professionals is growing everyday in both the private and public sector, and much of today’s security training is dangerously out of step with current threats.

A recent Ponemon Cyber Attack study found that cyber crime was up 78% in 2013 vs. 2012, with resolution and recovery time more than doubling over the past year, costing organizations tens of millions of dollars annually.

Read More »

Tags: , , , , , ,

Bridging the Looming Global IT Security Professional Shortage

I must admit that I recorded the accompanying video blog post before I had a chance to read the 2014 Cisco Annual Security Report (CASR), but this time slip on my part sets up a now-more-than-ever situation for what I’m about to tell you. The CASR projects 500,000 to 1,000,000 person global shortage in the number of IT security professionals that public and private sector organizations will need to cope with the security challenges of the foreseeable future. Yikes!

How will societies around the world bridge this gap? Technical schools and universities can train new people, but that’s going to take time for them to respond to demand, much less do the actual training. Public and private organizations can also recruit existing security professionals, but this can quickly turn into a bidding war for talent. I can also project increased demand for outsourced security services, but many of the supply and demand dynamics will apply here as with recruiting from the pool of established experts. Read More »

Tags: , , ,