Led by Cisco’s Veterans Enablement and Troop Support ERO, four sites — San Jose, Ohio, Herndon and Research Triangle Park — held Cisco’s annual Memorial Care Package Drive in honor of Major John D. Gerrie, United States Air Force (USAF).
Major Gerrie lost his life January 16, 2016 supporting Operation Freedom’s Sentinel. His spouse, Amy, is a Cisco Business Development Manager and lives in Richardson, Texas with her three children. Cisco volunteers have been supporting Cisco’s Care Package Drive for 10 years, since 2006.
The VETS ERO volunteers assemble care packages supplying snacks, entertainment and hygiene items for US military members deployed overseas. Each care package box weighs about 20 pounds and contains a short note saying where the packages are from and the purpose of the drive.
The VETS ERO team in San Jose enjoyed assembling care packages for military members overseas (Photo Credit: Ken Estep)
This year, volunteers shipped 276 packages to the soldiers serving in remote locations. In addition, the Care Package Drive at the RTP location raised over $1,600 in donations and volunteer hour matches for the Military Mission in Action non profit organization.
Besides the camaraderie shared by our VETS ERO volunteers on this project, the real satisfaction was embodied in a tribute from an Air Force Master Sergeant’s note of thanks saying, “Wow, each box was a little slice of heaven and his troops were overwhelmed with respect for an organization that cares so much about the troops that still serve.”
Congratulations to all the VETS ERO members and supporters who participated in the 2016 Care Package Drive.
Learn more about Cisco Corporate Social Responsibility’s Veterans Program today!
A new approach to segmentation that simply delivers more
Network segmentation has been around for quite a while as a way to isolate environments and critical systems to secure data and IT assets. Recent breaches have highlighted the value of segmentation in reducing the attack surface and preventing the lateral movement of targeted malware. But traditional approaches to segmentation are difficult to manage and don’t give you the dynamic, granular control to contain these attacks sooner, particularly as your environment, devices, and user roles expand or change.
Cisco TrustSec technology provides software-defined segmentation to simplify segmentation from the hybrid cloud or data center all the way to the user and device level so you can do a number of things:
Restrict the lateral movement of malware, which is critical for dealing with ransomware
Maintain consistent segmentation (security policy) even as your environment evolves
Assist in meeting compliance goals
Manage IoT proliferation
Simplify security operations
It reminds me of a Swiss Army knife – so many capabilities in one elegant package, the essence of efficiency and effectiveness.
Cisco TrustSec is embedded technology in Cisco switches, routers, and wireless and security devices. These TrustSec-capable network devices can deliver segmentation without requiring VLANs or IP address-based access control lists (ACLs). Systems are classified and assigned to logical groups called Security Groups. A Security Group Tag (SGT) is assigned to each endpoint and the network devices use the SGT to download segmentation policies from Cisco’s Identity Services Engine (ISE). Independent of an IP address or the topology of the network, policies are based on the endpoint and role.
This ability to implement and change segmentation patterns without reconfiguring network devices or redesigning the network is the essence of software-defined segmentation.
An example from the medical field shows the simplicity and extent of capabilities in Cisco TrustSec. Most hospital environments are highly complex and fluid. A typical X-ray room includes several different endpoints — control heads in readers that are IP-enabled, technician reader stations (typically a Windows-based PC) that can move from room to room, and a cache server that stores high-definition images locally and converts them to digital format before sending them to the data center for physician access. The number of endpoints rises dramatically in MRI or CT scanning rooms and in operating theaters.
Gaining visibility and control over all these endpoints, amplified by the fact that doctors, staff, students (in the case of teaching hospitals), patients and medical equipment share the same network, can present serious risk. Malware and other threats are difficult to contain, and ensuring compliance with HIPAA regulations on a continual basis is a significant challenge.
