Last week my colleagues and I were excited to deliver a 4-hour lab on IPv6 Security at Cisco Live London 2013. The training enabled students to correctly identify, classify, and deter or prevent the nefarious IPv6-specific behaviors. They did so by configuring network threat defense, countermeasures, and controls that were implemented and deployed on infrastructure devices as well as validate their effectiveness. Some of the nefarious behaviors included IPv6 spoofing, using IPv6 in IPv4 tunneling to bypass, and DDoS using IPv6 packets. This IPv6 security training was first delivered at Cisco Live USA 2012, where 19 students participated in the class. At Cisco Live London, we welcomed 21 Cisco Customers, giving them access to our lab-hosted equipment to practice and complete tasks covered during class. What follows are some key observations about our training in London as compared to our training in the U.S.: Read More »
A few months ago we published a technical white paper explaining how we measure the performance of Cisco IPS sensors. The idea was to give Cisco IPS customers insight into the work that goes into producing the performance numbers that are recorded in a data sheet, with the ultimate goal of helping customers deploy the correct IPS appliance for their environment. We have now followed up the performance work with a paper describing how we test the effectiveness of our IPS product line.
Ask the DC Security Expert: Three things to know about data center firewall application visibility and control
I recently interviewed Mike Geller, a 15-year Cisco veteran and a security architect, who focuses on securing infrastructure, devices, and services delivered by service and cloud providers to governments, enterprises, and end users. I asked Mike to discuss three key feature sets that firewalls should have today to enable users to securely access the applications in the data center. This topic is very timely as application control is quite the “in vogue” topic.
#1: Network Integration
Mike takes the position that security is an attribute of the network versus a siloed, bolt-on element. With applications delivered from a combination of the cloud, service provider or hosted data center (the on premise data center at the enterprise or the mobile endpoint), security is pervasive across all domains. Integrating security into the network fabric that is used to deliver key business applications is the only way to offer services at the size and scale of today and tomorrow. How do you approach full integration of security? Let’s break it down. Read More »
It’s a router. No, it’s a firewall. No, it’s unified threat management. It’s … the new Cisco ISA500.
We hear a lot lately about how many mobile devices are connecting to the internet. And, with today’s BYOD (Bring Your Own Device) trend, more employees are wanting to use their preferred devices. They’re also wanting flexibility with where they work. We’re in a new work world, where mobility is the name of the game, and security is the game controller that determines who will have the advantage. Enter: The new Cisco ISA500.
As a recent infographic from research and industry analyst firm Techaisle shows, 61 percent of SMBs in North America allow BYOD; and 53 percent expect productivity improvement. But for those two things to happen together successfully, there needs to be strong security in place. This becomes especially important given that we’re seeing an uptick in the number of SMBs targeted for cyberattacks and the number of employees engaging in risky behavior when accessing the web.
So when Cisco looks at these challenges, we focus on three key things: safeguarding outside threats that can bring down the network, the ability for employees to securely access information, and a simple way to manage it all. The Cisco ISA500 helps customers do exactly that, by acting as a highly sophisticated router, firewall, and unified threat management in one device. Not only did it win “Outstanding Hardware Solution” at IT Nation, it’s also getting a lot of praise from our partners.
We sat down with David Lawrence, president of Smart Technology Enablers, who talked about his views of this offering. Take a look at what he had to say.
If you’d like to learn more about Cisco small business products, please visit www.cisco.com/go/smb. And to learn more about responsive, proactive support options that Cisco Services offers to help keep your small business network running smoothly, click here.
At Cisco Live London, one of my data center theater presentations will focus on the benefits of a context-aware and adaptive security strategy. This approach helps accelerate the adoption of virtualization and cloud, which traditional static security models often inhibit. Context-based approaches factor in identity, application, location, device, and time along additional security intelligence such as real-time global threat feeds for more accurate security access decisions.
Neil MacDonald, vice president, distinguished analyst, and Gartner Fellow in Gartner Research has been advocating the benefits of a context-based approach now for some years as outlined in his Gartner blog. Not only does he say that by 2015, 90 percent of enterprise security solutions will be context-aware but in cloud computing environments where IT increasingly doesn’t own key IT stack elements, having additional context at the point of security decision leads to better decisions with risk prioritization and business factors accounted for. Neil MacDonald also co-authored a report, “Emerging Technology Analysis: Cloud-based Reputation Services,” which highlights the value of cloud-based threat intelligence in enabling secure cloud adoption.