It was a dark, cold, and scary night when I returned from dinner with friends and noticed that my mobile phone was missing. It had corporate sensitive data such as emails, calendar events, and documents, as well as personal data (including pictures, videos and other documents). Well, let me be honest with you, I didn’t really lose my phone. However, many cell phones, tablets, and other gadgets are lost or stolen on a daily basis. The problem of stolen mobile devices is huge. According to a report from the Federal Communications Commission (FCC) earlier this year, about 40 percent of robberies in Washington, D.C., New York, and other major cities now involve mobile devices. The FCC has teamed up with the nation’s top wireless carriers, including AT&T, Verizon, T-Mobile, and Sprint, to develop a database of stolen mobile devices.
Allowing employees to access corporate email, critical business applications and data makes workers more productive and effective. Finding just the right balance when allowing easy access to the applications that users need to be more productive, while maintaining the integrity and security of enterprise resources, will give your organization a competitive advantage.
Stolen and lost devices are among the many challenges of mobile device security.
Professional services, Consultancy Services, Advanced Services -- call them what you will. I can hear you say: “On No! Complexity”. “Now I need to work a Statement of Work”. “I need help to get my project on time, can’t this get easier?” “I need to get my legal contracts team involved.” “Why can’t you just tell me a price?”
Common reactions from some of you who will engage any (and I mean any, not just Cisco!) professional services organization (for example, Cisco Services or one of our many partners) to help bring additional experience, expertise and resources to your projects. The good news is, where appropriate to your requirements, this complexity has been substantially reduced, with Fixed Price services from Cisco, available now for many of our most popular products and solutions.
I will confess: this is not new – in fact we (quietly) first released such Fixed Price services back in 2009, to support the Cisco Unified Computing System deployments! – and if we’re honest, we’ve not talked much about them and how successful they’ve become, with many, many customers taking advantage of these quick-to-engage expert services.
One of the greatest threats to Internet service is Distributed Denial of Service (DDoS) attacks which can paralyze ISPs and disrupt traffic to and from targeted websites. For years now, DDoS attacks have dropped down the IT security priority list as topics such as IP theft took center stage.
Recently however, DDoS attacks targeting organizations of all types have sharply increased. Afflicted organizations had daily operations disrupted and servers compromised, with attacks increasing in sophistication and damage impact. The next waves of attacks will likely be even more complex and damaging.
The DDoS revival reminds us that as threats continue to evolve, organizations must strengthen their security infrastructure and management practices to improve the timeliness and effectiveness of incident response.
I pulled some workshop hosting duty trying to fill Jimmy Ray’s big orange shoes this morning. The subject is a great one -- Intrusion Prevention in the Data Center with an incredibly sharp engineer, Stijn Vanveerdeghem. Stijn is one of those crazy smart security guys down in Austin, TX as he works with a bunch of old friends from the team of IDS experts we have there.
So much emphasis on the data center these days for obvious reasons and it makes sense that anytime we consolidate something valuable -- there is going to be an increase in creativity for how to get to it when your not supposed to.
We do these workshops as part of our TechWiseTV shows for their interactivity and the difference in the depth we can achieve. A number of references were made as to other resources, shows we have done as well as published papers and studies. I have included all the links we brought up below.
We often hear about a dramatic class of vulnerabilities referred to as “zero-days” or “0 days,” “0-days,” or “0days” which can be pronounced as “zero days” or “oh days.” I have seen a number of email threads and blog posts lately that seem to refer to vulnerabilities in this class in varying and vastly different ways. This caused me to ask myself: what exactly is a zero-day vulnerability?
Emotion around zero-days can be high. This is predominantly because vulnerabilities with this label are perceived to be of greater impact and urgency. That is often correct and fair. However, there is at least one other reason for heightened energy around these issues: many teams and organizations have special service level agreements or informal expectations levied upon them in “outbreak” or “zero-day” scenarios. Imprecise use of the zero-day label can mix with these expectations to needlessly increase the urgency—and corresponding organizational disruption—of a vulnerability in these situations.
So what are the critical characteristics that set apart a zero-day from another, seemingly important and urgent vulnerability? In my opinion there are three characteristics that have garnered these vulnerabilities the urgency they hold; and if any one of these is not present the vulnerability it is not a zero-day.