Cisco TrustSec decouples security rules from the IP network design and the network topology. Defining policies using logical tags means that system access does not depend on an IP address or VLAN and can be dynamically changed transparently to the endpoint. Policies work independently of the network location and are managed centrally. TrustSec-enabled devices download only policies they need. In the case of malware, based on Indications of Compromise (IoCs), group tags can be instantly changed and pushed to TrustSec-enabled devices to contain threats. Meeting compliance requirements and undertaking audits are easier too because policies are based on meaningful groups that are easy to understand and manage.
Any industry that deals with a range of devices (many that don’t even look like computers), a variety of users (partners, contractors, guests), mobility, and compliance shares similar challenges. Just like a Swiss Army knife that’s equipped to help you tackle a variety of situations and needs – there’s a model with 19 tools and 33 functions! – Cisco TrustSec offers a new approach to segmentation that’s efficient and more effective. It can’t help you open a bottle of wine or scale a fish, but it can make it a lot easier for you to relax and enjoy a nice meal knowing you’ve got software-defined segmentation at work for you.
The recent discovery of Wekby and Point of Sale malware using DNS requests as a command and control channel highlights the need to consider DNS as a potentially malicious channel. Although a skilled analyst may be able to quickly spot unusual activity because they are familiar with their organisation’s normal DNS activity, manually reviewing DNS logs is typically time consuming and tedious. In an environment where it might be unclear what malicious DNS traffic looks like, how can we identify malicious DNS requests?
We all have subconscious mental models that shape our perceptions of the environment and help us to identify the unusual. An outlandish or unusual happening in the local neighbourhood piques our curiosity and make us want to find out what is going on. We compare our expectations of normality with our observations, if the two don’t match we want to know why. A similar approach can be applied to DNS logs. If we can construct a baseline or model of ‘normality’ we can compare our observations to the model and spot if reality as we see it, is wildly different from that which we would expect.
With the announcement of the Cisco Solution for LoRAWAN™, Service Providers have an integrated solution that enables them to extend their network reach to where they’ve never gone before – i.e., offering IoT services for devices and sensors that are battery powered, have low data rates and long distance communications requirements. The solution opens new markets and new revenue streams for Service Providers, and can be deployed in a wide range of use cases in Industrial IoT and Smart City applications such as:
Asset Tracking and Management
Logistics
Smart Cities (e.g., smart parking, street lighting, waste management, etc.)
Intelligent buildings
Utilities (e.g., water and gas metering)
Agriculture (e.g., soil, irrigation management)
Our Cisco Mobile Visual Networking Index estimates that while LoRa is in its early stages now, these types of Low Power Wide Area connectivity means will quickly gain traction and that by 2020, there will be more than 860 million devices using it to connect. One of the reasons for such forecasted aggressive adoption, especially in North America and Western Europe, is that LoRa® works over readily available unlicensed spectrum. Cisco is a founding Board member of the LoRa® Alliance formed in January, 2015, with a goal to standardize LPWA Networks in order to stimulate the growth of Internet of Things (IoT) applications.
Cisco has been working with a number of Mobile Operators who are trialing and deploying LoRa® networks to target new low-power consumption IoT services such as metering, location tracking and monitoring services. Many Mobile Operators are looking at LoRa® as complementary to NarrowBand IOT (NB-IOT), an upgrade to current mobile networks that drops the transmit power and data rates of the LTE standard to increase battery life. As NB-IOT networks, devices, and ecosystems will not be commercialized until 2017, LoRa® gives Operators (and all SPs, in fact) a way to gain a head-start on offering new IoT services based on various new low cost business models.
Cisco’s approach to IoT is to deliver integrated solutions that enable SPs to support different class of services aligned with specific pricing models across unlicensed (Wi-Fi, LoRa) and licensed (2G/3G/LTE, and soon, NB-IoT) radio spectrum as demanded by the IoT application. Our multi-access network strategy for IoT is complemented by the Cisco Ultra Services Platform (USP) – our comprehensive, virtualized services core, which includes mobile packet core, policy and services functions. Cisco USP delivers the scalability and flexibility that Operators focusing on IoT need as more and varied “things” get connected to their networks.
Cisco continues to integrate and evolve solutions such as LoraWAN™ to help Service Providers of all types capitalize on new IoT opportunities and transform into next-generation IoT Service Providers.
You can learn more about the new Cisco solution for LoRaWAN™ here.
Here at MWC Shanghai there is a lot of talk about the Digital Transformation, and the impact on Service Providers. Let me share some of the discussions and my perspectives on what it all means for the evolution of Mobile networks.
Global Digitization
The evolution of the internet and the resulting global digitalization, has had an enormous impact on the telecoms industry. Starting with the digitalization of information with email, the Web and search, allowing people to connect in real-time. Then businesses digitalized their processes and built a networked economy, enabling “start-up” innovation to flourish with global impact.
Now we are in the age of digitalized business and social interactions, it’s mobile, social, video rich and cloud enabled. Global “over-the-top” (OTT) ecosystems have formed, allowing highly personalized services and content with mass appeal. This digital age has transformed many industries such-as the media, entertainment as well as telecommunications.
This transformation is far from over however, in fact the biggest business and societal impact may still be to come with the connecting of not just people, but also the billions of “things” that make up our food chain, supply chain and environment we live in. The potential of digitizing the world is immense, creating process efficiencies by linking supply and demand, cause and effect in real-time.
The Evolution of the Internet
Telecom Transitions
Through this period, Telcos have had to navigate a number of transitions. The rapid growth in mobile devices and dramatic growth in traffic drives network investment, yet the creation of global OTT eco-systems, with radically different business models, has led to eroding revenues from traditional voice and messaging services. Telcos are looking to build new business models; monetizing information not connectivity, enabling businesses not just communications. They are also looking for new markets to address and value to extract from their networks.
Telcos need to capitalize on their core competence and look for new ways to increase the return on investment in their network infrastructure.
We just released a white paper from IDC that shows how new solutions for mobile networks can impact operator costs. Yes, virtualization does make a difference, no doubt. However, IDC broke new ground by analyzing the benefits that 5G innovations can deliver to mobile operators, as well. IDC found that a 5G-ready virtualized mobile core network could save 50% more than virtualization alone over five years. The key advantage comes from deploying a distributed architecture with control and user plane separation (CUPS). In addition, that same environment could reduce the time to introduce certain new services by 67% or more.
The white paper also discusses the market dynamics that make moving to software an imperative. Mobile operators need to compete more effectively with non-traditional service providers. They also must find opportunities to grow revenues faster than the 2% CAGR forecast for today’s core services. Moving to software, virtualization, and 5G innovations positions operators to succeed. These technologies provide elastic capacity that scales up and down with network demands automatically. The flexibility and intelligence they bring make it much simpler to add new functions and to create new services quickly. These resilient services can even heal themselves.
IDC took a fresh approach to studying this topic. IDC interviewed a number of mobile operators to learn about their experiences with and priorities for network virtualization. IDC also evaluated how a 5G-like distributed architecture might impact mobile network operations. With these insights, IDC developed a real-world scenario to model, where the efficiencies grow over time and don’t start at 100% on day one. In the model, benefits increase as MNOs extend network changes further and optimize them. For example, annual savings from 5G innovations expand each year until they are 80% greater than vEPC alone in 2020. This approach differs from many analyses that take one use case and make a simple comparison between solution A and solution B. Most operators will not have the luxury of such a greenfield deployment. IDC even highlights how they need solutions that give them choices in how to leverage their existing mobile network assets as they move into the virtualized, 5G world.
What does the study mean for Cisco and how we can best help you, our mobile service provider customers? Our Open Network Architecture lets you combine hardware based and software based assets to create a single easy to use architecture powered by SDN. We give you maximum flexibility to transform your networks in the manner and at the speed that makes sense for you. Network Services Orchestrator can create services using network functions that are physical, virtual, or combinations of both. This makes integrating with and migrating from current assets seamless. Cisco NFV Infrastructure provides a pre-integrated, optimized platform on which to run your NFV solutions.
Cisco Ultra Services Platform is the core of the Cisco offer for mobile networks. You can implement a full set of EPC functions. You can co-locate these functions or distribute them where they fit your network best. Cisco Ultra also delivers today the CUPS capability you need for your 5G future. You can separate the control functions of a PGW from its user plane functions. This allows you to control your PGW user plane from a small set of core locations while putting the data handling functions of the PGW in places closer to your UEs to help you optimize your network and your customer experience. A distributed architecture also makes your network more scalable and allows you to roll out new services across a large footprint faster. With Cisco Ultra you also get Gi-LAN services available to distribute along with the user plane – again providing greater flexibility to optimize how you deliver those services.
Even with all of this capability, Cisco Ultra provides an open environment. You can integrate 3rd-party EPC functions and/or Gi-LAN services using ETSI-standard interfaces. You can run it on your choice of NFVi and orchestrate it with your own or another vendor’s solution. You choose the amount of proprietary software you want to create. You decide to what extent you desire a multivendor deployment, as well.
So check out the whitepaper to see IDC’s brand new insights into the benefits 5G innovations can add on top of virtualization. Then check out how Cisco Ultra matches up with the critical difference makers for lowering your costs as you migrate to a more software-based mobile network.
Co-authored by Jeff Reed, SVP of Cisco Enterprise Infrastructure Solutions
Since announcing The Cisco Digital Network Architecture (DNA) in March, it has been generating a great deal of enthusiasm in the networking community. Cisco DNA represents an opportunity for the network to drive digital transformation in your organization and take you on a technology journey that fully embraces virtualization, automation, analytics, and cloud service management – all with openness and extensibility.
It’s not just technology that drives digital transformation – It’s also an organizational and individual journey to build the skills and capabilities to reach the destination – which is why we’re excited to launch the Cisco DNA DevNet community of interest! The Cisco DevNet DNA community is a critical avenue to get the tools, resources, and code you need to build innovative, digital network-enabled solutions. You’ll find an online community with a myriad of resources to support your journey – whether you’re walking through the installation of Python and Git, learning the fundamentals of the APIC-EM APIs, or using sandboxes to test your solutions.
Snapchat. It’s the new shiny social media platform. It has the most marketing-sought-after age group as it’s primary user base (that would be millennials and Gen Z) and it’s all anyone in social media can talk about.
As the social media lead for Cisco’s Talent Brand Team, I know that our team has been talking about it for over a year. How could we take Cisco’s awesome culture to Snapchat while staying true to the platform? How, as a brand, would we take the personal connections with our employees and our technology, and tell the stories with their voice so that we could attract more great employees? This mission has served us so well on other social media channels, like Twitter and Instagram, but Snapchat is like no other social media channel. We didn’t want to be “marketers,” we wanted to be “coworkers.”
Finally, the time for talking had passed. It was time to jump on the Snapchat train, or else watch it leave the station without us.
Our answer was right in front of us.
Snapchat examples from wearecisco and Cisco employees
Through our social media listening, and connections with employees that we’ve made in finding stories for our Life at Cisco blog, we realized that we had some pretty awesome talent brand ambassadors already at our disposal.
So the social team set up a meeting to bring them all together. They were excited just about the meeting – it was a way to connect in person (and on Webex) for the first time with other like-minded individuals. They felt like they were a part of the “inner circle” (they were) and referred to the meeting for weeks as the Cisco Secret Society.
Little did we know at the time, but they became the Kitten Rainbow Unicorns/KRUs – (everything that is awesome about the Internet.) We asked them if they’d like to have the keys to Cisco’s first Snapchat channel, (username wearecisco) to highlight the culture and their voice to the world. They said, “um, YEAH!”
As you might imagine, this was a little bit of a scary proposition, we were innovating in true Cisco fashion, and sometimes, that’s not an easy thing. We realize now we shouldn’t have worried. The wearecisco Snapchat channel is just as awesome as the employees that give us the content for it.
How’d we do it?
Follow us! Snap the Snapcode or search for username wearecisco
We launched the account in May of 2016.
The Talent Brand Social Team manages the account logistics and provides enthusiasm and opportunities. We have a shared calendar where the KRUs can sign up for whatever day/topic they would like. As my manager, Director of Culture and Talent Brand Macy Andrews says all the time: “We didn’t over-engineer what they could post. We let them be them, authentic and raw and wonderful.”
They had to sign Cisco’s employee social media policy and know how Snapchat worked. (We helped with tips and tricks, but we didn’t provide any formal training, as Snapchat isn’t terribly intuitive and it’s a platform where doing it “your own way” is preferred.)
This team self-organized – they talk to each other, hand off Snapchat duties like they’ve been doing it forever, and check in with the social team along the way to make sure they’re “doing it right.” (The answer is always yes, by the way. We couldn’t construct it any better if we tried.)
Executives on wearecisco Snapchat!
While we keep the Snapchat group small to help us manage and insure account security, we have now rolled new Snapchatters into the program. Each month we add a few more people in more geographies (we’ve covered the US, Canada, Israel, UK and Ireland so far) to keep the story fresh.
We’ve also been honored to have Snappers who are located in our San Jose headquarters who have managed to have several of our executives make guest appearances – and were thrilled when both Executive Chairman John Chambers and our CEO Chuck Robbins appeared on the channel with our employees.
How do we know it’s working?
While Snapchat doesn’t have analytics in the traditional social media sense (which is okay with us, because social media folks know that it’s not about the quantity of followers, but it’s also about the quality) we work with an analytics partner to track our success.
We’ve had 600% follower increase week over week since launch. We’ve seen 70-80% rate of story completion (clicking through from start to finish on each story) and our reach continues to grow.
What do our Snapchatters say?
More examples of Snaps from our wearecisco account
Does YOUR company trust you to be their voice??? Mine DOES!! This has been and continues to be one of the best experiences I have had at Cisco and one that I think will be very rare among my peers at companies across the globe. – Stephanie Mosher, Executive Assistant, Cisco Austin
Sharing the Cisco interns has been really fun – they are all super excited to meet who is snapping for Cisco for the day, follow our channel (or tell me how they are already following) and share their excitement to a Cisco employee. – Carla Leigh, HR Manager, Cisco San Jose
Using the WeAreCisco Employee SnapChat account has been an incredibly fun experience and is instrumental in understanding and connecting with fellow colleagues globally. I feel proud that Cisco allows us the opportunity to show off our playful side and why we #LoveWhereYouWork at Cisco! – Rehana Rehman, Business Operations, Cisco San Jose
And those are just a few of the comments we hear!
What does it mean to me?
Working with this group of KRUs has been one of the best experiences of my career. They make my job exciting every day. They make me proud to be a fellow Cisconian. And they make Cisco and Cisco’s Talent Brand look good. Every time I see how they use Snapchat to interpret life at Cisco, I’m left with a huge smile on my face. To honor Cisco’s new brand campaign, I would say there has never been a better time to be a part of the #WeAreCisco tribe.
Vulnerability discovered by Aleksandar Nikolic of Cisco Talos.
Talos is disclosing the presence of CVE-2016-4324 / TALOS-CAN-0126, a Use After Free vulnerability within the RTF parser of LibreOffice. The vulnerability lies in the parsing of documents containing both stylesheet and superscript tokens. A specially crafted RTF document containing both a stylesheet and superscript element causes LibreOffice to access an invalid pointer referencing previously used memory on the heap. By carefully manipulating the contents of the heap, this vulnerability can be able to be used to execute arbitrary code. This vulnerability requires user interaction to open the file
Rich Text Format (RTF) was designed as a cross platform format for interchanging documents. Although the format standard has not evolved since 2008, the format remains widely supported by word processing suites. Attackers have previously exploited RTF parser vulnerabilities in MS Office, and used RTF files as a vector for embedding other malicious objects. Exploiting vulnerabilities such as these requires the user to interact with and open the file in order to trigger the attack. Raising awareness of the existence of vulnerabilities such as these with users can help in reminding people not to open unexpected or suspicious emails or files. Although currently, we have no evidence to suggest that this vulnerability is being exploited in the wild. We recommend that administrators upgrade systems to the latest version of LibreOffice to remove the vulnerability.
